We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
Santander online banking query
PeskyBlunder
Posts: 147 Forumite
Somehow I've managed to end up with a second Santander online account, despite having used my first one for several years - it was because of a mismatch of personal details when I recently opened an ISA with them.
I've managed to logon and set a new security number (though it never asked my for the temporary password they also sent me) and can see my new ISA. Once I had logged out I received and email reminding me how to logon in future. The confusing thing about this email are steps 4 and5:
4 check your image and word/phrase appear and
5 enter your Password and Security Number
5 enter your Password and Security Number
I've never set an image or word/phrase, and neither does it ask for my password - is this anything to worry about or have they just sent me out of date information?
0
Comments
-
Your point 4 - I would message them, if you have never set one though, are you able to do so?
Your point 5 - I find it weird online that it only asks for user ID and the 5 digit PIN. I much prefer sites that ask for certain characters of your password and I especially don't like ones that restrict you to letters and numbers. That way I can have a 20 character random string that could never be cracked or guessed based on computer tech really for the next 20-50 years, perhaps longerSam Vimes' Boots Theory of Socioeconomic Unfairness:
People are rich because they spend less money. A poor man buys $10 boots that last a season or two before he's walking in wet shoes and has to buy another pair. A rich man buys $50 boots that are made better and give him 10 years of dry feet. The poor man has spent $100 over those 10 years and still has wet feet.
1 -
Santander also make you do a 2FA check the first time you log into a new device, so even though it's only a 5 digit password effectively, there is still at least some additional protection (even if it is SMS-based). If you have issues logging in with the details you have/don't have, then I'd just suggest getting in touch with customer service and ask them for whatever info is missing to let you manage your online banking.Nasqueron said:Your point 4 - I would message them, if you have never set one though, are you able to do so?
Your point 5 - I find it weird online that it only asks for user ID and the 5 digit PIN. I much prefer sites that ask for certain characters of your password and I especially don't like ones that restrict you to letters and numbers. That way I can have a 20 character random string that could never be cracked or guessed based on computer tech really for the next 20-50 years, perhaps longer
And I fully agree about the password restriction stuff. I use a password manager and basically set all my passwords to the absolute longest each website allows. I found one recently that allows 256 character passwords! I immensely dislike websites that limit your length and complexity, especially when they advertise the requirements so I know how to tailor my brute force attempt...1 -
They have sent you outdated information.PeskyBlunder said:I've never set an image or word/phrase, and neither does it ask for my password - is this anything to worry about or have they just sent me out of date information?
0 -
GeoffTF said:
They have sent you outdated information.PeskyBlunder said:I've never set an image or word/phrase, and neither does it ask for my password - is this anything to worry about or have they just sent me out of date information?
Thank you. Totally reassuring, I must say...
0 -
Step 4 was a security feature in the past it has been redundant for sometime now.i quite liked the feature as you selected the image and phrase so when you logged on it confirmed to you that you where on the legitimate site hopefully some agent has selected a old formatted email and sent in error.PeskyBlunder said:Somehow I've managed to end up with a second Santander online account, despite having used my first one for several years - it was because of a mismatch of personal details when I recently opened an ISA with them.I've managed to logon and set a new security number (though it never asked my for the temporary password they also sent me) and can see my new ISA. Once I had logged out I received and email reminding me how to logon in future. The confusing thing about this email are steps 4 and5:4 check your image and word/phrase appear and
5 enter your Password and Security NumberI've never set an image or word/phrase, and neither does it ask for my password - is this anything to worry about or have they just sent me out of date information?
Santander has gone for speed of login and scarfised some security
All that is required is your user ID and you 5 digit security number plus sometimes OTP sent to phone (online banking)
Once app is setup only requires 5 digit security number
0 -
Not all password managers are equalPRAISETHESUN said:
Santander also make you do a 2FA check the first time you log into a new device, so even though it's only a 5 digit password effectively, there is still at least some additional protection (even if it is SMS-based). If you have issues logging in with the details you have/don't have, then I'd just suggest getting in touch with customer service and ask them for whatever info is missing to let you manage your online banking.Nasqueron said:Your point 4 - I would message them, if you have never set one though, are you able to do so?
Your point 5 - I find it weird online that it only asks for user ID and the 5 digit PIN. I much prefer sites that ask for certain characters of your password and I especially don't like ones that restrict you to letters and numbers. That way I can have a 20 character random string that could never be cracked or guessed based on computer tech really for the next 20-50 years, perhaps longer
And I fully agree about the password restriction stuff. I use a password manager and basically set all my passwords to the absolute longest each website allows. I found one recently that allows 256 character passwords! I immensely dislike websites that limit your length and complexity, especially when they advertise the requirements so I know how to tailor my brute force attempt...0 -
Not sure I understand the point you are making there? Features between PWMs of course vary, but the barebones feature of storing and remembering passwords for you is a constant. My point was more aimed at websites artificially limiting password complexity by restricting either the maximum password length (probably the most important factor affecting password strength) and/or the types of characters you can use (eg. alphanumeric only, or only a small subset of special characters).35har1old said:
Not all password managers are equalPRAISETHESUN said:
Santander also make you do a 2FA check the first time you log into a new device, so even though it's only a 5 digit password effectively, there is still at least some additional protection (even if it is SMS-based). If you have issues logging in with the details you have/don't have, then I'd just suggest getting in touch with customer service and ask them for whatever info is missing to let you manage your online banking.Nasqueron said:Your point 4 - I would message them, if you have never set one though, are you able to do so?
Your point 5 - I find it weird online that it only asks for user ID and the 5 digit PIN. I much prefer sites that ask for certain characters of your password and I especially don't like ones that restrict you to letters and numbers. That way I can have a 20 character random string that could never be cracked or guessed based on computer tech really for the next 20-50 years, perhaps longer
And I fully agree about the password restriction stuff. I use a password manager and basically set all my passwords to the absolute longest each website allows. I found one recently that allows 256 character passwords! I immensely dislike websites that limit your length and complexity, especially when they advertise the requirements so I know how to tailor my brute force attempt...0 -
There's one financial institution that I have an account with that has a password length max of 8 characters, numbers and uppercase letters only.PRAISETHESUN said:
Not sure I understand the point you are making there? Features between PWMs of course vary, but the barebones feature of storing and remembering passwords for you is a constant. My point was more aimed at websites artificially limiting password complexity by restricting either the maximum password length (probably the most important factor affecting password strength) and/or the types of characters you can use (eg. alphanumeric only, or only a small subset of special characters).35har1old said:
Not all password managers are equalPRAISETHESUN said:
Santander also make you do a 2FA check the first time you log into a new device, so even though it's only a 5 digit password effectively, there is still at least some additional protection (even if it is SMS-based). If you have issues logging in with the details you have/don't have, then I'd just suggest getting in touch with customer service and ask them for whatever info is missing to let you manage your online banking.Nasqueron said:Your point 4 - I would message them, if you have never set one though, are you able to do so?
Your point 5 - I find it weird online that it only asks for user ID and the 5 digit PIN. I much prefer sites that ask for certain characters of your password and I especially don't like ones that restrict you to letters and numbers. That way I can have a 20 character random string that could never be cracked or guessed based on computer tech really for the next 20-50 years, perhaps longer
And I fully agree about the password restriction stuff. I use a password manager and basically set all my passwords to the absolute longest each website allows. I found one recently that allows 256 character passwords! I immensely dislike websites that limit your length and complexity, especially when they advertise the requirements so I know how to tailor my brute force attempt...1 -
I think Tesco Bank used this feature as well, maybe five years ago?35har1old said:Step 4 was a security feature in the past it has been redundant for sometime now.i quite liked the feature as you selected the image and phrase so when you logged on it confirmed to you that you where on the legitimate site0 -
Doesn't the Barclays app have a user-chosen phrase on it's home page?SacredStephan said:
I think Tesco Bank used this feature as well, maybe five years ago?35har1old said:Step 4 was a security feature in the past it has been redundant for sometime now.i quite liked the feature as you selected the image and phrase so when you logged on it confirmed to you that you where on the legitimate site
Can't check, on different device.0
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.2K Banking & Borrowing
- 252.8K Reduce Debt & Boost Income
- 453.2K Spending & Discounts
- 243.1K Work, Benefits & Business
- 597.5K Mortgages, Homes & Bills
- 176.5K Life & Family
- 256.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards