Does your bank support two-factor authentication?


Does your bank support two-factor authentication?  

43 members have voted

  1. 1. Does your bank support two-factor authentication?

    • Yes
      33
    • No
      4
    • No But I wish they did.
      5


Recommended Posts

I recently wrote to my bank asking for two-factor authentication. I would be happy if my bank would text my cell phone with a pin that I would use in combination with my login name and password. Apparently it got sent to the IT guy. So my question is, does your bank support two-factor authentication?

The 3 different types of authentication goes as followed

1) Something you know (Like a password, or something you type off the screen)

2) Something you have (Like a cell phone or some sort of device which generates a pin, which someone would have to have in their physical possession to log into your account)

3) Something you are (This would be where you would use a finger print reader, or have your eyes scanned)

Link to comment
Share on other sites

My bank has a lame two factor authentication. The second part asks for 3 words random letters from the secret key. Dont like the idea of authenticators. I would rather prefer them texting me a unique key each time I login.

Link to comment
Share on other sites

My bank has a lame two factor authentication. The second part asks for 3 words random letters from the secret key. Dont like the idea of authenticators. I would rather prefer them texting me a unique key each time I login.

I'm confused, are they asking for something you know or for something have? At the moment it sounds like just 1 factor, just something you know.

Link to comment
Share on other sites

Probably password then the next step is asking for three letters from an answer you have already provided them

So password

Give letter 1, 3, 5 of your secret answer

Authorised.

That is prob for online banking though.

Link to comment
Share on other sites

My bank uses two-factor authentication for setting up new payees and changes to account settings but not for general online banking (transfers between accounts, viewing statements, etc). It's a decent compromise between practicality and security.

I would prefer banks used mobile more. In particular I would like to be notified every time money is withdrawn from an ATM or purchases above a certain amount are made. I've got an Italian friend and her bank sends her texts when a certain amount is withdrawn, which I think all banks should be required to offer.

Link to comment
Share on other sites

I know that is an option with some accounts but not all which I agree should be required "theyarecomingforyou"

And same, setting up payees etc they require a automated telephone call with a pin and all sorts for bank of scotland

Link to comment
Share on other sites

My bank has a lame two factor authentication. The second part asks for 3 words random letters from the secret key. Dont like the idea of authenticators. I would rather prefer them texting me a unique key each time I login.

That's what my bank does when I do an online sign in as well.

Link to comment
Share on other sites

My bank does give you the option of alerts via email. But only a select few alerts. It does not let you set a dollar amount to be notified about.

For instance, I would like to sent an alert when a check / credit or debit is made on my account for $200 or more.

but what it will alert people about is if their tax refund arrived in their account :angry:

Hmm well I did just see where I can get an alert if my account falls below X amount of dollars. So I just turned that on and set an amount. I guess that's handy.

Link to comment
Share on other sites

A physical key card of 72 6-digit codes for login, changing settings and some third-party online services, first 3 digits for confirmation of payments.

Not enough entropy for my liking. Also - three "strikes" and one has to go to the bank in person to unlock online banking again - which I've also had to do once due to taking the wrong key card and then wondering why it didn't accept the thing.

Link to comment
Share on other sites

I bank in the UK with NatWest, they use 2 factor authentication in a sensible way. Barclays require you to use a physical chip and pin device every time you login, whilst secure it rapidly becomes a pain in the neck when you're out and about and need access - like that emergency purchase when you're at the office. NatWest only require you to use it when paying someone for the first time or when transferring large sums of money. I can cope with that!

  • Like 1
Link to comment
Share on other sites

One of my banks only allow 6-8 character passwords, and I don't believe they even allow special characters . . .

My bank has a limit of 17 characters. The fact they have a limit at all is scary!

Link to comment
Share on other sites

Mine uses two forms of something I know. A UN/PW and then a PIN, also if it's an IP address I've never logged in with they as a Secret Question. Pretty good security without getting in my way very much.

One of my banks only allow 6-8 character passwords, and I don't believe they even allow special characters . . .

Capital One is this way...I really wish they would allow me to use a stronger password.

Link to comment
Share on other sites

I'm confused, are they asking for something you know or for something have? At the moment it sounds like just 1 factor, just something you know.

CW-88 explained it best, quote below:

Probably password then the next step is asking for three letters from an answer you have already provided them

So password

Give letter 1, 3, 5 of your secret answer

Authorised.

That is prob for online banking though.

I think banks need to up their game. The likes of Steam and Blizzard are providing better login security but I guess no bank has had their online security breached as bad as both these outlets.

Link to comment
Share on other sites

My bank requires the following when logging in online.

Access ID: A number provided by the bank.

PIN: A password that the user makes up for themselves.

Authentication Key: A random 6 digit number generated by a key generator supplied by the bank. Number is good for about 30 seconds before a new number has to be generated.

Not sure what else they could do. :)

Link to comment
Share on other sites

My bank (Locally owned), has sort of a two factor authentication they think will be best. You log in - and it cross checks against your IP, if it changes, then it sends you a 'pin' to authenticate yourself either to your cell or email on file. Once you enter the pin, you are good to go with just your regular password. Before that, they had a picture that you were supposed to recognize and if you did, answered the question about it and then your password.

Personally, would LOVE to see more support on sites for Yubikey authentication - super easy to do and quite secure.

Link to comment
Share on other sites

Personally, would LOVE to see more support on sites for Yubikey authentication - super easy to do and quite secure.

Ya, I bought one when it first came out. I just don't know where it is...hmmm.

Link to comment
Share on other sites

my UK bank asks for a 10 digit number and then it'll ask me for 3 random characters from my set password and then for a random 3 digits of my cards pin number.

Canadian credit union asks for member number then it'll ask me for the answer to a security question. If I answer right it'll take me to a password page but it also displays 2 images I chose during signup to verify that the page is "true". Only if the images match should I enter my password.

Overall both institutions seem pretty secure. Never had any issues with fraud with either (touch wood)

I also have an account with another canadian bank and they just ask for debit card number and a password. If it detects that i'm logging on from an odd location or IP it'll ask a security question too.

Link to comment
Share on other sites

my UK bank asks for a 10 digit number and then it'll ask me for 3 random characters from my set password and then for a random 3 digits of my cards pin number.

Canadian credit union asks for member number then it'll ask me for the answer to a security question. If I answer right it'll take me to a password page but it also displays 2 images I chose during signup to verify that the page is "true". Only if the images match should I enter my password.

Those "images" were defunked a long time a lot. The phishing sites would actually grab the "images" from the legit site and show them to you on the fake one."

Link to comment
Share on other sites

HSBC in the UK are ahead with this type of thing.

You have your log on ID and a password.

Then you have to input the six digits from their "Secure Key" device.

6a01053620481c970b015390bf1a2e970b-500wi

When turning on the device, it asks for a 4-digit pin number, then randomly generates a 6-digit number of which you have to input to get into the bank.

Hassle for when I am elsewhere, but I don't remember my log on ID so only log on at home where the secure key is.

Here's their link with a demo.

Link to comment
Share on other sites

It's not strictly two-factor, but it's as secure as it gets.

You enter your card number on the site (not a credit card, number is never used to pay), then put your card in a portable reader thingy and use that to scan an optical code on your PC display. Select what you want to do (logon/sign/buy), enter your PIN and then you get a response to enter on the web page.

To sign transactions or to buy stuff you not only have to enter your PIN number on the reader but also the (total) amount. Pretty much secures you against malicious spoofing of your transactions. I consider this to be extremely safe and you don't have to remember any passwords.

Link to comment
Share on other sites

  • 1 month later...

Mine uses a random generated 8 digit password which is send to the registered mobile to authenticate any online payment.

The bank also has 3 passwords.

1) Login

2) Transaction

3) Profile

Login password needs to be changed every 2 months.

So to complete any online payment, I have to know 3 passwords. Login, Transaction and the password sent to mobile which is valid for 1 hr.

Pretty decent.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.