We'd like to remind Forumites to please avoid political debate on the Forum. This is to keep it a safe and useful space for MoneySaving discussions. Threads that are - or become - political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

Martin's Money Tips 18 June 2008 - Banks and anti-virus

I read that now the banks want us to have up to date anti-virus etc. to be covered in the event of being hacked. Not a bad idea but this pot calling kettle IMO. I've banked online for years and seen some awful bank web site (current ones too!). Thankfully the banks seem to have learned something and no longer say use IE when you tell them "your web site does not work in firefox" - (so you want me to use the browser with the phishing bug rather than one without? And that is safer how?).

But the banks still go through life with the assumption we are right because we are big and you are stupid because you are small. Well I made be small but I can work out probabilities better than banks can it would seem. I'm talking about the latest trend to cut up passwords and just ask for 3 letters. News-flash, it doesn't matter how you get those 3 letters it is still a very, very, low security password. Not enough combinations. There is no difference between a 3 letter password and a 3 letters from a 12 letter password. The probability of guessing right is the same in both cases. But then I'm small so stupid.
«13

Comments

  • medic1978
    medic1978 Posts: 515 Forumite
    Part of the Furniture 100 Posts Combo Breaker
    What about if you use linux or a mac. Antivirus not usually as important as no definite viruses to date on these operating systems- at least thats my understanding.

    And anyway, how will the bank know if you are using anti-virus software?
  • olly300
    olly300 Posts: 14,736 Forumite
    Part of the Furniture 10,000 Posts Combo Breaker
    medic1978 wrote: »

    And anyway, how will the bank know if you are using anti-virus software?

    They don't and can't.

    Until your account is infiltrated, money stolen and you admit that you are not sure if your virus software is up to date because your clever family member/friend put it on for you. Then in your stress you admit that at least 2 of your accounts/cards which are not with that bank have the same PINs and passwords.* That way the bank can get out of paying you back.

    The banks are relying on the public's lack of IT knowledge hence this verify by VISA scheme and other stupid questions for you to remember. There has been some research that shows that there is a limit to the number of random pieces of information that people can remember so the more passwords and PINs banks make you remember the greater risk there is off people using the same passwords and PINs for accounts.

    *The safest option is not to bother remember the PINs and passwords to accounts/cards you don't use often but make sure you know how you can obtain the information quickly if you need to. Some credit card companies are geared upto give you your PIN within an hour.
    I'm not cynical I'm realistic :p

    (If a link I give opens pop ups I won't know I don't use windows)
  • Baldur
    Baldur Posts: 6,565 Forumite
    medic1978 wrote: »
    What about if you use linux or a mac. Antivirus not usually as important as no definite viruses to date on these operating systems- at least thats my understanding.
    Less of a problem, maybe, but certainly not invulnerable - Linux & Mac OS X.
  • adecor
    adecor Posts: 269 Forumite
    Part of the Furniture 100 Posts Combo Breaker
    A simple added security is to always enter your log-in details via the on-screen keyboard - hence no key strokes can be hacked. If you have XP go Start
    Accessories
    Accessability
    On-Screen Keyboard

    Not sure about VISTA as I don't have this.
  • Baldur
    Baldur Posts: 6,565 Forumite
    adecor wrote: »
    Not sure about VISTA as I don't have this.
    Same process, except that it's Accessories>Ease of access>On-screen keyboard.
  • malc_b
    malc_b Posts: 1,086 Forumite
    Part of the Furniture 500 Posts
    olly300 wrote: »
    Then in your stress you admit that at least 2 of your accounts/cards which are not with that bank have the same PINs and passwords. That way the bank can get out of paying you back.

    Online accounts I can see the relevance of but not cards. You need to lose the card(s) and fail to stop them for having the same pin to be an issue. Same passwords for online are of course not a good idea. Better idea is a password keeper programmer. One master password that doesn't go over the net opens the keeper. The online passwords can then be random 12 char strings. However, since the banks all tend to ask mother's maiden name then they are the cause of one piece of information being the same.

    No bank I can think of shows much sense. The latest trend seems to be hardware solutions but not common ones so each bank sends a difference piece of kit. NW has a calculator, HBOS has a keyfob dongle. And they take different approaches. HBOS uses the dongle to get in. NW is going to only ask for the calculator for new payments I believe.

    A structured approach makes more sense. I'd like my account to be secure but if a hacker got in I'd be more worried about the money disappearing than him seeing my balance or paying money to my existing credit cards. Hence I'd be happy with the hardware solution only applying to new bill payments. That way you could still online bank abroad for existing bills, with taking a suitcase full of dongles.
  • mikegahan
    mikegahan Posts: 280 Forumite
    The truth is that banks etc are keen on online banking because it is more profitable than maintaining a real network. Yet they want to minimise the losses to themselves by trying to pass responsibility if things go wrong. Complete internet security is a chimera, and security is relative. For example wireless networks are relatively insecure despite the different standards of encyption. Would one be penalised for using this? Ironically telephone banking is more secure than online banking yet the banks do not seem to advertise this. I have an old computer that runs on Linux and this is more secure; and I only use it for financial transactions. And the remedy about using the onscreen keyboard is good but there are spybots that can transmit a PICTURE of the screen to hackers. Nothing is completely foolproof
  • jamesd
    jamesd Posts: 26,103 Forumite
    Part of the Furniture 10,000 Posts Name Dropper
    malc_b, you have three alphanumeric characters. That's 36 * 36 * 36 combinations = 46,656 tries to check them all. You'd expect to get in after half of the tries so that's only 23,328. If you get three tries that's 7,776 accounts you have to try before you can expect to succeed.

    You'll also need to know enough of the account details to get to the point of needing the password check.

    There's a fair chance that you'd find that you could no longer even get to the password screen by the time you'd locked out a few accounts, since the banks are unlikely to let someone just keep on trying lots of accounts.

    What the banks do works well enough or they would have switched to something else. The measures that they are taking suggest that keystroke loggers and people telling scammers their login details are seen as the biggest threats to their systems.
  • "A simple added security is to always enter your log-in details via the on-screen keyboard - hence no key strokes can be hacked"

    unfortunately this is not always true. there are many keyloggers that can also record mouse clicks.
  • Yes, that is all true but neither passwords or anti-virus/anti-spyware software stop people from being fooled from fishing emails supposedly sent from x bank.

    I get loads of spam (25 to 85 emails) each night. I can spot the fake ones a mile away, but I am a computer geek and quite observant. The average computer user will get fooled sooner or later by these and that's when accounts get hacked.
    They can also get you by sending a fake email from your email/ISP company, get your password for your web-mail and hack your accounts from there if you are careless to leave any emails with important info in them online.


    Regards,
    Lonewolf10
This discussion has been closed.
Meet your Ambassadors

Categories

  • All Categories
  • 346.1K Banking & Borrowing
  • 251.2K Reduce Debt & Boost Income
  • 451.1K Spending & Discounts
  • 238.2K Work, Benefits & Business
  • 613.3K Mortgages, Homes & Bills
  • 174.5K Life & Family
  • 251.4K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16K Discuss & Feedback
  • 15.1K Coronavirus Support Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.