28 replies to this topic

[+warwagon]

I recently wrote to my bank asking for two-factor authentication. I would be happy if my bank would text my cell phone with a pin that I would use in combination with my login name and password. Apparently it got sent to the IT guy. So my question is, does your bank support two-factor authentication?

The 3 different types of authentication goes as followed

1) Something you know (Like a password, or something you type off the screen)
2) Something you have (Like a cell phone or some sort of device which generates a pin, which someone would have to have in their physical possession to log into your account)
3) Something you are (This would be where you would use a finger print reader, or have your eyes scanned)

[JJ_]

My bank has a lame two factor authentication. The second part asks for 3 words random letters from the secret key. Dont like the idea of authenticators. I would rather prefer them texting me a unique key each time I login.

[Hum]

My bank goes out of the way to keep me from logging in, but anyone boob with my Debit card number can rip it off in the blink of an eye.

[CW-88]

three letters from a secret answer is what my bank does. I want the (i think) barcleys had a pin device you could use for online banking. That would be epic.

[+warwagon]

JJ_, on 22 September 2012 - 16:19, said:

My bank has a lame two factor authentication. The second part asks for 3 words random letters from the secret key. Dont like the idea of authenticators. I would rather prefer them texting me a unique key each time I login.

I'm confused, are they asking for something you know or for something have? At the moment it sounds like just 1 factor, just something you know.

[CW-88]

Probably password then the next step is asking for three letters from an answer you have already provided them

So password
Give letter 1, 3, 5 of your secret answer

Authorised.

That is prob for online banking though.

[theyarecomingforyou]

My bank uses two-factor authentication for setting up new payees and changes to account settings but not for general online banking (transfers between accounts, viewing statements, etc). It's a decent compromise between practicality and security.

I would prefer banks used mobile more. In particular I would like to be notified every time money is withdrawn from an ATM or purchases above a certain amount are made. I've got an Italian friend and her bank sends her texts when a certain amount is withdrawn, which I think all banks should be required to offer.

[CW-88]

I know that is an option with some accounts but not all which I agree should be required "theyarecomingforyou"

And same, setting up payees etc they require a automated telephone call with a pin and all sorts for bank of scotland

[Javik]

JJ_, on 22 September 2012 - 16:19, said:

My bank has a lame two factor authentication. The second part asks for 3 words random letters from the secret key. Dont like the idea of authenticators. I would rather prefer them texting me a unique key each time I login.

That's what my bank does when I do an online sign in as well.

[+warwagon]

My bank does give you the option of alerts via email. But only a select few alerts. It does not let you set a dollar amount to be notified about.

For instance, I would like to sent an alert when a check / credit or debit is made on my account for $200 or more.

but what it will alert people about is if their tax refund arrived in their account

Hmm well I did just see where I can get an alert if my account falls below X amount of dollars. So I just turned that on and set an amount. I guess that's handy.

[+Phouchg]

A physical key card of 72 6-digit codes for login, changing settings and some third-party online services, first 3 digits for confirmation of payments.
Not enough entropy for my liking. Also - three "strikes" and one has to go to the bank in person to unlock online banking again - which I've also had to do once due to taking the wrong key card and then wondering why it didn't accept the thing.

[+jamieakers]

I bank in the UK with NatWest, they use 2 factor authentication in a sensible way. Barclays require you to use a physical chip and pin device every time you login, whilst secure it rapidly becomes a pain in the neck when you're out and about and need access - like that emergency purchase when you're at the office. NatWest only require you to use it when paying someone for the first time or when transferring large sums of money. I can cope with that!

[farmeunit]

One of my banks only allow 6-8 character passwords, and I don't believe they even allow special characters . . .

[+warwagon]

farmeunit, on 22 September 2012 - 16:50, said:

One of my banks only allow 6-8 character passwords, and I don't believe they even allow special characters . . .

My bank has a limit of 17 characters. The fact they have a limit at all is scary!

[Stokkolm]

Mine uses two forms of something I know. A UN/PW and then a PIN, also if it's an IP address I've never logged in with they as a Secret Question. Pretty good security without getting in my way very much.

farmeunit, on 22 September 2012 - 16:50, said:

One of my banks only allow 6-8 character passwords, and I don't believe they even allow special characters . . .

Capital One is this way...I really wish they would allow me to use a stronger password.