We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
MSE News: Bank customers promised access to all their accounts via one app
Comments
-
Thanks, the digital secure key there that uses the mobile phone is relatively new and I didn't remember previously reading about it. It'll presumably be no more secure than any mobile phone application and those tend to be riddled with security holes.
I'd definitely avoid the digital secure key option because it places the key on a high value casual theft target, the phone, so it's very vulnerable to loss in many cases. Better the far lower value dongle that has no resale value so no value to a thief.
Based on their description I'm not sure that the digital secure key option is as secure as the dongle based one. It appears that it'll be vulnerable to a range of phone-based and possibly transport protocol based attacks that just aren't practical with the dongle version.
But how many phone thieves will steal a phone then use it to get into someone's bank account?. I have never heard of this happeningn, ever. The vast majority of phone thieves wouldn't be able to get past a simple pattern screen lock!.
But I would much rather use a phone than a dongle. If my phone goes missing then I would know almost immediately and could then track the phone and erase it if necessary.
If the dongle goes missing I won't know until the next time I went to use it, which could be weeks for my First Direct account. The dongle then couldn't be remotely wiped and I would have to ring First Direct to inform them it was missing.
So I still think the mobile phone is the most secure option.0 -
I mentioned it because it's been used for banking fraud in phone pin setups. You don't need the phone unlock because the SIM card is moved to a new phone with the assistance of an accomplice at the phone shop. The same general sort of thing has been done by calling the company and getting them to authorise the swap.But how many phone thieves will steal a phone then use it to get into someone's bank account?. I have never heard of this happeningn, ever. The vast majority of phone thieves wouldn't be able to get past a simple pattern screen lock!.
This is one reason why it can be useful to use both phone and SIM card locking - the SIM lock makes SIM moving attacks harder. Of course phone companies have also been persuaded to issue new SIMs so this isn't entirely criminal proof either.0 -
Which is part of the reason why the NIST has deprecated SMS-based 2 factor authentication.I mentioned it because it's been used for banking fraud in phone pin setups. You don't need the phone unlock because the SIM card is moved to a new phone with the assistance of an accomplice at the phone shop. The same general sort of thing has been done by calling the company and getting them to authorise the swap.
This is one reason why it can be useful to use both phone and SIM card locking - the SIM lock makes SIM moving attacks harder. Of course phone companies have also been persuaded to issue new SIMs so this isn't entirely criminal proof either.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.9K Banking & Borrowing
- 253.9K Reduce Debt & Boost Income
- 454.7K Spending & Discounts
- 245.9K Work, Benefits & Business
- 602K Mortgages, Homes & Bills
- 177.8K Life & Family
- 259.8K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards