We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Hsbc new secure key - i hate it !!!

1457910

Comments

  • smartiedriver_2
    smartiedriver_2 Posts: 444 Forumite
    PudseyDB wrote: »
    Kind of reassuring to read I'm not the only one moaning about the HSBC secure key. ;) I've had to reset the password 4 times already and consequently dont bother to check my online accounts as much as I used to. In fact I've even found it quicker some days to nip into the branch and use the statement machine there instead!

    If you used it more regularly perhaps you wouldn't forget the PIN code!
    Before you ask, yes, I work for a bank, but no, I didn't get a bonus!
  • smartiedriver_2
    smartiedriver_2 Posts: 444 Forumite
    lindyJ wrote: »
    Activated my husbands stupid key (he's no good with internet banking) and the dam thing locked on me.
    Phoned the helpline, but because I spoke to them before my husband, they promptly locked down his account and said a new key would be sent in 5 working days! That was 8 working days ago.
    This morning he received a letter saying he had to go into the bank with ID to unlock his account. What a load of b******s! And still no sign of the Stupid Key. I am so frustrated I could tear paper!!!

    This is called anti-fraud measures. Designed to protect clients' accounts from dishonest people trying to access accounts. It's not b******s it's a sensible way of protecting accounts!
    Before you ask, yes, I work for a bank, but no, I didn't get a bonus!
  • Plxply
    Plxply Posts: 594 Forumite
    You can't expect the bank to refund any fraud on your account, the complain when they bring in security measures to ensure that said fraud can't occur in the first place. What HSBC has introduced is two factor authentication like many banks, you can read about it here:

    http://en.wikipedia.org/wiki/Two_factor_authentication

    I'm glad they take extra steps to protect my account, although I would like it to be slightly less restrictive, maybe allowing you to only login with a password but then you can only view your statement. But it's up to HSBC how much they allow.
  • davelodwig
    davelodwig Posts: 1 Newbie
    I don't work for a bank, but I do work in IT Systems.

    The little keyfobs / keypads and other devices form part of a two factor authentication designed to protect access to personal data, IE your bank account. While you might find it frustrating to have to use them to log in they do a rather good job of providing a secure and fairly un-guessable authentication system.
    rantopanto wrote: »
    I've just closed my HSBC account because of this and summarised to HSBC customer services why this is.

    People who understand electronic security should realise that our usernames and passwords stored on all the high street banks' servers are protected by several layers of encryption and as such are ridiculously secure. Does anyone know of a case anywhere in the world where hackers have EVER broken into a bank server directly? (don't mention Sony - this was because Sony didnt encrypt their customers details for some reason!) I've used online banking since 2002 and can't remember ever reading such an instance.

    The way fraudsters "hack" your account is if you give out your banking ID and password via a phishing scam. Given that we are told time and again by the banks to NEVER give out your username & password to anyone and that all banks only ask for 4 digits of your PIN when logging in, who's fault is it if you get hacked? Shall we all carry a device to use at ATMs because a few dumb people give their PIN out and then wonder why someone raids their account via an ATM?

    For me, this is to protect stupid people more than anything else and I refuse to 1.) carry this stupid device around with me, 2.) Risk it breaking and not being able to access my money.

    I understand electronic security it's part of my job and I would never assume that just a username and password is secure enough. You know they can brute force a password! Using botnets which is a network of PC's infected with malware without the users knowing crackers wield immense computing power, nets of 50,000 computers are not that uncommon, some nation government supercomputers are not that powerful. with something like that working out your password wouldn't be that hard or take that long. You know with enough time and a set of rainbow tables (pre calculated hashes) for the encryption used the encrypted data can be revealed.

    Seriously why shouldn't banks upgrade their security, if we used the same security technology we used in 2002 then we'd be in a whole heap of trouble right now. We trust the banks to look after our money. Who in their right mind fights that. It's a constant fight to stay ahead of the curve on what the crackers and bad guys are doing. The reason why there possibly hasn't been a reported incident is because the systems guys are constantly tweaking and upgrading the security systems protecting the on-line banking systems.

    Or would you rather just put your money under the mattress?

    Seriously the internet, it's not a lovely fluffy place any more.
  • ashleypride
    ashleypride Posts: 657 Forumite
    Part of the Furniture 500 Posts Combo Breaker
    davelodwig wrote: »
    I understand electronic security it's part of my job and I would never assume that just a username and password is secure enough. You know they can brute force a password!

    No, they cannot brute force the passwords, the banks should (and do) lock out the accounts after several unsuccesful times, and require address validation etc.
    davelodwig wrote: »
    Using botnets which is a network of PC's infected with malware without the users knowing crackers wield immense computing power, nets of 50,000 computers are not that uncommon, some nation government supercomputers are not that powerful. with something like that working out your password wouldn't be that hard or take that long. You know with enough time and a set of rainbow tables (pre calculated hashes) for the encryption used the encrypted data can be revealed.

    How do rainbow tables help exactly? Rainbow tables are only useful if the hacker has the hashes. If the hackers can get the password hashes from HSBC, we can assume they can get the token seeds and offsets
    davelodwig wrote: »
    Seriously why shouldn't banks upgrade their security, if we used the same security technology we used in 2002 then we'd be in a whole heap of trouble right now. We trust the banks to look after our money. Who in their right mind fights that. It's a constant fight to stay ahead of the curve on what the crackers and bad guys are doing. The reason why there possibly hasn't been a reported incident is because the systems guys are constantly tweaking and upgrading the security systems protecting the on-line banking systems.

    HSBA use 2FA to protect against keylogging, or the users being stupid with their username/passwords.
  • markabuckley
    markabuckley Posts: 140 Forumite
    I've mine too - started using it - and I also HATE it

    its a right pain in the neck andI'm considering moving my accounts because of it

    like others I'm now logging onto my online account LESS - so if any problems I'm less likely to spot quickly

    problems I see with it:

    (1) why so many steps ? why the stupid memorable passwords ? why not allow us just to use our previous passcode (which I'd memorised nicely) -along with a hardware device ?

    (2) why all the steps on the hardware device ? I use other "number" security generators - and in those cases you don't have to enter in a pin number, then press green button twice then wait etc etc - why can't it jus display a changing number that you type in ?like most other security devices ?

    (3) I like acccessing my account from other places - and I don'twant to carry around something as large as this - frompoint (2) - it could be FAR FAR smaller without the keypad - which I don't understand is needed

    going to consider my options
    Smile and be happy, things can usually get worse!
  • markabuckley
    markabuckley Posts: 140 Forumite
    as an alternative ... why not have a system that allows you logon WITHOUT the secure key - just to "view" your accounts - ie a mode where you can't transfer/move/make payments etc

    that would at least allow peoplelike me to check your accounts regularly without having to faff around with the hardware key

    then you would just use the hardware device to perform any actions as such

    I've now sent a letter of complaint in - and probably will move my accounts unless something to makeprocess less convoluted happens

    does anyone know what happens on HSBC business accounts now ? because they have an Iphone app... ?
    Smile and be happy, things can usually get worse!
  • kazwookie
    kazwookie Posts: 14,341 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    I got send one yesterday.

    I have activated it, and that is all for now.

    I have read the comments with interest, it remains to be seen how I get on with it!!
    Breast Cancer Now 100 miles October 2022 100 / 100miles
    D- Day 80km June 2024 80/80km (10.06.24 all done)
    Diabetic UK 1 million steps July 2024 to complete by end Sept 2024. 1,001,066/ 1,000,000 (20.09.24 all done)
    Breast Cancer Now 100 miles 1st May 2025 (18.05.2025 all done)
    Diabetic UK 1 million steps July 2025 to complete by end Sept 2025. 1,006,489 / 1,000,000 (10.09.25 all done)
    Breast Cancer Now 100 miles 1st October 2025 82/100
    Sun, Sea
  • Mr_K
    Mr_K Posts: 1,171 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker Car Insurance Carver!
    markabuckley wrote: »
    as an alternative ... why not have a system that allows you logon WITHOUT the secure key - just to "view" your accounts - ie a mode where you can't transfer/move/make payments etc

    that would at least allow peoplelike me to check your accounts regularly without having to faff around with the hardware key

    It's been suggested many times in various threads by anybody with more than 2 brain cells. That's 2 more brain cells than HSBC has. I suspect it might go that way if enough people complain/leave. However for the moment they are complacent and not interested in customer feedback. It would an admission of a c*ck up it they changed it too soon.
  • jjlandlord
    jjlandlord Posts: 5,099 Forumite
    Mr_K wrote: »
    It's been suggested many times in various threads by anybody with more than 2 brain cells. That's 2 more brain cells than HSBC has. I suspect it might go that way if enough people complain/leave. However for the moment they are complacent and not interested in customer feedback. It would an admission of a c*ck up it they changed it too soon.

    I find it extraordinary that people who know nothing about anything on the matter think they can pass judgement on bank security.
    I'm pretty sure the same persons would equally coomplain about lax security should their account be compromised.

    I strongly suspect that all banks will have similar hardware security measures sooner than later, so people leaving HSBC for this reason might find themselves doubly disappointed.
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 352.1K Banking & Borrowing
  • 253.6K Reduce Debt & Boost Income
  • 454.2K Spending & Discounts
  • 245.1K Work, Benefits & Business
  • 600.8K Mortgages, Homes & Bills
  • 177.5K Life & Family
  • 258.9K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture