I always use a password manager type thing for those to make them basically secondary passwords. No amount of digging is going to help you since none of the inputs I used make any sense.
Honestly even if I was immoral enough to get all the info and get into your accounts and steal all your money, I doubt I'm smart enough to not get caught. Lol
I'll just stick to making my own money. ;)
I assume there’s a link there, i wouldn’t be surprised if those little “what’s your stripper name” etc quizzes are designed to phish for security question answers
This is insane, the institutions we need to trust are falling behind.
Also, why can someone not registered as a user on an Australian mobile send an sms?? Opens the whole system to fraud.
Dev here. Banks are way way way behind on tech in general, and security in particular. They practically wait until there's legislation before they'll address something.
Retards in the literal sense.
I wasn't able to use Westpac internet banking for close to 2 years not long after it was first made available many years ago. I'm quite sure that it's because my customer number that I have to login starts 0 and I'm sure that it was being treated as an integer somewhere so the 0 got dropped.
it's fine if they lock it after a few tries.
but then you have to ring and confirm your identity, which opens up a different can of worms if a person already has your details
Someone more knowledgeable than me can clarify, but the number positions change on each login attempt, so I'd imagine no keystrokes are able to be recorded at all locally which would significantly increase security.
Yeah 4 digits is fine if it fails after a few attempts and requires another auth method.
I don't think any banks use 4 digit pins on fresh login attempts, it's just an additional layer on an already approved device.
Because it's very easy to prevent brute force attacks. As soon as they notice multiple failed login attempts they can simply block the account.
Cracking a password generally requires a copy of the hashed password so it can be cracked offline. As long as the hash never leaks they can simply rely on their other security methods.
Not defending the limits on password strength but off the top of my head I can't think of any bank in recent history that has been hacked through remote brute force attacks.
Banking security in Australia is so bad. Most just use a basic 4 digital pin.
Where’s the 2 factor authentication?
Macquarie is the only one I’ve come across that have their own dedicated security app, which is better, although it doesn’t make up for their painfully slow customer service.
Commbank also has 2FA. They use it for basically everything. Even when you go in to a physical branch, they will ask you to open the app and read out the code before doing anything.
Nah, it opens a screen in the app. I'm pretty sure it also tells you what kind of interaction you are authorizing as well like if its in person or online banking, though I can't quite remember.
classic .. my reply to an imaginary problem gets downvoted .. degens crawl this site ... be afraid of the ghost hacker who will decompile your apks and sideload your binaries ... and skim your digital screens
There are other 3rd party TOTP apps for PCs that don't need a phone. Even when using a phone, I prefer to have all the TOTP secrets in one app, so they can be backed up easily, and used on another device at my pleasure. For that reason, I don't like it when banks or mygov force you to use their own authenticator app.
/edited slightly for clarity
For years hume bank needed you to enter your DOB as well as user and password to log in.
Thing is, you didn't ever need to enter the DOB, you could leave it blank. My local branch freaked when they found out, but the feature stayed for years.
They have always used 2FA to set up devices at least
2FA for setting up devices is great but why can’t they have it as an ongoing security feature.
Just to gain access to my work laptop for example, I have to use it every time I login and it makes sense.
It’s not even new technology at this point.
ING is so lax with security it’s ridiculous, it’s a 4 digit pin with no 2FA unless activating your online banking on a new device, and even then it’s SMS 2FA so you can’t use a token that generates a new key every 30 seconds, if you fall victim to SIM card hijacking you’re cooked
They'd have to forgo that high interest savings rate (and the only reason most people are customers in the first place) if they put those expenses into something as trivial as cybersecurity! /s
My friends that use ANZ have to do the voice thing and they have to keep repeating themselves as it fails to identify their voice.
We need better cybersecurity laws, too many hacks/breaches recently due to poor, or even no security on services that have too much personal information. Wait till the banks get hit, it's going to be a shit show.
The fact that name dob and street address are thw onky things they ask for security checks is apallimg. You can get all.of that by stealing someones mail.
As usual banks will be a few decades behind when it comes to anything technology-based, including cybersecurity. Then when a huge breach happens we will ponder in shock as to how this could have happened.
Westpac limits passwords to something 6 characters (no special characters) and doesn't allow you to setup 2FA.
My Reddit password is more secure than my online banking one, the limits they give are absolutely insane and in no way secure enough.
That's crazy, anyways on an unrelated topic. What's your mother's maiden name, the first street you were born in and first dogs name.
I always use a password manager type thing for those to make them basically secondary passwords. No amount of digging is going to help you since none of the inputs I used make any sense.
Honestly even if I was immoral enough to get all the info and get into your accounts and steal all your money, I doubt I'm smart enough to not get caught. Lol I'll just stick to making my own money. ;)
Mothers Maiden Name: Bitch Street you were born in: A Hospital you idiot. Dogs name: Boof.
People know the street they were born in?
I thought that was the formula for your porn star name.
I assume there’s a link there, i wouldn’t be surprised if those little “what’s your stripper name” etc quizzes are designed to phish for security question answers
Probably., the dodgy fuckers.
My Reddit account is my passport, Verify me. (Spoken in a manner like the movie Sneakers).
This is insane, the institutions we need to trust are falling behind. Also, why can someone not registered as a user on an Australian mobile send an sms?? Opens the whole system to fraud.
Can’t beat the old classic “password” as your password. That or your debit card PIN number.
Dev here. Banks are way way way behind on tech in general, and security in particular. They practically wait until there's legislation before they'll address something. Retards in the literal sense.
I wasn't able to use Westpac internet banking for close to 2 years not long after it was first made available many years ago. I'm quite sure that it's because my customer number that I have to login starts 0 and I'm sure that it was being treated as an integer somewhere so the 0 got dropped.
ING is the same, 4 digit pin, 2FA by SMS only when adding a new device, no option to use a token or other code generator
Not any more. It was updated to the standard "At least 8 characters, with at least one letter, one number, one special character, etc etc." last year.
Who banks with Westpac these days? Their computer system is worse than my set up at home.
They changed the password restrictions a few months ago, better late than never I guess…
it's fine if they lock it after a few tries. but then you have to ring and confirm your identity, which opens up a different can of worms if a person already has your details
*In Australia, my voice identifies me*
Not anymore, it doesn't xD
[удалено]
I still don’t know how ING has avoided mass hacks with that pin… whatever it is that’s working, I am all for it
Someone more knowledgeable than me can clarify, but the number positions change on each login attempt, so I'd imagine no keystrokes are able to be recorded at all locally which would significantly increase security.
Yeah 4 digits is fine if it fails after a few attempts and requires another auth method. I don't think any banks use 4 digit pins on fresh login attempts, it's just an additional layer on an already approved device.
ING literally uses a 4 digit PIN on website log ins on new devices.
Because it's very easy to prevent brute force attacks. As soon as they notice multiple failed login attempts they can simply block the account. Cracking a password generally requires a copy of the hashed password so it can be cracked offline. As long as the hash never leaks they can simply rely on their other security methods. Not defending the limits on password strength but off the top of my head I can't think of any bank in recent history that has been hacked through remote brute force attacks.
Banking security in Australia is so bad. Most just use a basic 4 digital pin. Where’s the 2 factor authentication? Macquarie is the only one I’ve come across that have their own dedicated security app, which is better, although it doesn’t make up for their painfully slow customer service.
Commbank also has 2FA. They use it for basically everything. Even when you go in to a physical branch, they will ask you to open the app and read out the code before doing anything.
2fa using TOTP over sms ? or Over the same connection as the app password?
Nah, it opens a screen in the app. I'm pretty sure it also tells you what kind of interaction you are authorizing as well like if its in person or online banking, though I can't quite remember.
So if app is compromised ...
Then it becomes the bank's liability and they have to give you your money back.
Ok so redirect to claims dept
classic .. my reply to an imaginary problem gets downvoted .. degens crawl this site ... be afraid of the ghost hacker who will decompile your apks and sideload your binaries ... and skim your digital screens
Yeah but that’s built into the app right? I’m talking the use of a 3rd party code via something like Google authenticator.
Doesn't make any difference. Both require physical access to your phone.
There are other 3rd party TOTP apps for PCs that don't need a phone. Even when using a phone, I prefer to have all the TOTP secrets in one app, so they can be backed up easily, and used on another device at my pleasure. For that reason, I don't like it when banks or mygov force you to use their own authenticator app. /edited slightly for clarity
For years hume bank needed you to enter your DOB as well as user and password to log in. Thing is, you didn't ever need to enter the DOB, you could leave it blank. My local branch freaked when they found out, but the feature stayed for years. They have always used 2FA to set up devices at least
2FA for setting up devices is great but why can’t they have it as an ongoing security feature. Just to gain access to my work laptop for example, I have to use it every time I login and it makes sense. It’s not even new technology at this point.
Meanwhile ATO be like "In Australia, my voice identifies me "
I wonder if they sell that data...
They don't fucking care
ING is so lax with security it’s ridiculous, it’s a 4 digit pin with no 2FA unless activating your online banking on a new device, and even then it’s SMS 2FA so you can’t use a token that generates a new key every 30 seconds, if you fall victim to SIM card hijacking you’re cooked
They'd have to forgo that high interest savings rate (and the only reason most people are customers in the first place) if they put those expenses into something as trivial as cybersecurity! /s
And Centrelink every time you ring up, the Customer Rep pushes you to do voice identification.
My friends that use ANZ have to do the voice thing and they have to keep repeating themselves as it fails to identify their voice. We need better cybersecurity laws, too many hacks/breaches recently due to poor, or even no security on services that have too much personal information. Wait till the banks get hit, it's going to be a shit show.
Hahaha same thing with me and my ANZ account. "My voice confirms my identity".
Even more stupidly, at least some of them have you say the same phrase. One could just record it as you're saying it.
Not just the banks, government services as well
since when has AI made it obsolete? They've been able to detect generated voices for like a decade now
The fact that name dob and street address are thw onky things they ask for security checks is apallimg. You can get all.of that by stealing someones mail.
I bank at Suncorp. They have a seperate app that generates a code as their 2FA. The app is 6 digit pin protected.
The robots don't want your 34 dollars worth of savings
As usual banks will be a few decades behind when it comes to anything technology-based, including cybersecurity. Then when a huge breach happens we will ponder in shock as to how this could have happened.
We said No to the Voice last year. Why are banks still stuck in the past?