📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Santander security login

Options
toolmaker54
toolmaker54 Posts: 50
in Savings & investments
I cannot say I am too impressed with my new online banking security with Santander, you input a membership number then input a five digit passcode, all of which could be logged by a keylogger.

Natwest require 3 random numbers from your pin and 3 random letters/numbers from a password.

Barclays requires membership number then uses drop down boxes for the passcode so no key inputs.

So why does Santander use such a simple method to log on, ok they have a picture and passphase but if you already hacked in with a keylogger, you are in anyway.

Just seems too simple to me.
«1

Comments

  • ThomasGullen
    ThomasGullen Posts: 7
    Do they offer 2 factor auth? If they do, use it.

    It's hillarious how banks generally have the industry worst security practises regarding login/registration:

    - Some limit password length to 12 characters (lol)
    - Sometimes don't allow special characters (lol)
    - The whole secret question/answer thing is the worst security idea ever
  • ColdIron
    ColdIron Posts: 9,848
    Part of the Furniture 1,000 Posts Hung up my suit! Name Dropper
    There have been a few threads on this but Santander also requires an OTP (One Time Passcode) via mobile phone for new payees. I would be more worried if NatWest really required the input, even if partial, of the PIN into an unsecured device such as an ATM or card reader
  • lazer
    lazer Posts: 3,402
    I like Santander - I have the NW card reader and it has stopped working after a only a few months and has been over a week since I ordered a new one and it hasn't arrived yet.
    Weight loss challenge, lose 15lb in 6 weeks before Christmas.
  • innovate
    innovate Posts: 16,217
    10,000 Posts Combo Breaker
    They got replacement readers in Branches, I'm told
  • Gromitt
    Gromitt Posts: 5,063
    toolmaker54 wrote: »
    I cannot say I am too impressed with my new online banking security with Santander, you input a membership number then input a five digit passcode, all of which could be logged by a keylogger.

    For me, they ask:

    Membership number,
    3 random characters from your password
    3 random characters from your security number

    If you setup a new payee (and various other activities such as turning off statements), they send a text message to your phone with a number which has to be entered into the website to confirm the transaction.

    If you have been asked for your details in full then it sounds like you are using a fake site and I would contact your bank asap.
  • lazer
    lazer Posts: 3,402
    innovate wrote: »
    They got replacement readers in Branches, I'm told

    Unfortunately I can't get to a branch as I work office hours
    Weight loss challenge, lose 15lb in 6 weeks before Christmas.
  • ColdIron
    ColdIron Posts: 9,848
    Part of the Furniture 1,000 Posts Hung up my suit! Name Dropper
    My experience of the Santander login is the same as the OPs. Personal ID (can be cached), Passcode and then Registration number, all typed (or copy pasted)
  • brendon
    brendon Posts: 514
    If you have a 10 character password and you are asked for 3 characters from it, you'd only have to log in 4-6 times before an attacker had your entire password. The 3-of-10 passport isn't there to prevent keylogging. It's there to prevent shoulder surfing.
  • Algie
    Algie Posts: 24
    Part of the Furniture 10 Posts Combo Breaker
    The weird thing is that my partner and I each applied for new Santander 123 accounts on the same day. When my partner logs in, he gets asked to key in his passcode and registration number in full, but when I log in I am asked to enter three characters from each of my password and security number. Both accounts have been up and running for a month now and work exactly the same way in all other respects. It just seems strange that there are different security processes for each.
  • Rollinghome
    Rollinghome Posts: 2,729
    Part of the Furniture 1,000 Posts Name Dropper
    edited 4 November 2013 at 5:26PM
    Algie wrote: »
    The weird thing is that my partner and I each applied for new Santander 123 accounts on the same day. When my partner logs in, he gets asked to key in his passcode and registration number in full, but when I log in I am asked to enter three characters from each of my password and security number. Both accounts have been up and running for a month now and work exactly the same way in all other respects. It just seems strange that there are different security processes for each.
    Same here. Mine requires 3 random characters from the pw and code. My wife's, opened three days later requires the full pw and code. The ID nos are very different too. I assumed the accounts were on different servers and they're in the process of migrating to the more secure system.

    I find the Nationwide system the most curious. That asks you login using a card and reader but if "you don't have a card reader handy" you can login just using a short and simple pw and code. Just six lower-case characters are sufficient for the pw. I don't see the point of a having secure card reader system if it can be bypassed at will by anyone who doesn't have the card.
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 351.1K Banking & Borrowing
  • 253.1K Reduce Debt & Boost Income
  • 453.6K Spending & Discounts
  • 244.1K Work, Benefits & Business
  • 599K Mortgages, Homes & Bills
  • 177K Life & Family
  • 257.4K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture