Internet Banking via a web browser

T

TheCouchCavalier

Member
Joined
Nov 14, 2021
Messages
19
Reaction score
0
Morning all,

Long time reader first time poster.

I have been struggling to understand why Standard Bank does not yet have 2FA on their internet banking log in, most services worth their salt have this feature and some even force it. Sites like Twitter, Carbonite, AWS and even Steam has it's own baked in flavor.

I want to find out from other users that use other banks internet banking, do they offer 2FA either through time-based codes or through some form of app based 2fa?

I also don;t believe that SMS is a secure channel an is susceptible to sim swaps.

Regards,
TCC
 
They sort of do.
You enter a username then get a bar code that you scan and authorize via your phone?

** I just tried it with the password route and no 2FA was required form both chrome and edge
 
TheCouchCavalier said:
Morning all,

Long time reader first time poster.

I have been struggling to understand why Standard Bank does not yet have 2FA on their internet banking log in, most services worth their salt have this feature and some even force it. Sites like Twitter, Carbonite, AWS and even Steam has it's own baked in flavor.

I want to find out from other users that use other banks internet banking, do they offer 2FA either through time-based codes or through some form of app based 2fa?

I also don;t believe that SMS is a secure channel an is susceptible to sim swaps.

Regards,
TCC
Click to expand...
They do. First time you log into the banking site from a certain PC you will get an SMS with a OTP. Also there is a barcode scan you can use.
 
Dan C said:
They do. First time you log into the banking site from a certain PC you will get an SMS with a OTP. Also there is a barcode scan you can use.
Click to expand...
This, either otp or qr code. That is the 2fa been like that for years.

If otp is unacceptable activate qr code
 
Last edited:
supersunbird said:
SB and FNB don't have 2FA to log in, Tyme Bank has SMS code to log in, Capitec has generated code (on app or hardware dongle) to log in.
Click to expand...
SB does have 2FA auth, but like I mentioned it will only ask you for an OTP if you log in from a foreign device.
 
supersunbird said:
SB and FNB don't have 2FA to log in, Tyme Bank has SMS code to log in, Capitec has generated code (on app or hardware dongle) to log in.
Click to expand...
Seems like Capitec get security while the others are stuck in the 90's. With all the cases of sim swap, which the banks don't acknowledge, why is sms still viable if other channels are channels are available?
 
Dan C said:
SB does have 2FA auth, but like I mentioned it will only ask you for an OTP if you log in from a foreign device.
Click to expand...
Personally I do not believe that is an acceptable level of security, especially with your money. 2fa should be enforced every time, all the time.
 
dadecoza said:
FNB does not have 2FA on login ... but you cant pay or transfer money without accepting a 2FA prompt on your mobile device.
Click to expand...
That is a step in the right direction. Why don't they have it on login I wonder? I'm hoping it's through your app that you get prompted and not via sms?
 
Dan C said:
They do. First time you log into the banking site from a certain PC you will get an SMS with a OTP. Also there is a barcode scan you can use.
Click to expand...
Shouldn't it be my choice when I get prompted? What if for pc had been captured? Security isn't security unless applied all the time.
 
Thanks everyone for your great feedback. Appreciate the input.

I still feel the banking industry has a long way to go in terms of security.

Things like Facebook has MFA, when I login I need to put in a 6 digit time based code. Same for Carbonite and Twitter.
 
Dan C said:
Explain 2FA then ... Your PC is the first and password is the second.
Click to expand...
My view on 2fa is when I login to a site, I enter my username and password then on a separate device I get a prompt or a code I need to provide to the site to complete the login.

Something like Duo Security?
 
TheCouchCavalier said:
Thanks everyone for your great feedback. Appreciate the input.

I still feel the banking industry has a long way to go in terms of security.

Things like Facebook has MFA, when I login I need to put in a 6 digit time based code. Same for Carbonite and Twitter.
Click to expand...
LOL you complain abt sa banking security ours is light-years ahead of the likes of the US...
 
TheCouchCavalier, post: 29924535, member: 727470"]That is a step in the right direction. Why don't they have it on login I wonder? I'm hoping it's through your app that you get prompted and not via sms?
Click to expand...

Because it would be deeply annoying to the user while actually serving no particular security purpose.

It’s working when it needs to work to protect your money.

Any transaction you make required approval from your phone even when using internet banking.

The TOTP (code from an app) you refer to isn’t really all that great either.

The future is passwordless and based on device trust.
 
SauRoNZA said:
Because it would be deeply annoying to the user while actually serving no particular security purpose.

It’s working when it needs to work to protect your money.

Any transaction you make required approval from your phone even when using internet banking.

The TOTP (code from an app) you refer to isn’t really all that great either.

The future is passwordless and based on device trust.
Click to expand...
Shouldn't it be at least a choice if you wanted to be annoyed and have to enter a code or authenticate through an app?

I don't belive personally the future is device trust at least I have not seen it in some meaningful way.

It should always be blended with something you know and something you have?
 
TheCouchCavalier said:
Shouldn't it be at least a choice if you wanted to be annoyed and have to enter a code or authenticate through an app?

I don't belive personally the future is device trust at least I have not seen it in some meaningful way.

It should always be blended with something you know and something you have?
Click to expand...
It's plenty secure mate, don't let Authenticators confuse you. RSA's banking system is one of the best in the world.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X