Internet Banking - how does one keep track of security information?

I usually store my logon information using Roboform:

Roboform will enter the required data into the login screen for you so you don't need to record it elsewhere. The logon data for each web site you use can be stored in an encrypted form on your computer.

Chris

But then if ever you need to log on from a different computer, you're scuppered, because you can't remember any of the details. Also, if your computer dies, and you've forgotten to make backups, you're in trouble.

The practical answer is to write everything down, but not verbatim. Instead, make a note of some hints which will make you remember the information, or write it down in some kind of encrypted form which you can easily decode in your head.

I think on-line fraud is getting to be a bit of a problem for the banks. Multiple passwords make this a little bit more difficult and also allow the banks to push more of the blame for fraud onto the customer. Particularly as most of us can't remember these passwords and have to write them down.

However some banks already offer security models based on secret key generator devices like the RSA SecurId. This allows for the use of a short memorable password together with a special number generated by the device, because both the device and a password are required it gives much better protection against theft. Particularly against the potential for a virus to harvest passwords from a users PC.

Also now that we live in a constantly on-line world I don't see why the banks can't send us instant notification of transactions upon our accounts.

I would also like to see on-line payment techniques that allow the customer to specify the amount to be taken, rather than just giving the seller carte blanche with a credit card number which can have any amount taken at any time. Cahoot actually did this with their web card. But this is now only available for use as a debit card, rather unfortunate given that the consumer credit act makes it really sensible to use a credit card for on-line shopping.

... and if someone pinches your computer they also have *all* your bank details.

I write it down.

That's the reason for RoboForm2Go

Nothing can protect people from the consequences of that degree of stupidity.

Did you understand "encrypted"?

Tony

you said "... can be stored in an encrypted form ...", I took this as meaning the encryption was optional. How secure is the Roboform encryption anyway?

I keep my details written down and locked away.......simple as that.

That was Ronald and yes, changing from the default of AES encryption to unencrypted is one option.

claims that cracking any of the built-in encryption algorithms (AES, BlowFish, RC6 and 3DES) without knowing the key is considered impossible. Does anyone know differently? Tony

The idea that one shouldn't write this down is silly. If NW aren't going to let you choose your own ID (which unlike other banks, they don't) the idea that you should remember it is ridiculous

I don't remember them. If NW ever object to me always using the same "one", I am stuffed.

I've never met this security page. I have no idea if I could answer the questions.

I've also never had to use the pin pad that they sent me. I have no idea what type of transaction needs it!

Try hard to remember them. I've had to ring up to get them reset at least once!

tim

Even if they can't decrypt the details, they still have everything they need to hack into your bank accounts, don't they?

In message , Paul writes

I have an electronic "organiser"/calendar/diary/phone book with a "secret" section which requires a password. I may or may not keep certain details in there, and I'm not going to tell you, so there!

I can remember customer number (10 digits), three significant "things" ok, none of these are written anywhere, but I have yet to be asked for the stuff like "favourite colour/ favourite sports team" etc.

I might have them somewhere in that secret part of the organiser...

In message , tim..... writes

Why?

Paying my credit card, paying utility bills etc.

How did you persuade them to "reset" your account without re-registering from scratch? I regard that as a security risk for all customers!

No it wasn't, the attributions suggest it was Chris Blunt.

So where is this key? Is it stored on the computer too, in encrypted form, using some other constant key built into robothing? How does the robothing pull the details out in order to type them into the forms for you? Or is the key basically yet another password you have to remember, and tell the robot each time it fires up?

It just is, take our word for it. We haven't all got brains the size of yours. It might be different if you actually use it on a daily basis and if it is memorable. RBS, for instance, use an ID based on your birth date.

I don't think he meant reset the account, just reset the password. It would be no more of a security risk than setting it up initially, I think the resetting process involves the customer having to wait for the bank to send you a new activation code in the post.

The former is paid by a DD that was set up by a visit to the Branch.

I have made payments to the latter (to new suppliers) (and made a payment to HMRC) without having to use the pin pad.

I was also "allowed" to reinstate a DD to an old supplier without any further authentication. Except that it didn't work, but a trip to the branch couldn't make it work either :-(

I can't actually remember what they did. But they did ask lots of "security" questions whilst on the phone.

tim

Probably not. I use a program called Big Crocodile, which I guess is fairly similar. You need a password to get into that - so if you don't know Big Croc's password you cant log on to any bank accounts.

How does it cope with sites which ask for different information each time? For example, Sainsbury's bank asks for one of several 'memorable' pieces of information - Singer, Place, etc. Lloyds TSB asks for random characters from a memorable word - using a drop-down menu for each specified character. Nationwide asks for random digits from a 6-digit pass number - again using drop-down menus. Can Roboform handle all this automatically?

I don't know how secure it is, - probably not, but all my passwords follow a sequence. The letters remain the same but the numbers change. For my clue if it is offered I can then put "third" for the third one in the sequence. I have about 5 common ones and somehow I seem to remember pretty often what one I have used for that particular account.

Neb