We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Counterproductive security
andyca
Posts: 163 Forumite
in Credit cards
I have accounts all over the place to get the best deals but because of the ridiculous rules banks are now imposing on the passwords, passcodes, memorable words, usernames, special characters, numbers, capitalization, minimum length, favourite pets, historical figure, colour, fictional character and mothers maiden name etc. I'm sure there is more! It's impossible to remember all my passcodes and passwords. On top of that several are now forcing you to enter just some of the letters/numbers of the above using dropdown boxes which results in you counting letters on your fingers to get to the right one. All this leaves me with three alternatives:
Help! Andyca
- Write all my details on a post it and stick it to my monitor
- Entrust my banking details to a screen scraper such as moneydashboard.com so I only have to remember one set of details
- Or finally accept that almost every time I log in I have to go through a couple of passwords, pin numbers, usernames and secret words in the hope I get it right, and about once a month phone up my bank/card provider and ask for my details to be reset!
Help! Andyca
0
Comments
-
You could close some of the accounts. Otherwise option 3 is best for your own protection. If it was easy to log in, it would also be easy for fraudsters to automate processes for guessing your log-in details.
Who will you expect to re-imburse you for fraudulent transactions on your accounts?
Edit
You could use encrypted files to hold your log-in data. I use Safe House Explorer to encrypt files.
Warning: In the kingdom of the blind, the one-eyed man is king.
0 -
Firest Direct Internet Banking Plus, an encripted spreadsheet & a decent firewall & antivirus works for me.Ethical moneysaver0
-
Consumerist wrote: »option 3 is best for your own protection.
I really don't think this is true, every time I have to phone up my bank/card provider I am put through to a call centre in India or wherever the lowest cost labour market of choice happens to be that week, where I am asked for my personal details by the lowest bidder! Who I fear will pass my details on to the highest bidder to supplement their incomes.0 -
If you don't like the security systems used for internet banking then use branches for your transactions and see how convenient that will be for you.Warning: In the kingdom of the blind, the one-eyed man is king.
0
-
This is my point - it should be easy for the consumer... I just think they have moved beyond secure and into difficult, which results in a reduction in security as everyone will be looking for workarounds. Your simple password on you encrypted spreadsheet can probably be cracked in 10 seconds, but online password entry using SSL and limited retries is much more secure.
Not enabling human error on the banks side gives them security, and means they don't have to pay anyone, online is a win for everyone.
*Just noticed it was realaledrinker that suggested the spreadsheet, but still freeware software is no better than option 2
0 -
Safe House Explorer is 128-bit encrypted and it is free. Simple text files which are in an encrypted folder are as safe as online encryption. But you simply don't seem interested.
Speaking for myself, I prefer as much security as online banking can provide.
If you just want to rant about the situation rather than ask for advice to help you deal with the situation then I can only direct you to the MSE Praise, Vent & Warning Board.Warning: In the kingdom of the blind, the one-eyed man is king.
0 -
This is my point - it should be easy for the consumer... I just think they have moved beyond secure and into difficult, which results in a reduction in security as everyone will be looking for workarounds. Your simple password on you encrypted spreadsheet can probably be cracked in 10 seconds, but online password entry using SSL and limited retries is much more secure.
Not enabling human error on the banks side gives them security, and means they don't have to pay anyone, online is a win for everyone.
*Just noticed it was realaledrinker that suggested the spreadsheet, but still freeware software is no better than option 2
If all that is the case, why is there still a large prevailance of fraud on the internet? Look at the number of spoof bank emails that are sent by scammers. The reason they have high levels of security is not just a cost issue, but reputational. If you constantly had fraud on your account, you would be inclined to change bank and also tell other people about that bank's failures to secure your account.
I agree with Consumerist, if you don't like it call up (not all banks use call centres overseas by the way), use an ATM, mobile phone banking, branch. It is flexible to suit you.Best Regards
zppp 0 -
If all that is the case, why is there still a large prevalence of fraud on the internet? Look at the number of spoof bank emails that are sent by scammers. The reason they have high levels of security is not just a cost issue, but reputational. If you constantly had fraud on your account, you would be inclined to change bank and also tell other people about that bank's failures to secure your account.
This is Phishing and entirely different to password security. The complex passwords actually make phishing easier as users attempt to log in to their account again and again (which is now quite normal to them) while not realizing the website their browser is pointing to is actually halifraud.com instead of halifax.com
I initially started off as a rant but thought actually there may be a good trustworthy solution to this... and you're right I'm not enamored by freeware encryption solutions as they will always have password to open them which can be brute forced and you are trusting the programmers not to have made a mistake or to be fraudsters themselves. Better than the post-it though I admit.0 -
Think we're in an interim phase. None of these systems actually verify that it is the customer who is online. They all rely on something you know that other people don't know.
Compare that with the way I used to do business with regular customers. They ring up, I recognise their voice, we have a chat, "bobs your uncle".
Not sure which it will be - voice recognition, face recognition via webcam, iris scan, fingerprint, RFID chip under skin, DNA scanner .... but something's gotta change.0 -
Safe House also do a paid version with more options available but using the same level of encryption. The choice is yours.
Edit
I also use Rapport (offered free by many banks) to confirm the website. But that will not get round the need to use log-in security.Warning: In the kingdom of the blind, the one-eyed man is king.
0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.1K Banking & Borrowing
- 253.5K Reduce Debt & Boost Income
- 454.2K Spending & Discounts
- 245.1K Work, Benefits & Business
- 600.7K Mortgages, Homes & Bills
- 177.4K Life & Family
- 258.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards