Lloyds TSB Internet banking sham
#1
Sorry mods if its off topic but this is causing a lot of fuss with people I know.
Lloyds TSB have just added a so called "memorable word" security "feature" to thier online banking site, it now means we have to provide a phrase, with a number in it which they will randomly ask you for random chars from EVERY time you login!
In addition to the password!!!
I'm after some people power on this one if anyone else is as frustrated as me?
Move it if you feel neccessary mods but i knew this would hit a wider audience.
Lloyds TSB have just added a so called "memorable word" security "feature" to thier online banking site, it now means we have to provide a phrase, with a number in it which they will randomly ask you for random chars from EVERY time you login!
In addition to the password!!!
I'm after some people power on this one if anyone else is as frustrated as me?
Move it if you feel neccessary mods but i knew this would hit a wider audience.
#4
Given that your password will be your pet's name and the year of birth of your child/wife/dog, passwords aren't very strong.
Authentication needs to be good in order for the bank to allow you to carry out financial transactions remotely...
I fully support stronger authentication, and this is definitely better than the previous set-up. It might be an inconvenience, but it's being done for a reason.
Nick.
Authentication needs to be good in order for the bank to allow you to carry out financial transactions remotely...
I fully support stronger authentication, and this is definitely better than the previous set-up. It might be an inconvenience, but it's being done for a reason.
Nick.
#5
hmm, the username they give you is something totally unrelated like 64363GH for example and my password (as a Network Manager) is NOT a pets name and is a random number/letter combo which I know!
I'm not saying its a bad idea for muppets but for people who know that they have good passwords they should be able to bypass it
I'm not saying its a bad idea for muppets but for people who know that they have good passwords they should be able to bypass it
#6
True. But when people write their passwords on a post-it note, they need to try and do something else - as a network manager, you'll appreciate the hell that passwords can be...
Banks need stronger authentication in order to meet their obligations and reduce their own financial risk (despite them trying to pass risk of using IB onto the end users). Until another form of authentication is ubiquitous, this is the best they've got.
Why they don't roll out smart card readers and use chip-enabled debit cards as an authentication token combined with username/password is beyond me. Readers are cheap, but on the other hand the associated cost is probably a lot more than the fraud losses per account...
Banks need stronger authentication in order to meet their obligations and reduce their own financial risk (despite them trying to pass risk of using IB onto the end users). Until another form of authentication is ubiquitous, this is the best they've got.
Why they don't roll out smart card readers and use chip-enabled debit cards as an authentication token combined with username/password is beyond me. Readers are cheap, but on the other hand the associated cost is probably a lot more than the fraud losses per account...
#7
sure, its protecting the masses and forgetting about the minority, which makes me wish I was an ignorant user All we want is an option to not use it, just make it on by default and the people who have crap passwords probably wont actually know how to turn it off anyway!
Trending Topics
#8
Scooby Regular
Join Date: Jun 2001
Location: a land full of corsets
Posts: 9,755
Likes: 0
Received 0 Likes
on
0 Posts
Barclays have always done that.
To login you need:
Surname
12 digit account number
5 digit security code
2 random characters from a user selected memorable word
Seems fair enough to me, I don't want anyone getting at my money.
To login you need:
Surname
12 digit account number
5 digit security code
2 random characters from a user selected memorable word
Seems fair enough to me, I don't want anyone getting at my money.
#9
The primary reason for the move to the 1st/2nd letter style of authentication is to defeat keyboard loggers and the like.
A single recorded login will no longer give full access.
NatWest did it some time ago - Egg make you select some bits from drop down boxes with a mouse (harder to record/replay).
You will very soon get used to it and it is for *your* benefit as this style of hack has been done....
Deano
A single recorded login will no longer give full access.
NatWest did it some time ago - Egg make you select some bits from drop down boxes with a mouse (harder to record/replay).
You will very soon get used to it and it is for *your* benefit as this style of hack has been done....
Deano
#10
Egg make you select some bits from drop down boxes with a mouse (harder to record/replay
#11
Nick
I agree - just quoting their blurb. Its also for date of birth so not exactly triky to discover by other means considering the amount of info you do have to supply in full.
Deano
I agree - just quoting their blurb. Its also for date of birth so not exactly triky to discover by other means considering the amount of info you do have to supply in full.
Deano
#14
Scooby Regular
Join Date: Apr 2001
Location: Bushey
Posts: 2,542
Likes: 0
Received 0 Likes
on
0 Posts
When Natwest changed the security protocol, I had to stop using it. They wanted me to remember a log-in, password and a phrase, which in theory was OK seeing as I have a excellent memory for those things.
But in practice I managed to log on only once afterwards, because I couldn't remember the damn phrase exactly, so trying to get the second letter of the third word etc etc was friggin impossible as I didn't write them down, as you are told not too. And seeing as it was a real ***** ache to get online in the first place (online application leading to lots of letters being sent indivdually over two weeks) I couldn't be arsed to resolve the lost password problem and went back to phone banking. If they can't make it any easier than that, its not as if its going to save me any money, so they'll just have to continue to employ real people for me to deal with.
But in practice I managed to log on only once afterwards, because I couldn't remember the damn phrase exactly, so trying to get the second letter of the third word etc etc was friggin impossible as I didn't write them down, as you are told not too. And seeing as it was a real ***** ache to get online in the first place (online application leading to lots of letters being sent indivdually over two weeks) I couldn't be arsed to resolve the lost password problem and went back to phone banking. If they can't make it any easier than that, its not as if its going to save me any money, so they'll just have to continue to employ real people for me to deal with.
Thread
Thread Starter
Forum
Replies
Last Post
alcazar
Non Scooby Related
5
18 September 2015 11:49 PM