The age of hacking brings a return to the physical key

[Kevin Lancaster]

The age of hacking brings a return to the physical key

With all the news about Yahoo accounts being hacked and other breaches of digital security, it’s easy to wonder if there’s any real way to keep unauthorized users out of our email and social media accounts.

 

[saor]

Any idea why banks (FNB at least) don't have 2FA?
It's the thing I want it most on. Granted you need a OTP to do major transactions but still...would prefer it secured at the first point of entry.

 

[faniebraai]

Any idea why banks (FNB at least) don't have 2FA?
It's the thing I want it most on. Granted you need a OTP to do major transactions but still...would prefer it secured at the first point of entry.

they do have 2FA, but not when logging in... good point actually.

 

[Neoprod]

they do have 2FA, but not when logging in... good point actually.

Standard uses an OTP for internet banking logon...can't transact without it. What I would like to see, is the option to remove your cellphone number as a method of communication...given the cellphone providers will swap your SIM if someone sneezes at them, I would prefer just email (goes to the same place anyway - my phone).

They can keep using the cellphone for transaction notifications but not OTP's.

 

[faniebraai]

Standard uses an OTP for internet banking logon...can't transact without it. What I would like to see, is the option to remove your cellphone number as a method of communication...given the cellphone providers will swap your SIM if someone sneezes at them, I would prefer just email (goes to the same place anyway - my phone).

They can keep using the cellphone for transaction notifications but not OTP's.

FNB now uses the app itself as 2FA, not an actual PIN, you'll get an in-app message, and then either choose "Approve" or "Decline"

which is also better than email and SMS

 

[Thor]

FNB now uses the app itself as 2FA, not an actual PIN, you'll get an in-app message, and then either choose "Approve" or "Decline"

which is also better than email and SMS

Capitec also does that if I'm not mistaken, we'll it pops up in the app asking you to confirm with your pin on the app.

 

[faniebraai]

Capitec also does that if I'm not mistaken, we'll it pops up in the app asking you to confirm with your pin on the app.

I think it uses Push USSD ?

 

[faniebraai]

Any idea why banks (FNB at least) don't have 2FA?
It's the thing I want it most on. Granted you need a OTP to do major transactions but still...would prefer it secured at the first point of entry.

So had a quick think about this... So let's say someone gets into your internet banking.... What damage can he do that benefits him as well?

 

[JJCT]

Standard uses an OTP for internet banking logon...can't transact without it. What I would like to see, is the option to remove your cellphone number as a method of communication...given the cellphone providers will swap your SIM if someone sneezes at them, I would prefer just email (goes to the same place anyway - my phone).

They can keep using the cellphone for transaction notifications but not OTP's.

My Standard account is setup to use OTP via email for adding a new or editing a beneficiary.

 

[Jola]

My Standard account is setup to use OTP via email for adding a new or editing a beneficiary.

That is a good idea, what else can one do with Standard Bank ?

 

[Neoprod]

My Standard account is setup to use OTP via email for adding a new or editing a beneficiary.

Yeah, I think I mixed up 3rd party authenticators (Paygate, 3D Secure) with internet banking. Those pop-ups you get while shopping online let you choose between email and SMS. I'll try SMS and see if it works...I hope it doesn't even though Standard have my cell number.

 

[Neoprod]

FNB now uses the app itself as 2FA, not an actual PIN, you'll get an in-app message, and then either choose "Approve" or "Decline"

which is also better than email and SMS

Good and bad...your phone's lock screen is all that's standing between you and bankruptcy?

 

[faniebraai]

Good and bad...your phone's lock screen is all that's standing between you and bankruptcy?

Compared to an sms and email where you can read the otp from the lock screen?

 

[Neoprod]

Compared to an sms and email where you can read the otp from the lock screen?

Standard has them in a PDF but point taken.

 

[HavocXphere]

Was surprised when the latest 2FA I got was a physical card with numbers on it.

I guess that's one way to prevent hacking.

 

[Jola]

Compared to an sms and email where you can read the otp from the lock screen?

That is a problem in the event that the thief has your phone, but if you receive an OTP via e-mail it at least prevents the sim-swap issue.

 

[faniebraai]

That is a problem in the event that the thief has your phone, but if you receive an OTP via e-mail it at least prevents the sim-swap issue.

yes, sure... but i prefer the in-app message from fnb... even more secure

 

[ponder]

I think it uses Push USSD ?

Capitec also offers you a RSA secure dongle so even if you steal the phone you are ok. We even had rsa dongles for remote network authentication before.

 

[faniebraai]

Capitec also offers you a RSA secure dongle so even if you steal the phone you are ok. We even had rsa dongles for remote network authentication before.

Wow, tech from 1999!

 

[Drunkard #1]

Wow, tech from 1999!

When did you last hear about someone hacking a Capitec client?