First Direct wants email keyed in for extra protection

Molehusband

DerwentMailman said:

I'm curious as to know how the present system of using OTP codes is being amended to now include having to type in one's email address.  No problem with that.

When you say "type in one's email address", do you mean literally keying in each and every character of the email address on your keyboard? The reason I ask is that when I log into websites (including my bank) I normally copy and paste my login information (eg my email address, passcode etc) without having to type each character individually. This makes log in vastly easier than the pain of manually typing in each character, especially when many of my passcodes may be 25 or more characters.

[Deleted User]

Molehusband said:

DerwentMailman said:

I'm curious as to know how the present system of using OTP codes is being amended to now include having to type in one's email address.  No problem with that.

When you say "type in one's email address", do you mean literally keying in each and every character of the email address on your keyboard? The reason I ask is that when I log into websites (including my bank) I normally copy and paste my login information (eg my email address, passcode etc) without having to type each character individually. This makes log in vastly easier than the pain of manually typing in each character, especially when many of my passcodes may be 25 or more characters.

Short answer is I don't know - yet to see it in action

soulsaver

DerwentMailman said:

Molehusband said:

DerwentMailman said:

I'm curious as to know how the present system of using OTP codes is being amended to now include having to type in one's email address.  No problem with that.

When you say "type in one's email address", do you mean literally keying in each and every character of the email address on your keyboard? The reason I ask is that when I log into websites (including my bank) I normally copy and paste my login information (eg my email address, passcode etc) without having to type each character individually. This makes log in vastly easier than the pain of manually typing in each character, especially when many of my passcodes may be 25 or more characters.

Short answer is I don't know - yet to see it in action

The FD email refers to online card payments - doesn't mention log in.

ETA and refers to using the app if you want to avoid typing your email addy.

Ergates

Molehusband said:

DerwentMailman said:

I'm curious as to know how the present system of using OTP codes is being amended to now include having to type in one's email address.  No problem with that.

When you say "type in one's email address", do you mean literally keying in each and every character of the email address on your keyboard? The reason I ask is that when I log into websites (including my bank) I normally copy and paste my login information (eg my email address, passcode etc) without having to type each character individually. This makes log in vastly easier than the pain of manually typing in each character, especially when many of my passcodes may be 25 or more characters.

If you cut and paste your data in, then this would be your usual pattern of "typing"

Ergates

[Deleted User] said:

Zanderman said:

Have a read of this thread:

https://forums.moneysavingexpert.com/discussion/6326381/tsb-the-unique-way-you-type

Thanks for that link.  Seems like absolute rubbish to me.  My typing is not great and the older I get the more inclined I am to hit the wrong key so have to go back and delete an erroneous keystroke etc

Do you seriously think they've not taken that into account?  Do you not think these systems have been tested with thousands of different people at a wide array of typing ability?

Ergates

It's worth noting that the monitoring of keystrokes is the part they're advertising - because it sounds cool and sci-fi, and it sends out the message that they're constantly updating their security procedures.  Undoubtedly there will be other factors they're monitoring that they're not telling everyone about.

cx6

i suppose it would be easy to tell between someone who types with one finger (like me) and someone who touch types.

[Deleted User]

soulsaver said:

DerwentMailman said:

Molehusband said:

DerwentMailman said:

I'm curious as to know how the present system of using OTP codes is being amended to now include having to type in one's email address.  No problem with that.

When you say "type in one's email address", do you mean literally keying in each and every character of the email address on your keyboard? The reason I ask is that when I log into websites (including my bank) I normally copy and paste my login information (eg my email address, passcode etc) without having to type each character individually. This makes log in vastly easier than the pain of manually typing in each character, especially when many of my passcodes may be 25 or more characters.

Short answer is I don't know - yet to see it in action

The FD email refers to online payments - doesn't mention log in.

ETA and refers to using the app if you want to avoid typing your email addy.

I kind of assumed this was the case as I recently made a BACS transfer online via the FD's secure website so this would be a situation where the new rules would apply.

I just went in online and note the number of different things I need to do before getting into my account

Input Username
Input answer to specific security question
Generate Security code (using a 4 digit pin code input ) via secure key and input this security code
To transfer money out of my account altogether another one-time code generation required.
Sessions time out if not used within x minutes

Is it enough to stop a determined hacker?  Hope so   

[Deleted User]

Ergates said:

[Deleted User] said:

Zanderman said:

Have a read of this thread:

https://forums.moneysavingexpert.com/discussion/6326381/tsb-the-unique-way-you-type

Thanks for that link.  Seems like absolute rubbish to me.  My typing is not great and the older I get the more inclined I am to hit the wrong key so have to go back and delete an erroneous keystroke etc

Do you seriously think they've not taken that into account?  Do you not think these systems have been tested with thousands of different people at a wide array of typing ability?

I sincerely hope that the firm involved has taken this into account.  I hope that these systems have been tested with thousands of different people of different ability.    I hope that FD have also established the need for this extra layer of security.  One assumes that this same technology is going to appear on every kind of financial website such as ISA platforms, HMRC, pensions, shares etc etc.

  

p00hsticks

DerwentMailman said:

Ergates said:

DerwentMailman said:

Zanderman said:

Have a read of this thread:

https://forums.moneysavingexpert.com/discussion/6326381/tsb-the-unique-way-you-type

Thanks for that link.  Seems like absolute rubbish to me.  My typing is not great and the older I get the more inclined I am to hit the wrong key so have to go back and delete an erroneous keystroke etc

Do you seriously think they've not taken that into account?  Do you not think these systems have been tested with thousands of different people at a wide array of typing ability?

  One assumes that this same technology is going to appear on every kind of financial website such as ISA platforms, HMRC, pensions, shares etc etc.

  

Well, in this households experience, HMRC has such strict ID verification to even open a personal tax account online that we're 'digitially excluded' from doing so (no passport, driving licence etc...). Keying in an e-mail address woudl be a doddle in comparison....