|
|
Post by yorkshireman on Dec 14, 2013 19:13:27 GMT
The other problem here is that people are going to end up with a drawer-full of these gizmos. Everybody in my house has an identical HSBC one; I had to put names on the back with tape labels. I also have a separate one for an HSBC business account. It would be worse than having a wallet full of credit cards. I'm pretty sure that these devices are anonymous - that is, they are not defined in any way to a person/account/card. If provided by a bank, they work with any account holder within that bank. Any identification is provided by the card you slide into it. My opinion, as always, is not clouded by definitive knowledge.
The HSBC device is different to the gizmos supplied by other banks but the NatWest card reader allows access to a Nationwide account using a Nationwide card and vice versa.
|
|
mikes1531
Member of DD Central
Posts: 6,453
Likes: 2,320
|
Post by mikes1531 on Dec 16, 2013 2:56:37 GMT
I also use ING direct and have to use a mobile for a one time pin code whenever setting up a new payment. Halifax use a similar system, though it's not limited to mobiles. When setting up a new payee, they display a code on the website screen and then ring the phone number associated with the account. When the phone call comes, you key in the code that's on your screen and the system proceeds to set up the new payee. I don't bank from my mobile or at work, so the phone number in their system is my home phone and the system works well for me. Someone who wants to be able to set up a new payee from wherever they happen to be obviously would have to use their mobile number, and I can see how this could get awkward if they're trying to access the banking website from the same phone that going to be dealing with the automated phone call. ... but the NatWest card reader allows access to a Nationwide account using a Nationwide card and vice versa. I've found that my Barclays device also works for the Nationwide, so it probably would work for NatWest as well.
|
|
|
|
Post by jevans4949 on Dec 16, 2013 12:15:06 GMT
So does this mean that any Barclays / Nat West / Nationwide gizmo works on any account? And this is what they call security?
|
|
|
|
Post by batchoy on Dec 16, 2013 12:24:23 GMT
So does this mean that any Barclays / Nat West / Nationwide gizmo works on any account? And this is what they call security? The device creates a one time code based on your card, your pin and a seed from the requesting website using a standard algorithm. The key to the security is your card which you must have (and has to be a chip and pin card not a cloned magnetic stripe one) and your pin which you must know for the device to work and produce the correct one time code, and this is on top of having to know all the login information to get to the point where you need the device, your card and your pin.
|
|
|
|
Post by jevans4949 on Dec 16, 2013 12:34:39 GMT
So does this mean that any Barclays / Nat West / Nationwide gizmo works on any account? And this is what they call security? The device creates a one time code based on your card, your pin and a seed from the requesting website using a standard algorithm. The key to the security is your card which you must have (and has to be a chip and pin card not a cloned magnetic stripe one) and your pin which you must know for the device to work and produce the correct one time code, and this is on top of having to know all the login information to get to the point where you need the device, your card and your pin. OK, so that's pretty good, then. Although if you were to extend it generally, you will need a chip and pin card for all your accounts, even those which don't currently need them for shopping and ATMs - like online P2P.
|
|
|
|
Post by batchoy on Dec 16, 2013 12:41:34 GMT
The device creates a one time code based on your card, your pin and a seed from the requesting website using a standard algorithm. The key to the security is your card which you must have (and has to be a chip and pin card not a cloned magnetic stripe one) and your pin which you must know for the device to work and produce the correct one time code, and this is on top of having to know all the login information to get to the point where you need the device, your card and your pin. OK, so that's pretty good, then. Although if you were to extend it generally, you will need a chip and pin card for all your accounts, even those which don't currently need them for shopping and ATMs - like online P2P. Natwest only require you to use the device for critical actions such as changing security details, adding a new payee and making the first payment to a new payee as a result I probably use mine just a hand full of times per year. If something similar were to be used for P2P sites I would envisage it as only being necessary when doing critical things like changing personal details, security information and changing the linked bank account, plus for authorising sales of investments if the site allows the sale of investments with a discount and products like Authy don't need a card.
|
|
|
|
Post by westcountryfunder on Dec 16, 2013 18:05:14 GMT
I have read this topic and posts with some interest, but also without worrying too much about what is being said.
Now, I mustn't be too complacent, pride comes before a fall and all that, but why don't you all migrate too a Linux system?
Having become thoroughy exasperated with "the usual operating sytem" some six years ago, I moved over to Linux. I must admit it was a steep learning curve, but I have never looked back. What is more it's all a lot simpler now and there is no reason for anyone not to give it a try.
Why would you do this? Well, in those six years the only viruses I have seen have come attached to emails arriving on my client Thunderbird. But the virus checker (ClamAV) finds them ok, and anyway if you gingerly open the attachment all you find is something aimed at "the other system" and a named file which Linux will not execute.
The "other operating system" is generally known to be full of holes and security problems, whereas Linux is much more robust and less vulnerable.
If anyone is interested, I can probably point you in the right direction, provided you are interested in making the effort, and have an open mind.
|
|
|
|
Post by chris on Dec 16, 2013 18:21:42 GMT
While I too love Linux, and it is used for all our hosting, it is unfortunately not a silver bullet. Linux can be hacked just readily as any other system, and whilst it tends to be far less vulnerable to the wide scale automated attacks it will be just as vulnerable as any other system to specific attacks by a dedicated highly skilled hacker.
Having worked in the web development industry for a very long time I have often been shocked by how little developers know about security and how it is often treated as an afterthought or that people believe security through obscurity is a valid approach. The operating system will not matter if your site is open to SQL injection attacks, cross site scripting, your software is poorly set up or is of an older version with a known vulnerability, a user's login credentials are compromised, etc.
I would like to think that Assetz along with the other major players in the industry are doing a very good job securing the actual hosted website and associated systems, and this is something that we continually review for our own systems, however this thread has very valuably raised the point that we could all be doing a better job with helping users secure their own accounts. Each user making sure their operating system is uncompromised, fully patched, and has the correct security settings is just one small part of this. And whilst I would thoroughly encourage everyone to at least understand the strengths and weaknesses of Linux, no operating system will ever be able to perfectly protect all those who use it.
|
|
|
|
Post by uncletone on Dec 16, 2013 19:41:11 GMT
The "other operating system" Not to mention the other "other operating system" of course. Unix disguised as Macintosh.
|
|
JamesFrance
Member of DD Central
Port Grimaud 1974
Posts: 1,323 
Likes: 897
|
Post by JamesFrance on Dec 17, 2013 10:11:08 GMT
The trouble is that I would be completely lost without Quicken 2004 which can still be installed on Windows 7 (I haven't tried on W 8 but it was difficult on Vista which involved adding three extra files downloaded from the web).
If anyone knows a current program which can import Quicken files without mixing them up I would really like to hear about it. I have tried a few without success.
|
|
|
|
Post by chris on Dec 17, 2013 10:12:32 GMT
The trouble is that I would be completely lost without Quicken 2004 which can still be installed on Windows 7 (I haven't tried on W 8 but it was difficult on Vista which involved adding three extra files downloaded from the web). If anyone knows a current program which can import Quicken files without mixing them up I would really like to hear about it. I have tried a few without success. You can use Parallels or VMWare or VirtualBox (which is free) to dual boot Windows on top of Linux or OS X. Best of both worlds albeit for a small additional expense.
|
|
alison
Member of DD Central
Sanctuary!!
Posts: 356 
Likes: 99
|
Post by alison on Dec 17, 2013 10:16:56 GMT
The trouble is that I would be completely lost without Quicken 2004 which can still be installed on Windows 7 (I haven't tried on W 8 but it was difficult on Vista which involved adding three extra files downloaded from the web). If anyone knows a current program which can import Quicken files without mixing them up I would really like to hear about it. I have tried a few without success. Have you tried Moneydance? moneydance.com/Been using it for years since Quicken started playing silly sods.
|
|
JamesFrance
Member of DD Central
Port Grimaud 1974
Posts: 1,323
Likes: 897
|
Post by JamesFrance on Dec 17, 2013 10:39:55 GMT
Thanks alison, looking at the site there doesn't appear to be a trial version available, so I would be reluctant to risk £40 on something which may or may not be able to cope with my 20 years of data in Quicken. I have tried others which just scrambled my Quicken figures. I still find Quicken ideal for my requirements so dread the day when it no longer functions.
Chris thankyou for your suggestions, however I am only now getting vaguely competent with Windows. It took me several days to sort out a bsod problem which was caused by driver conflict arising whilst using a Spanish wifi system at the moment, so I am a bit old to start with something else.
|
|
alison
Member of DD Central
Sanctuary!!
Posts: 356
Likes: 99
|
Post by alison on Dec 17, 2013 10:51:40 GMT
Thanks alison, looking at the site there doesn't appear to be a trial version available, so I would be reluctant to risk £40 on something which may or may not be able to cope with my 20 years of data in Quicken. I have tried others which just scrambled my Quicken figures. I still find Quicken ideal for my requirements so dread the day when it no longer functions. Chris thankyou for your suggestions, however I am only now getting vaguely competent with Windows. It took me several days to sort out a bsod problem which was caused by driver conflict arising whilst using a Spanish wifi system at the moment, so I am a bit old to start with something else. James - I think there is still a free trial option available. See here - infinitekind.zendesk.com/hc/en-us/articles/200818226-The-Moneydance-trial
|
|
JamesFrance
Member of DD Central
Port Grimaud 1974
Posts: 1,323
Likes: 897
|
Post by JamesFrance on Dec 17, 2013 11:51:37 GMT
Thanks, I have had a look but migration would be difficult as I have many old accounts and all need a seperate qif file. For me it is hard to read with low contrast so I will keep Quicken for as long as I can. Interesting that the installer is unsigned so setting off Comodo sandbox and it will only run as admin.
|
|
