HiSAVE Term Deposit - Balance goes to ZERO each night!

isofa

Wouldn't touch that with a barge pole, only ever log into your bank with the actual banking site, not another third party bank or website. The second you do that, your security is compromised in some way.

The passwords will be stored somewhere, and for a hacker they will be easy to extract, regardless of no staff actually being able to "see them". Avoid at all costs if you are security conscious.

I imagine any bank would withdraw your internet account access if they knew you were using a third party site or bank to access the system.

From a developer and consultant point of view, if anyone accessed any of my secure systems via a third party, I'd block their access immediately. Online security should be of paramount concern these days.

Completely agree with Steve_xx

gt94sss2

Steve_xx wrote: »

The point is that your login information is stored somewhere remotely.

With these Money Manager programs your information is actually only stored on your local PC - in an encrypted file not remotely.

Regards
Sunil

isofa

Still there must be an automated login procedure to send the local p/w data, via the Money Manager to the actual bank, and it is there where the security risk surely lays?

Steve_xx

gt94sss2 wrote: »

With these Money Manager programs your information is actually only stored on your local PC - in an encrypted file not remotely.

Regards
Sunil

OK I understand what you're saying. However, if you have an Egg account you log on to that and you can then see your other accounts held in alternative banks. Therefore, effectively if you have the password to the Egg account then you automatically have access to the other accounts too. That means then that the risk is increased because there is only one set of passwords to crack to gain access to many accounts.

DocProc

isofa

Hmmm? You have some very strong opinions on, what we can call in general terms, 'Internet Banking'.

Other than a strong negative opinion, which avoids what Egg specifically have to say about Security, namely:

'The safe is a small file (ActiveX component) held on your PC and it's where the security login details for your other bank accounts are stored. Egg never sees your login information.'

An individual and his wife or partener might use a home PC and have as many as ten or even twenty or even more Internet financial accounts.

I wonder if you have got any good ideas on how an average member of the public can easily manage all the information required for his, her or 'the family's' credit card and Internet banking requirements without a properly encrypted tool on a home PC such as the Egg Money Manager?

I suppose you might also be dead against individuals managing Passwords and Usernames with specialised encrypted programs on their home PCs, such as are found on the following site? :-

http://en.wikipedia.org/wiki/Password_manager

My own opinion on the Egg Money Manager and also Password Manager programs, is that there are some secure encrypted versions of these types of things out there. One should research them thoroughly and find one that is personally suitable and properly meets good security criteria and uses encryption. When a download of these types of programs is done, then it should only be done from reputable sites and business.

The prime benefit of having them and using them is that they make the business of doing one's Internet banking checks so very easy. Thus one can do it more frequently and quickly. The benefit of doing that, has to be that one can be quickly aware of any account complications or compromises and can therefore do something about it immediately.

These kinds of programs also negate individuals using of 'bits of paper', 'back of a diary, pet's or children's names, writing things down in an unencrypted way in files, Word documents, Notepad, Excel spread sheets and the like.

A good Password Manager program will even help to generate passwords which have a mixture of uppercase and lower case letters and also numbers and possible even symbols too.

If one didn't use tools such as these, it would take ages to check each of one's credit card or savings account and it would not be practical to do such a thing on a daily basis, let alone say, twice a day.

They also give the benefit of quickly being able to change passwords and login details easily and frequently. Thus if a hacker were to crack a home PC, it would be much quicker and easier to change all of the individual login information in the event of anything suspicious happening.

With Egg's Money Manager on a home PC, you can securely check everything you have, almost at a glance, and certainly in well less than a couple of minutes.

Egg have a Guarantee:

We guarantee to repay you any money that is taken from your Egg account or any third party account aggregated via Egg Money Manager as a result of fraud, unless you have failed to follow our security guidelines and terms and conditions.

Once again, here are their Terms and Conditions on using it:

http://new.egg.com/visitor/0,,3_48817--View_1020,00.html

On a brighter note and pertinent to the thread, I see the ICICI Account Manager has given me a reply and simply said how there must have been some kind of a technical blip for me to experience what I saw. He also confirms the account value and status as all being in order.

I suppose at least ICICI are now aware of such a blip and also of the scary effect it has on a customer such as me, who accesses his/her account when the blip is active.

isofa

I guess if you are happy with it, then fair enough - each to their own.

I do have strong opinions because I have considerable experience in this sector, advising companies on security policies and so forth. Allowing one log-in to open the door to many other accounts, is by it's very nature, dangerous.

Unless I'm very much mistaken, regardless of the Egg statement, the ActiveX control will not store the data inside itself, it will have an additional file it calls on to store in. The ActiveX is fixed library of functions, it'll still need data supplied to it.

We have many on-line accounts in our family. We manage them all with complex passwords, all uniquely and all without writing them down. We use a combination of techniques, all based on strong security and mixed strings, but all pertinent to us so we don't easily forget.

I have probably near one hundred different logins for systems, sites, and all manner of security codes for sites I work at, I may be unusual, and not the average "home user", but I've never had a major problem remembering or managing password data, and I have a different login and password for pretty much everything I use - it can help to store very vague clues that only you yourself would understand, which I sometimes, but not always do for rarely used access.

In contrast, don't forget in surveys when people are vox-popped on station platforms what their passwords are, they invariably divulge details without hesitation.

I agree some password managers are excellent, but they do not involve themselves connecting to a site. I'd recommend KeePass in it's portable apps form.

It is the way in which the "Money Manager" appears to be working which I have issue with, I would never use a tool like that, and I'd strongly advise anyone else from using it too. I think it's fair to point out the inherent insecurity with it - just because Egg claim it's secure, doesn't mean it's fool proof. I'm sure HMRC claimed peoples data was secure, before posting out unencrypted CDs. Likewise with the DVLA new drivers details lost, the laptop full of unencrypted data etc.

Nothing is 100% secure, it is impossible - anyone who says anything is uncrackable is a very unwise person. Some of the strongest encryption today will be broken in a matter of seconds by the processing power of tomorrow. There are inherent security issues in all manner of operating systems and procedures. Chip and PIN was supposed to be fool proof, until two bright Cambridge Uni students showed they could syphon off the PIN through the WiFi unit to them make a fraudulent transaction. Yet banks still say it's 100% secure - comedy.

Then you have to consider malware, spyware, and then the very real threat of someone trusted with your data, misusing, or mishandling it.

:beer:

Dan29

Steve_xx wrote: »

However, if you have an Egg account you log on to that and you can then see your other accounts held in alternative banks. Therefore, effectively if you have the password to the Egg account then you automatically have access to the other accounts too.

Only if you're using the PC with the passwords stored on it.

F_T_Buyer

Ok, have you actually tried to log into ICICI directly through their website when it isn't working through Egg Money Manager? I check my balances late some nights, and my ICICI works fine.

If the ICICI website works when Egg's doesn't, then you know the fault is with Egg and not ICICI.


For the record, I wouldn't use any program like this. I do however have very strong passwords, and I record these all these different passwords in a word document which I password protect myself. I also add in the links to websites, including any comments I make when I ring them up.

Then it's easy to back up... along with my spreadsheet of all different accounts and investments which I update weekly.

Dan29

This is in ICICI's T&Cs - coincidence? :

29. The following functionalities will not be accessible during maintenance work at Midnight everyday
Add/Delete/Modify payee details
Add/Delete/Modify one time/recurrent internal/external scheduled/immediate transfer/payments
Additionally due to weekly maintenance the site would not be available from 5:10 AM to 7:10 AM London time on every Sunday.