Jump to content



Photo

Does your bank support two-factor authentication?


  • Please log in to reply
28 replies to this topic

Poll: Does your bank support two-factor authentication?

Does your bank support two-factor authentication?

You cannot see the results of the poll until you have voted. Please login and cast your vote to see the results of this poll.
Vote Guests cannot vote

#16 JJ_

JJ_

    Neowinian

  • 762 posts
  • Joined: 31-July 05

Posted 23 September 2012 - 01:26

I'm confused, are they asking for something you know or for something have? At the moment it sounds like just 1 factor, just something you know.


CW-88 explained it best, quote below:

Probably password then the next step is asking for three letters from an answer you have already provided them

So password
Give letter 1, 3, 5 of your secret answer

Authorised.

That is prob for online banking though.


I think banks need to up their game. The likes of Steam and Blizzard are providing better login security but I guess no bank has had their online security breached as bad as both these outlets.


#17 +hedleigh

hedleigh

    Neowinian

  • 519 posts
  • Joined: 07-June 02
  • Location: Geelong

Posted 23 September 2012 - 03:21

My bank requires the following when logging in online.

Access ID: A number provided by the bank.

PIN: A password that the user makes up for themselves.

Authentication Key: A random 6 digit number generated by a key generator supplied by the bank. Number is good for about 30 seconds before a new number has to be generated.

Not sure what else they could do. :)

#18 +Medfordite

Medfordite

    Neowinian Senior

  • 2,422 posts
  • Joined: 16-March 06
  • Location: Medford Oregon
  • OS: Win 8.1 Pro
  • Phone: HTC One M7 - Blue

Posted 23 September 2012 - 03:32

My bank (Locally owned), has sort of a two factor authentication they think will be best. You log in - and it cross checks against your IP, if it changes, then it sends you a 'pin' to authenticate yourself either to your cell or email on file. Once you enter the pin, you are good to go with just your regular password. Before that, they had a picture that you were supposed to recognize and if you did, answered the question about it and then your password.

Personally, would LOVE to see more support on sites for Yubikey authentication - super easy to do and quite secure.

#19 OP +warwagon

warwagon

    Only you can prevent forest fires.

  • 27,034 posts
  • Joined: 30-November 01
  • Location: Iowa

Posted 23 September 2012 - 03:39

Personally, would LOVE to see more support on sites for Yubikey authentication - super easy to do and quite secure.


Ya, I bought one when it first came out. I just don't know where it is...hmmm.

#20 Sandor

Sandor

    Neowinian Senior

  • 3,995 posts
  • Joined: 28-November 03
  • OS: Win 8.1

Posted 23 September 2012 - 03:42

my UK bank asks for a 10 digit number and then it'll ask me for 3 random characters from my set password and then for a random 3 digits of my cards pin number.

Canadian credit union asks for member number then it'll ask me for the answer to a security question. If I answer right it'll take me to a password page but it also displays 2 images I chose during signup to verify that the page is "true". Only if the images match should I enter my password.

Overall both institutions seem pretty secure. Never had any issues with fraud with either (touch wood)

I also have an account with another canadian bank and they just ask for debit card number and a password. If it detects that i'm logging on from an odd location or IP it'll ask a security question too.

#21 OP +warwagon

warwagon

    Only you can prevent forest fires.

  • 27,034 posts
  • Joined: 30-November 01
  • Location: Iowa

Posted 23 September 2012 - 03:59

my UK bank asks for a 10 digit number and then it'll ask me for 3 random characters from my set password and then for a random 3 digits of my cards pin number.

Canadian credit union asks for member number then it'll ask me for the answer to a security question. If I answer right it'll take me to a password page but it also displays 2 images I chose during signup to verify that the page is "true". Only if the images match should I enter my password.


Those "images" were defunked a long time a lot. The phishing sites would actually grab the "images" from the legit site and show them to you on the fake one."

#22 Sir Topham Hatt

Sir Topham Hatt

    A Very Talented Individual

  • 6,802 posts
  • Joined: 02-November 03
  • Location: Island of Sodor, UK

Posted 27 September 2012 - 17:17

HSBC in the UK are ahead with this type of thing.

You have your log on ID and a password.
Then you have to input the six digits from their "Secure Key" device.

Posted Image

When turning on the device, it asks for a 4-digit pin number, then randomly generates a 6-digit number of which you have to input to get into the bank.

Hassle for when I am elsewhere, but I don't remember my log on ID so only log on at home where the secure key is.
Here's their link with a demo.

#23 bjoswald

bjoswald

    Neowinian Senior

  • 3,763 posts
  • Joined: 14-January 08
  • Location: Florida
  • OS: Windows 7 Home Premium
  • Phone: HTC Aria

Posted 27 September 2012 - 17:22

Not that I know of. But then again, I don't really care either.

#24 Ambroos

Ambroos

    Neowinian Senior

  • 6,159 posts
  • Joined: 16-January 06
  • Location: Belgium
  • OS: Windows 7 + 8.1
  • Phone: Sony Xperia Z2

Posted 27 September 2012 - 17:27

It's not strictly two-factor, but it's as secure as it gets.

You enter your card number on the site (not a credit card, number is never used to pay), then put your card in a portable reader thingy and use that to scan an optical code on your PC display. Select what you want to do (logon/sign/buy), enter your PIN and then you get a response to enter on the web page.

To sign transactions or to buy stuff you not only have to enter your PIN number on the reader but also the (total) amount. Pretty much secures you against malicious spoofing of your transactions. I consider this to be extremely safe and you don't have to remember any passwords.

#25 +d5aqoëp

d5aqoëp

    Banned

  • 3,197 posts
  • Joined: 07-October 07

Posted 08 November 2012 - 02:49

Mine uses a random generated 8 digit password which is send to the registered mobile to authenticate any online payment.
The bank also has 3 passwords.
1) Login
2) Transaction
3) Profile

Login password needs to be changed every 2 months.

So to complete any online payment, I have to know 3 passwords. Login, Transaction and the password sent to mobile which is valid for 1 hr.

Pretty decent.

#26 Virtunate

Virtunate

    Neowinian

  • 464 posts
  • Joined: 10-October 05
  • Location: Halifax,Nova Scotia,Canada

Posted 08 November 2012 - 03:03

I bank in Canada and my bank claims to have "Two-Factor" authentication, but all it really does is ask you a security question when you login from an unknown location, which I don't consider to be two-factor. Not only that, but my bank only allows an 8-digit password, which I don't consider to be secure either.

#27 Crimson Rain

Crimson Rain

    Neowinian

  • 1,239 posts
  • Joined: 29-September 12
  • OS: Windows 8.1 x64
  • Phone: Lumia 1020 Yellow

Posted 08 November 2012 - 03:08

For login to web interface, no.
But to perform any action except balance view, yes (2-factor by sending a random code to my phone by sms).

#28 leesmithg

leesmithg

    The Major!

  • 9,490 posts
  • Joined: 11-August 04
  • Location: Kings Hill, West Malling, Kent, England.

Posted 09 November 2012 - 23:16

mine is three (3).

Account number, password, p.i.n.

#29 ZakO

ZakO

    Neowinian

  • 1,041 posts
  • Joined: 21-September 07
  • Location: Finland

Posted 09 November 2012 - 23:59

Two factor,

1) Enter 10 digit number + 3 digits of your pin + 3 characters of your password
2) Card Reader

Plus if you get anything wrong more than once they block the account and you have phone up to get your pin/password reset.