HSBC to introduce Rapport Software.

masonic

glider3560 wrote: »

Technically that doesn't matter as the logon data is sent by POST to a secure page, so the logon is secure.

Actually it does matter because if the login page itself is not secure, then end users will not be able to verify they are on the genuine site until after they submit their details. However, it is possible to force HSBC to use a secure login using https:// instead of http://

Olipro

ChiefGrasscutter wrote: »

Rapport is in effect a keylogger.
It stores your passwords and then has the ability to tell you at a later stage if you use the same password on another site: by comparing it to the previous stored examples.
Clearly the storage of the passwords is subject to strong encryption

Not true at all, there is no need to store passwords using reversible encryption; all it has to do is create a hash of each password you use, hashing is one way

fozmcfc

ERICS_MUM wrote: »

Exactly so for me too - been using it on my Nat West account for about a year now and not had any probs (touch wood :wall:)

Same for me, no problems for the past year or so.

roddydogs

I want to uninstall Rapport as I think its slowing the comp down, it uses a massive amount of CPU.........but I get the "You comp is infected, itll be worse if you uninstal" type stuff..........is this correct.? I of course run the ususal anti spyware stuff regularly.

adindas

Some people are using PC in their work place to access their bank a/c and do various banking activities.

AS usual if you are using your office PC you do not have the admin right to install the program. So I think it is unworkable if there is a mandatory requirement to install this software before you could access your bank a/c.

ADINDAS

olly300

adindas wrote: »

Some people are using PC in their work place to access their bank a/c and do various banking activities.

AS usual if you are using your office PC you do not have the admin right to install the program. So I think it is unworkable if there is a mandatory requirement to install this software before you could access your bank a/c.

It's not mandatory to install the software as you don't need it if you are on linux.

LongTermLurker

ChiefGrasscutter wrote: »

Rapport is in effect a keylogger.
It stores your passwords and then has the ability to tell you at a later stage if you use the same password on another site: by comparing it to the previous stored examples.
Clearly the storage of the passwords is subject to strong encryption however they must be stored somewhere on the PC and the codewords to decrypt them must be somewhere within the Rapport program as the user does not need to enter their own password at any time.
This to me is a keylogger and as such is a program to be avoided at all costs.

That isn't actually accurate. First of all, you are asked if you want to record a particular password, so it's your choice whether to use that specific feature - just one of many features.

Secondly, I imagine (because none of us really know this) that rather than encrypting the passwords to disk, the software hashes it - a technical but important difference. What this means is that you record your password and it performes a mathematical function on it - the result is the hash. Then whenever you enter a password into another password box, it performs the same function; if the hash matches any other hash, it tells you. If this is really how it works, then no decryption takes place; the same hash is performed on two different words at different points in time. Incidentally, hashes are one-way functions, and no-one can reverse engineer a hash to see the password.

I do not know what you mean by "the user does not enter his password at any time". In effect, you're right, it does have key logging functionality but it's doing so with your explicit permission.

As other have said, and it has been discussed extensively on the savings board in the past, if you/your family/other users of the PC have the habit of visiting dogy sites opening suspect email attachments then it is of benefit.

Personally I don't want it.
Then again I've seen the state of other's persons PC with multiple start up errors, unpatched OS system, non updated virus checkers .......and they use this to access online banking! One begins to have sympathy with the banks and one can see why they would want this sort of person to have it.

I've seen a lot of comments against Rapport recently but I think it's a good part of your arsenal - it's like saying you don't need anti virus because you have a firewall, but they are all different technologies that perform different functions. Do you know that the majority of website vulnerabilities relate to "trusted" sites? These days it's not the "dodgy" sites you have to look out for, it's the e-commerce/social networking sites that have been hacked.

I really don't know what people are worried about - it gives me an extra level of confidence in my security.

Mind you, I don't go to "dogy sites" - is that even legal?

LongTermLurker

Olipro wrote: »

Not true at all, there is no need to store passwords using reversible encryption; all it has to do is create a hash of each password you use, hashing is one way

Ah! Didn't read this far before I posted above

LongTermLurker

adindas wrote: »

Some people are using PC in their work place to access their bank a/c and do various banking activities.

AS usual if you are using your office PC you do not have the admin right to install the program. So I think it is unworkable if there is a mandatory requirement to install this software before you could access your bank a/c.

ADINDAS

Does your corporate security policy allow you to access banking and e-commerce sites from work?

[Deleted User]

used it too
dont like it so uninstalled it
uses like 16,000 - 20,000k of mem and it doesnt work on the latest google chrome