Nedbank blocks password managers

Bradley Prior

Bradley Prior

MyBroadband Journalist
Staff member
Super Moderator
Joined
Oct 16, 2018
Messages
5,009
Reaction score
1,581
Nedbank blocks password managers

Nedbank confirmed that it has disabled the ability for users to copy-and-paste their username and password into the bank’s login portal.

A reader alerted MyBroadband to the fact that they could no longer copy-and-paste their details onto the Nedbank website.
 
App sign in.

Enter email address - authorize with the phone. (fingerprint + pin etc)
 
Bradley Prior said:
Nedbank blocks password managers

Nedbank confirmed that it has disabled the ability for users to copy-and-paste their username and password into the bank’s login portal.

A reader alerted MyBroadband to the fact that they could no longer copy-and-paste their details onto the Nedbank website.
Click to expand...
Did they learn nothing from FNB?
 
Password manager still works for me, not sure about copy and paste though. Never tried that.
 
Cius said:
Password manager still works for me, not sure about copy and paste though. Never tried that.
Click to expand...

Most password managers simulate typing to bypass these things
 
Look at it from a diff perspective... the dev team deployed to prod and their tasks are "done". Therefore they hit their mark. The fact that they missed the FNB fiasco, and deployed anyway is not relevant. They deployed on time :-)
 
It's almost like banks *want* people to get hacked so that they can somehow make money off of the fraud/hack when it happens? By charging the customer who got hacked a "fee"?

My security is none of your concern Mr. Nedbank, my PC my rules.
 
envo said:
It's almost like banks *want* people to get hacked so that they can somehow make money off of the fraud/hack when it happens? By charging the customer who got hacked a "fee"?

My security is none of your concern Mr. Nedbank, my PC my rules.
Click to expand...

My PC was stolen - how did they access my bank account?!?! True story.
 
quovadis said:
My PC was stolen - how did they access my bank account?!?! True story.
Click to expand...
You didn't change your password manager's password and forced it to log out of all devices? n00b
 
Daruk said:
It's not that simple for the bank. They are routinely blamed for their client's poor decisions unfortunately.

Why they can't just offer clients RSA keyfobs or use the mobile app for 2fa... if you're on the internet banking site, you have internet, so you should have no trouble getting your mobile online even if you're travelling.
Click to expand...

Yea, 2FA has been a thing for ages now, and if one of the 98 year olds that run the IT side of the bank reads this, I don't mean OTP's

New Zealand has a small card they give you (almost looks like a Bingo card), which is specific to you, and they ask 3 random cross-sections when you login to the banking. Simple, doesn't need an "app" or stupid OTP that we all know can be sim swapped with a bottle of coke and a pie. Plus, if you lose the card, the guy trying to login still needs your banking number/username and password.
 
envo said:
You didn't change your password manager's password and forced it to log out of all devices? n00b
Click to expand...

Not me. A customer. Unfortunately remember password functionality and password managers can be configured to simply log the person in - in case you didn't notice this is a major problem in the industry currently and devices that offer the functionality which get lost or borrowed etc.
 
Daruk said:
Yeah, password managers should never stay logged in - it defeats the object. Even better, use Lastpass and get a Yubikey.
Click to expand...

I think you're missing the issue. The majority of people aren't using password managers with 2FA etc - they're simply allowing remember password/autofill which obviously creates an issue if the device is compromised.
 
envo said:
Yea, 2FA has been a thing for ages now, and if one of the 98 year olds that run the IT side of the bank reads this, I don't mean OTP's

New Zealand has a small card they give you (almost looks like a Bingo card), which is specific to you, and they ask 3 random cross-sections when you login to the banking. Simple, doesn't need an "app" or stupid OTP that we all know can be sim swapped with a bottle of coke and a pie. Plus, if you lose the card, the guy trying to login still needs your banking number/username and password.
Click to expand...

If you're honestly of the opinion that other countries aren't struggling with the same issues you'd be wrong. Most 1st world countries don't even employ 2FA full stop.
 
fruitbat said:
Look at it from a diff perspective... the dev team deployed to prod and their tasks are "done". Therefore they hit their mark. The fact that they missed the FNB fiasco, and deployed anyway is not relevant. They deployed on time :-)
Click to expand...

Full speed ahead, and bugger the torpedo's ...

Way to go
 
quovadis said:
If you're honestly of the opinion that other countries aren't struggling with the same issues you'd be wrong. Most 1st world countries don't even employ 2FA full stop.
Click to expand...
Never said that. Full stop. I said there are way methods in *prevention* that banks in this country could employ, other than forcing password managers not to be able to autofill *if* the person wants it like that. Education, also, forms a big part of this and the fact that they're using EMAIL addresses to login is a joke. Have a unique username/password combination and *force* a 2FA on people like banks, in this example, in New Zealand does.

Fraud will happen regardless, and I'm not saying all countries are perfect, never said that and never had that opinion
 
JUST GIVE US FREAKING APIs INSTEAD OF YOUR CRAPPY WEBSITES FORCING US TO USE JAVA!!!!!

YOU AREN'T ADDING SECURITY, YOU MAKE OUR LIVES HORRIBLE!!!

... apologies to the channel, just venting my frustration with the evil we can't get away from: my netbank banking sites ;(
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X