anybody else find this very annoying and a step backwards in technology. Add to this the fact it seems cheaply made and bound to not last long.....
Although no trees were harmed during the creation of this post, a large number of electrons were greatly inconvenienced.
I feel like I work in Bletchley Park each time I access my a/c.
Pita
glad i'm not alone. I didn't think I would be :lol:
Step backwards? These are used by large organisations to secure remote access to networks.
However there seem to be quite a few people that dont like them http://www.petitionbuzz.com/petitions/hsbc
It's crap, I used to be able to check my account from anywhere, now I'll have to take the calculator with me.
And why don't the world's local bank have an iPhone app yet?
Nat West have been using thisw 'calculators' for years and they have a iPhone app as well and are working on a android one.
Wow, that sounds really unfriendly.Originally Posted by chrisparker
At least with RBS, you only need to use their card reader when you add a new payee, which seems like a reasonable compromise.
there might be a good arguement for the added security I just don't like it :lol:Originally Posted by Maris
I don't carry the generator with me so can't check my bank online when on the move just at home.
I have a HSBC number generator ... I don't like using it ... Surely there are other less cumbersome ways of accessing eg a bank account online?
I opened a new online building society account recently - the bs has sent me four 'grid cards' (in error) to access their system so far. I only need one! I cant be bothered to send the cards back and they are made of laminated material which resists all attempts to shred and destroy them.
dunk
"Well they would say that ... wouldn't they!"
Nationwide use the same thing only for adding new payments. Logging on can be done using it or the alternative is memorable numbers and password.
What amazes me is the coding in it, how does it work?
At the coop they've already ditched the calculator a few months ago
Good luck everybody. Have a good one.
I wasn't keen at first but it's become second nature now and if it increases security then I'm all for it. :)
I think the company must be run by arses, who can't make the right decisions and keep fupping up! If i have the choice, and generally I do, I will never bank with again and suggest others do similarly and vote with their feet!
It's just a matter of time...
http://en.wikipedia.org/wiki/SecurIDOriginally Posted by Bruce
I would agree I am all for added security I just think there must be some way of making this possible without having to have a seperate piece of hardware.Originally Posted by jneds
I think this new system may be less secure than previous in some ways, I now enter my daughters middle name which isn't by an means difficult to find out where before I had to enter 2 of 6 digits from a number that would be mroe difficult to find out.
also if you are a woman your finger nails may mark the 4 numbers you use to log onto it making it not impossible to work out the number ?
same logic my sky remote is worn out on three numbers 401. :lol:
there is always that option.Originally Posted by Omegamanic
If how the thing 'looks' concerns you, maybe you should move your money into vintage my little ponies.
"Bite my shiny metal ass."
- Bender Bending Rodríguez
First Direct which is part of the HSBC Group does not yet force their customers to use a number generator - they seem to be happy with their existing log-on security.
dunk
"Well they would say that ... wouldn't they!"
Whilst on my HSBC business account I have had the small key fob number generator for years, I find the new personal current account one a pain. Because I also think it is flimsy, I do not carry it with me abroad, so I can no longer check my account as regularly (actually I do not check it as often here either).
You have the advantage of me here, as 'my little ponies' are not part of my life. :roll:Originally Posted by stooo
how does it work?
I believe it works like this:
It generates a pseudo-random number. The number looks random and if you look at the sequence you would not be able to work out its not random. However, a "factor" , eg pi, which is constant, is applied to the last number so the next number is known and can be checked.
I hate the thing, just added complexity, more things to remember , more to go wrong. Imagine the grief when it goes wrong.
Totally normal over here and I'm quite used to it now though when I moved over I found it a huge pain in the neck.
Lookup 2 factor authentication.Originally Posted by garylee
"Bite my shiny metal ass."
- Bender Bending Rodríguez
I used to have to use a SecurID card to remotely login to the network of the investment firm I worked for in the '90s .. very irritating, but very secure. It was the size of a thick credit card, with a constantly changing LCD display.
I have a Barclays 'calculator' to login to my business account, and a NatWest equivalent to make payments from a personal account. They might be annoying but they really do enhance security.
My girlfriend works for the bank and she hates the number generator as well, doesn't help that she keeps losing it down the side of the sofa.
I have a Barclays account but the Lloyds/TSB version works equally well as i found out in a little on-line banking experiment..Seems strange they are different banks but both use exactly the same number generator.
Just got mine today, not set it up yet but im not looking forward to it, luckily i dont really use the account.
Its hard enough logging in online.. how long is the user I.D, why cant i choose my own?
Vote with your feet now, but it wont be long until they are all sending these things out.
An unequivocally good thing imo. Others will follow.
Was a real pita when first started using it, but already accepted it 'as the norm' and doesn't bother me now.
I'm with the co-operative bank and am on my third of these number generators.
And that one is now failing to recognize my card which means that I'm unable to make transactions by online banking until a replacement arrives.
The principle is great but, in practice, I'm finding them to be very frustrating.
It is susceptible to capture by a Trojan. Basically a piece of malware - which you may have picked up inadvertently just by visiting a compromised web site - can capture your "good security number" and then use it to clear out your bank account. Or it can be revealed by shoulder surfing if you ever access your on-line banking in a public place.Originally Posted by vvgqe646
It's only the use of number-generator type technology (ideally coupled with software like Trusteer's Rapport, to prevent man-in-the-middle attacks) that can provide adequate protection against these attack vectors.
I assume that, as a minimum, your system is fully patched and your anti-virus is up to date?
Agreed. It may be more inconvenient to use but it's undoubtedly more secure.Originally Posted by jd
I find it a real PITA, I access my account from a few places so now I have another thing to carry along with the wallet, car keys, house keys, 2 x mobiles etc...
But why should you carry the enerator around with you?It's only the use of number-generator type technology
My bank has the best system, I can log in and see my account anytime from anywhere but I can't actually DO anything, only see, using a username/password combination.
Then when I need to do a transaction I need only click a button on the screen and the code is instatly sent to my cellphone as a text. Never fails. No need to carry anything around other than my cellphone, which I have during the day anyway.
Yes, some banks have done this. The potential problems with this solution are (1) SMS messages do not always arrive immediately, (2) you still need to carry something round with you (although I accept that many people will have a cellular telephone), and (3) if a fraudster gets hold of your phone, they could potentially impersonate you.Originally Posted by AvantRS
There's certainly no real need to require the use of any sort of device for "read only" activities, and possibly not for sending money to previously defined payees. It's the addition of new payees (which, for me at least, mostly seems to happen when I buy things from SC!) which is the most risky activity, and which needs the greatest level of protection.
Declaration of interest : I work in information security for a large financial organisation.
Sorry If I've missed this but I haven't read the whole thread yet.
How exactly does this increase security?
I've spoken to a friend who work at hsbc and have been told that you just need any HSBC number generator to access the acount. So you still only need to learn the actual log on info questions and get hold of any old generator and your in?
The biggest pain about these is that have taken away the ease of online banking while away from the home. Who wants to carry that little calculator thing everywhere they go?!
At least the device is small that Barclays' :lol:
I have had an HSBC business account for about 6 years and the original generator is still going strong. Not an issue for me as I only need to log in occasionally so I don't carry it around. HSBC do have an iPhone app but you still need the number generator.
The business generator is great. The personal account one is crap I hate it
It's an inconvenience but must be worth it. I still hate it. My dad had a similar thing for his business account a while back but then they scrapped the idea. Hope they scrap this new version.
+1Originally Posted by Steveb
its a very nice security devise that works but i hate carrying it around everywhere.
Cheers
The key pass card is quite fragile too - I've read on a few places that some are already in to their 3rd or 4th. It also takes 5 days to get a new one so not being able to access your account online until you get a new one. Completely inconvenient and you now have to generate a pass number to make a payment online to another account etc!
After over 20 years of accounting with HSBC I'm now trying to talk the other half in to switching our main accounts to Halifax. I like to check our accounts daily and it's now such a pain, especially when travelling and accessing it on a mobile or wanting to quickly juggle money from one account to another on the move.
Why couldn't they at least leave access open without the need for generating a pass code and instead doing it for any transfers etc?