We'd like to remind Forumites to please avoid political debate on the Forum. This is to keep it a safe and useful space for MoneySaving discussions. Threads that are - or become - political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

MSE News: Bank customers promised access to all their accounts via one app

Options
1235»

Comments

  • takman
    takman Posts: 3,876 Forumite
    Combo Breaker First Post
    Options
    jamesd wrote: »
    Thanks, the digital secure key there that uses the mobile phone is relatively new and I didn't remember previously reading about it. It'll presumably be no more secure than any mobile phone application and those tend to be riddled with security holes.

    I'd definitely avoid the digital secure key option because it places the key on a high value casual theft target, the phone, so it's very vulnerable to loss in many cases. Better the far lower value dongle that has no resale value so no value to a thief.

    Based on their description I'm not sure that the digital secure key option is as secure as the dongle based one. It appears that it'll be vulnerable to a range of phone-based and possibly transport protocol based attacks that just aren't practical with the dongle version.

    But how many phone thieves will steal a phone then use it to get into someone's bank account?. I have never heard of this happeningn, ever. The vast majority of phone thieves wouldn't be able to get past a simple pattern screen lock!.

    But I would much rather use a phone than a dongle. If my phone goes missing then I would know almost immediately and could then track the phone and erase it if necessary.
    If the dongle goes missing I won't know until the next time I went to use it, which could be weeks for my First Direct account. The dongle then couldn't be remotely wiped and I would have to ring First Direct to inform them it was missing.

    So I still think the mobile phone is the most secure option.
  • jamesd
    jamesd Posts: 26,103 Forumite
    Name Dropper First Post First Anniversary
    Options
    takman wrote: »
    But how many phone thieves will steal a phone then use it to get into someone's bank account?. I have never heard of this happeningn, ever. The vast majority of phone thieves wouldn't be able to get past a simple pattern screen lock!.
    I mentioned it because it's been used for banking fraud in phone pin setups. You don't need the phone unlock because the SIM card is moved to a new phone with the assistance of an accomplice at the phone shop. The same general sort of thing has been done by calling the company and getting them to authorise the swap.

    This is one reason why it can be useful to use both phone and SIM card locking - the SIM lock makes SIM moving attacks harder. Of course phone companies have also been persuaded to issue new SIMs so this isn't entirely criminal proof either.
  • masonic
    masonic Posts: 23,695 Forumite
    Photogenic Name Dropper First Post First Anniversary
    Options
    jamesd wrote: »
    I mentioned it because it's been used for banking fraud in phone pin setups. You don't need the phone unlock because the SIM card is moved to a new phone with the assistance of an accomplice at the phone shop. The same general sort of thing has been done by calling the company and getting them to authorise the swap.

    This is one reason why it can be useful to use both phone and SIM card locking - the SIM lock makes SIM moving attacks harder. Of course phone companies have also been persuaded to issue new SIMs so this isn't entirely criminal proof either.
    Which is part of the reason why the NIST has deprecated SMS-based 2 factor authentication.
This discussion has been closed.
Meet your Ambassadors

Categories

  • All Categories
  • 344.3K Banking & Borrowing
  • 250.5K Reduce Debt & Boost Income
  • 450.2K Spending & Discounts
  • 236.5K Work, Benefits & Business
  • 610K Mortgages, Homes & Bills
  • 173.6K Life & Family
  • 249.1K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 15.9K Discuss & Feedback
  • 15.1K Coronavirus Support Boards