Yeah, Three factor authentication is pretty much becoming the standard nowadays. With the CBA anybody who wanted to nail your account would have to know the account number, the account password and, as you point out, the token displayed on either your mobile (and I wouldn't recommend getting the bank to send the token to your mobile if that's the puppy you're also doing your banking from) or a ditzy little token generator that you attach to your keyring or whatever, which will generate unique personalised tokens valid for one minute only at the press of a button.
I wouldn't recommend using the phoned token service precisely because that opens your account up big time if somebody manages to steal the phone which you have been banking from. That said, having a daily limit on your account is also a good idea, and setting the security settings so that the bank will contact you in the case of suspicious transactions adds another level of protection. Banks are also examining four and higher factor identification, incorporating biological validation (eye or fingerprint) or other bio-markers into the process. We live in interesting times ... :) Just my 2 cents worth ... --- On 18 Dec 2013, at 3:15 pm, David Lochrin <[email protected]> wrote: > I think most banks offer either a token or a mobile challenge. The "token" > typically displays a pseudo-random number each 30 seconds or so which the > user must enter after logging in; the bank can then check it's the expected > response before giving access. The mobile challenge requires the user to > enter a number sent to their mobile by SMS. In either case "something you > know & something you have" access control is much better than a straight > username & password. > > CBA require a token response on each login. But some banks only require a > token / mobile check when debiting above a certain (user set?) amount. I > think the challenge & response mechanism is sometimes optional too. > > D. > > ------- > > On 2013-12-18 08:03 Dr Bob wrote: > >> Linkers, >> >> I have a security question one of you may be able to answer. Which device is >> more secure for internet banking, a laptop such as a macbook , an iphone or >> an ipad? As far as i am aware, the iphone and ipad's sandbox facility makes >> keyloggers difficult but then they do not have any antivirus capability (I >> use Sophos on the mac laptop, and it reports clean). >> >> The reason I ask is that my internet banking account got hacked yesterday >> and they tried to make off with about 5K. The password was secure, at least >> I thought it was. It was a meaningless sequence of characters, upper and >> lower case and numbers, difficult enough to remember in the best of times. >> >> I can only assume they were sniffing packets. My connection to the net is >> via a wireless link to an apple airport express I carry with me. >> >> I am in South Korea for three months and need internet banking to pay my >> bills, etc. >> >> As an aside, ING and Citibank have provided me with an RSA fob to verify who >> I am in certain transactions. I wonder as well if having a fob to generate a >> one time password is more secure (not ignoring the fact that RSA got hacked >> a some time ago). >> >> Bobj >> >> Dr Bob Jansen >> Turtle Lane Studios >> PO Box 26 Erskineville NSW 2043 Australia >> Ph: +61 414 297 448 >> Skype: bobjtls >> http://www.turtlelane.com.au >> >> >> _______________________________________________ >> Link mailing list >> [email protected] >> http://mailman.anu.edu.au/mailman/listinfo/link >> >> > _______________________________________________ > Link mailing list > [email protected] > http://mailman.anu.edu.au/mailman/listinfo/link _______________________________________________ Link mailing list [email protected] http://mailman.anu.edu.au/mailman/listinfo/link
