[LINK] A security question

David Lochrin dlochrin at d2.net.au
Wed Dec 18 15:15:33 AEDT 2013 

I think most banks offer either a token or a mobile challenge.  The "token" typically displays a pseudo-random number each 30 seconds or so which the user must enter after logging in; the bank can then check it's the expected response before giving access.  The mobile challenge requires the user to enter a number sent to their mobile by SMS.  In either case "something you know & something you have" access control is much better than a straight username & password.

CBA require a token response on each login.  But some banks only require a token / mobile check when debiting above a certain (user set?) amount.  I think the challenge & response mechanism is sometimes optional too.

D.

-------

On 2013-12-18 08:03 Dr Bob wrote:

> Linkers,
> 
> I have a security question one of you may be able to answer. Which device is more secure for internet banking, a laptop such as a macbook , an iphone or an ipad? As far as i am aware, the iphone and ipad's sandbox facility makes keyloggers difficult but then they do not have any antivirus capability (I use Sophos on the mac laptop, and it reports clean). 
> 
> The reason I ask is that my internet banking account got hacked yesterday and they tried to make off with about 5K. The password was secure, at least I thought it was. It was a meaningless sequence of characters, upper and lower case and numbers, difficult enough to remember in the best of times.
> 
> I can only assume they were sniffing packets. My connection to the net is via a wireless link to an apple airport express I carry with me. 
> 
> I am in South Korea for three months and need internet banking to pay my bills, etc.
> 
> As an aside, ING and Citibank have provided me with an RSA fob to verify who I am in certain transactions. I wonder as well if having a fob to generate a one time password is more secure (not ignoring the fact that RSA got hacked a some time ago).
> 
> Bobj
> 
> Dr Bob Jansen
> Turtle Lane Studios
> PO Box 26 Erskineville NSW 2043 Australia
> Ph: +61 414 297 448
> Skype: bobjtls
> http://www.turtlelane.com.au
> 
> 
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link
> 
>

More information about the Link mailing list