[LINK] A security question

Dr Bob Jansen bob.jansen at turtlelane.com.au
Wed Dec 18 15:23:28 AEDT 2013 

David,

I don't think ANZ offers the token option, at least they have not mentioned it to me when I discussed my coming to Korea with them.

As I said in my original email, ING and CitiBank required the use of a token and each have provided a RSA fob.

Thanks for your email though. Also thanks for everyone else who have made suggestions. I am looking at Tails and that seems an interesting option but nothing is really secure I guess. I just have to keep a wary eye on the accounts.

Bobj

Dr Bob Jansen
Turtle Lane Studios
PO Box 26 Erskineville NSW 2043 Australia
Ph: +61 414 297 448
Skype: bobjtls
http://www.turtlelane.com.au


> On 18 Dec 2013, at 13:15, David Lochrin <dlochrin at d2.net.au> wrote:
> 
> I think most banks offer either a token or a mobile challenge.  The "token" typically displays a pseudo-random number each 30 seconds or so which the user must enter after logging in; the bank can then check it's the expected response before giving access.  The mobile challenge requires the user to enter a number sent to their mobile by SMS.  In either case "something you know & something you have" access control is much better than a straight username & password.
> 
> CBA require a token response on each login.  But some banks only require a token / mobile check when debiting above a certain (user set?) amount.  I think the challenge & response mechanism is sometimes optional too.
> 
> D.
> 
> -------
> 
>> On 2013-12-18 08:03 Dr Bob wrote:
>> 
>> Linkers,
>> 
>> I have a security question one of you may be able to answer. Which device is more secure for internet banking, a laptop such as a macbook , an iphone or an ipad? As far as i am aware, the iphone and ipad's sandbox facility makes keyloggers difficult but then they do not have any antivirus capability (I use Sophos on the mac laptop, and it reports clean). 
>> 
>> The reason I ask is that my internet banking account got hacked yesterday and they tried to make off with about 5K. The password was secure, at least I thought it was. It was a meaningless sequence of characters, upper and lower case and numbers, difficult enough to remember in the best of times.
>> 
>> I can only assume they were sniffing packets. My connection to the net is via a wireless link to an apple airport express I carry with me. 
>> 
>> I am in South Korea for three months and need internet banking to pay my bills, etc.
>> 
>> As an aside, ING and Citibank have provided me with an RSA fob to verify who I am in certain transactions. I wonder as well if having a fob to generate a one time password is more secure (not ignoring the fact that RSA got hacked a some time ago).
>> 
>> Bobj
>> 
>> Dr Bob Jansen
>> Turtle Lane Studios
>> PO Box 26 Erskineville NSW 2043 Australia
>> Ph: +61 414 297 448
>> Skype: bobjtls
>> http://www.turtlelane.com.au
>> 
>> 
>> _______________________________________________
>> Link mailing list
>> Link at mailman.anu.edu.au
>> http://mailman.anu.edu.au/mailman/listinfo/link
>> 
>>

More information about the Link mailing list