We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Password Tools - Invalidate Banks T's and C's
Comments
-
-
It is unfair, but it perhaps isn't entirely unexpected that a bank would not want to over-complicate their policies for their non-techno savvy call centre staff.Undisputedtruth wrote: »It seems I potentially could be penalised for other people's failure to add layers of security to their password manager. This is unfair.
I don't even think the added layers of security are necessary. It's picking the wrong tool for the job that is the problem, which is why banks need to examine this area and decide which tools they are willing to accept, if any. At the moment, there is no clear position on this from the banks, which means your behaviour may not be differentiated from somebody who uses a password manager with remote data storage.
Completely arbitrary. I was trying to illustrate that an added layer of protection would have a negligible effect on the risk providing the product stored infomation securely in the first place. Added layers of security can't protect the data when you unencrypt it to use it and that's when the data is at risk. I certainly didn't intend for those figures to be interpreted in any absolute sense.The figures you've provided on inherent risks with password managers are they based on factual data by the banking industry/computer security experts or is it an arbitary figure you had plucked from the sky to convey your message?
I think I understand what Stompa was trying to say, which is pretty much what you have said above. These products are not well understood by the front line staff at banks, and some of the things they say suggest as much. I'll leave it for Stompa to further clarify, though.Yes, but Stompa said earlier in the thread that this bank doesn't even know what is keepass. Currently, I suspect there isn't a policy on password managers as the vast majority of banking staff are pretty clueless about them and their benefits. My T&Cs have all stated that I should take precautions to secure my information so I feel using a password manager is justified in this instance. I wouldn't clarify with bank staff whether I'm allowed to use a password manager because I can't rely on their advice on normal financial products at the best of times much less on password managers!
I understand the point you are making - that if you remain honest about your use of Keepass, then you believe in the end justice will prevail and any problems from the bank would be overturned by the Ombudsman, or failing that, the courts. I hope you are right.
However, you need to understand that if for some reason you become the victim of fraud you could be in for a long and painful battle to get your money refunded, the ramifications of which could be very severe depending on your circumstances. I would seriously advise anyone against openly using a password manager without clarification of their banks policy for that reason. The advice may be poor and uninformed, but you'll probably be faced with the same if you have to talk to them about fraud on your account, when you'll be at their mercy for a refund (at least for the first 8 weeks). The alternative option is to keep quiet about it, since it only becomes an issue if the bank finds out.0 -
I was merely suggesting that since CBS stated that by using Keepass you were passing your security details on to a third party, then they didn't understand how the product worked. Would they think the same if you stored your details in a text file created with Notepad?I think I understand what Stompa was trying to say, which is pretty much what you have said above. These products are not well understood by the front line staff at banks, and some of the things they say suggest as much. I'll leave it for Stompa to further clarify, though.Stompa0 -
Perversely, you might have more luck getting a refund for fraud from CBS if you used Notepad instead of Keepass... Although they do also state "Never write all your Security Details in a letter, email, secure message or any other correspondence, and never store your Security Details on a computer."I was merely suggesting that since CBS stated that by using Keepass you were passing your security details on to a third party, then they didn't understand how the product worked. Would they think the same if you stored your details in a text file created with Notepad?0 -
Since they also say: "Try to avoid using the same password over and over again, so try to use different passwords for each website you login to" - I wonder how they expect us to remember them all?Although they do also state "Never write all your Security Details in a letter, email, secure message or any other correspondence, and never store your Security Details on a computer."Stompa0 -
Funnily enough, with the exception of putting the details in a letter or similar, a pen and paper record of the details doesn't seem to be prohibited, though even that isn't explicitly permitted. Of course, in some situations that would be less safe than using a password manager.Since they also say: "Try to avoid using the same password over and over again, so try to use different passwords for each website you login to" - I wonder how they expect us to remember them all?0 -
Funnily enough, with the exception of putting the details in a letter or similar, a pen and paper record of the details doesn't seem to be prohibited, though even that isn't explicitly permitted. Of course, in some situations that would be less safe than using a password manager.
That is where all mine are but I don't write down what they relate to.'Just think for a moment what a prospect that is. A single market without barriers visible or invisible giving you direct and unhindered access to the purchasing power of over 300 million of the worlds wealthiest and most prosperous people' Margaret Thatcher0 -
Since they also say: "Try to avoid using the same password over and over again, so try to use different passwords for each website you login to" - I wonder how they expect us to remember them all?
Apparently if you can remember your password then it's no longer secure!
See here.
They even suggested the use of password managers..:rotfl:0 -
I rather hope that any banks I use won't permit an unimpeded repetitive "guessing" attack though!Undisputedtruth wrote: »Apparently if you can remember your password then it's no longer secure!
See here.
They even suggested the use of password managers..:rotfl:Stompa0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.1K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.2K Spending & Discounts
- 245.1K Work, Benefits & Business
- 600.8K Mortgages, Homes & Bills
- 177.5K Life & Family
- 258.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards