We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Barclays PINsentry
aardvaak
Posts: 5,836 Forumite
in Techie Stuff
Can someone please explain to me how Barclays PINsentry works?
I know how to operate it what I don't know is how does the Barclays log in site know the random number generated by the the machine is correct - the machine is not connected to the computer.
I know how to operate it what I don't know is how does the Barclays log in site know the random number generated by the the machine is correct - the machine is not connected to the computer.
0
Comments
-
It's possible that the calculator is pre-programmed with a specific formula. So it's not a random number.0
-
IIRC the basic way it works is that at the time the pin sentry devices are made they have an internal clock set, and synced to the servers to sort out the timing issues.
Once set it uses the cryptographic key set in the factory (that the servers know the decryption key for), and a combination of the time and the card used in it to create a short lived code (60 seconds from memory) that is accepted by the servers.
It's also how/why you are able to use someone else's pin sentry with your card, or even in some cases another bank's device (the banks share the technology to make it easier for customers).
It's also why I believe when the batteries in the device dies you have to get a replacement unit, and not just swap the battery yourself.
Basically it's about as secure as you can realistically get at the moment, without spending a lot of money - as long as your computer isn't infected with something that lets someone else see/use the data within the 60 seconds
On a vaguely related note, the current "securecode" and "verified by visa" systems were originally tried with a similar system (I was in the Barclaycard mastercard trial), but dropped for some reason, something that annoyed me a lot, as the password system they use instead is a lot less secure and harder for me to use (I use decent, long/complicated passwords, and it's much harder to remember an 8+ digit random password than use a standalone card reader).0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.5K Banking & Borrowing
- 254.1K Reduce Debt & Boost Income
- 455K Spending & Discounts
- 246.6K Work, Benefits & Business
- 602.9K Mortgages, Homes & Bills
- 178.1K Life & Family
- 260.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards