New optical online banking signin - how do you bank?


Recommended Posts

Hello guys!

My bank has started rolling out a new login system for the online banking. Before we had to enter a 'challenge' code on some card reader we got. Now the bank started rolling out the new system which uses optical codes on the card reader for even better security and faster login times. I'm picking up my new optical card reader on tuesday, excited to try it out :D It's the first time I've ever seen/heard of a system like this!

This is the login page with how the system works.

https://www.kbc.be/PBL/CC028/~E/~KBC/-BZNG465/BZNG4AL/BZNPMTR/BZNRN9U/~-BZIRNAT?reqProdChoice=b2c&secid=ucrcomfort

What do you think about it? How do you sign in to your online banking?

- Ambroos

Link to comment
Share on other sites

that login page only show the usual chip card plus code generator login which a lot of banks use. personally I prefer my bank system that just use a one key code generating display, like the blizzard thing. just as secure and far less annoying and far more portable.

Link to comment
Share on other sites

that login page only show the usual chip card plus code generator login which a lot of banks use. personally I prefer my bank system that just use a one key code generating display, like the blizzard thing. just as secure and far less annoying and far more portable.

Changed the URL, looks like it was a cookie thing for me. This one should default you to the 'new' system: https://www.kbc.be/PBL/CC028/~E/~KBC/-BZNG465/BZNG4AL/BZNPMTR/BZNRN9U/~-BZIRNAT?reqProdChoice=b2c&secid=ucrcomfort

Link to comment
Share on other sites

My bank uses a card reader, I enter my online banking membership number, my surname and the last 4 digits of my card, then it will ask for a unique number produced by putting my card into the calculator sized reader, hitting the appropriate button and entering my pin, it gives an 8 digit number that is only good 1 time.

Pretty damn secure imo

Link to comment
Share on other sites

I don't see that system as any more secure. it's still a basic two factor auth. and they still require both a card reader and a card... that would be so annoying.

Link to comment
Share on other sites

I don't see that system as any more secure. it's still a basic two factor auth. and they still require both a card reader and a card... that would be so annoying.

Not sure if you are replying to me or OP, but with mine unless the thief has my membership number (In my head only) my card, And my card reader, then they can't log in to my account, chances of someone gaining access to all 3 of those is unlikely

And it's not annoying really, takes less than 30 seconds to log in

Link to comment
Share on other sites

Op actually. but all systems that require more than just a single dongle, preferably the type with just one button, is annoying and necessary.

They're not safer, just more annoying to use, and more annoying to take with you.

Link to comment
Share on other sites

6a01053620481c970b015390bf1a2e970b-500wi

A picture of my bank authenticator, I need to press my authenticator pin in and then it'll generate a 6 random numbers to log in to my internet banking, that will deactivate itself in 15 minutes. I also provide the secret password and my internet account number. The authenticator pin is different to my card pin.

However, a new iPhone app released and I can login to that directly by providing another pin which is called fast banking. It's handy since I can jump over some loops, but I'm limited to just accessing basic information on my current account.

Your system kinda hurts my eyes... :o

Link to comment
Share on other sites

I'm with Natwest (UK) and only need to use a card reader to arrange payments to other people's accounts. I prefer it that way as I can't be bothered carrying a card reader with me all the time :)

Link to comment
Share on other sites

Op actually. but all systems that require more than just a single dongle, preferably the type with just one button, is annoying and necessary.

They're not safer, just more annoying to use, and more annoying to take with you.

I don't have to take it with me, I can use my card in shops or ATMs with just the card and my pin

The reader is only for online banking so it just stays at home :)

Link to comment
Share on other sites

I don't have to take it with me, I can use my card in shops or ATMs with just the card and my pin

The reader is only for online banking so it just stays at home :)

what if you need to log into your bank it work or on vacation.

Link to comment
Share on other sites

what if you need to log into your bank it work or on vacation.

I wouldn't !

If I had to do any banking away from my machine I'd use telephone banking or visit a branch and do it personally, I wouldn't be logging in on anyone else connection or machine :)

Link to comment
Share on other sites

Logging in on a work computer or a family members or a friends computer is hardly a risk, especially when the whole point of the two factor auth is security in the first place. And even if someone hijacked your sessions they can't do anything, not if your banks are set up as secure as ours anyway, where you need to auth both when logging in and when doing any transaction not between your own accounts.

either way, banks keep advertising auth systems with multiple parts of fancy ways to read the time code(like this optical one) as more secure, while the reality is that the simple dongle with a single button and a display is just as secure as this system with a card, card reader with keypad and optical reader.

Link to comment
Share on other sites

Logging in on a work computer or a family members or a friends computer is hardly a risk, especially when the whole point of the two factor auth is security in the first place. And even if someone hijacked your sessions they can't do anything, not if your banks are set up as secure as ours anyway, where you need to auth both when logging in and when doing any transaction not between your own accounts.

either way, banks keep advertising auth systems with multiple parts of fancy ways to read the time code(like this optical one) as more secure, while the reality is that the simple dongle with a single button and a display is just as secure as this system with a card, card reader with keypad and optical reader.

Peace of mind not using someone elses machine I think mainly, but the difference between a simple dongle with a button vs a reader like mine is I have to enter my pin on the reader, and I have to know how to navigate to the correct function of the reader as it can be used for multiple transfers

Not my card but identical

Vf0qT.jpg

Link to comment
Share on other sites

Peace of mind not using someone elses machine I think mainly, but the difference between a simple dongle with a button vs a reader like mine is I have to enter my pin on the reader, and I have to know how to navigate to the correct function of the reader as it can be used for multiple transfers

Not my card but identical

Vf0qT.jpg

havign to enter the pin on the reader doesn't matter as far as security goes. Especially not in your use cases where you only use it at home anyway.

fact is in security tests where bank security tests these systems don't come out any better than single button dongles. in fact single button dongle systems generally win because these systems are mroe likely to require verification of each transaction on the bank, which is more important than a security dingle system that requires multiple pins, dongles and cards.

Link to comment
Share on other sites

Wow, I had no idea online banking used two-factor authentication in the rest of the world. That seems really inconvenient. I always sign in to online banking at work, home, from my phone etc. All I use is username + password (+ security question on unrecognised devices) .

Link to comment
Share on other sites

Well we have had two-factor authentication for ages now. Only the mobile app is fine with just a password, but transactions are limited, and you need a different password for each device, you can't just sign on on any phone.

When signing transactions we need to do the same process of verifying with PIN again. It's not like you can just do whatever you want once signed in. I'm glad at least I don't have to remember another username/password for online banking. We just enter our card number and use the "digipass".

Had anyone actually ever seen that optical system in use before? I was quite surprised to suddenly see it available on my login screen!

Link to comment
Share on other sites

I've used a number of these (my HSBC account has a one-push code like the Battle.net thing, Handelsbanken a two-factor auth like Barclays) and my favourite security/ease-of-use compromise is my Lloyds TSB account - I can log in with username/password/"enter letters 3, 6, 2 of your secret word" but to do anything of consequence like transfer money out they have an automated system that phones you up and gets you to enter the code you see on screen.

The OPs new system seems a bit gimmicky ? it's just two-factor auth that uses flashing pulses to get the code into the machine instead of manually typing it in. It hurts my eyes! :wacko:

Link to comment
Share on other sites

You login, and get asked to insert your card into a card reader. The card reader asks for your PIN number and generates a code number, which you then enter into the site to gain access.

Link to comment
Share on other sites

This topic is now closed to further replies.