March 16, 2006

Alliance & Leicester online banking

Follow-up to Is one password enough with Single Sign On? from Kieran's blog

Interestingly, just after writing about different levels of security, my bank has gone and changed their online banking system.

Alliance & Leicester online banking demos

They have put in two new measures.

1) The first measure is to be a bit more sure that you are who you say you are when logging in. The first time you register, the take a look at what they call "Your computer characteristics" (basically probably your IP address and browser agent). They then use this to let you in with just a customer number and PIN from known computers, but ask you something else like your mother maiden name or place of birth as another security question before letting you in.

2) The second measure is to let the customer know for sure what site they are logging into. This is for people who fall for the fake bank emails they get. Basically, the first time you register you are shown a random, but distinctive image and are asked to enter a phrase as well. These are then show to you after you enter your customer id but before you enter your PIN. The idea being that if you login and don't recognise your own image and passphrase, then don't enter your final PIN as you might be on a fake site. To be honest I'm not sure how much this is going to help as the kind of people who fall for these fake emails and sites are probably also fooled by something like just saying. "Your previous image has no expired, please pick a new image and pass phrase." Oh well.

- 2 comments by 1 or more people Not publicly viewable

  1. whilst they seem to be doing something positive about security I worry most about key loggers. regardless of what they try and do on their side, if you have one then someone's going to be getting all your cash. An easy way to stop that is the system Nationwide use, which is to say you have to pick numbers from your pass code from drop down boxes, this will stop the effects of key loggers and make the site more secure… unfortunately this idea doesn't seem to have become the norm…

    24 Mar 2006, 16:34

  2. I hadn't actually thought about key loggers to be honest. I wonder how common they are. As you say, the majority of websites would be caught out by this. Cahoot is another one that requires you to pick your password with drop down lists…damn annoying though.

    27 Mar 2006, 09:08

Add a comment

You are not allowed to comment on this entry as it has restricted commenting permissions.

March 2006

Mo Tu We Th Fr Sa Su
Feb |  Today  | Apr
      1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31      


Search this blog

Most recent comments

  • One thing that was glossed over is that if you use Spring, there is a filter you can put in your XML… by Mathew Mannion on this entry
  • You are my hero. by Mathew Mannion on this entry
  • And may all your chickens come home to roost – in a nice fluffy organic, non–supermarket farmed kind… by Julie Moreton on this entry
  • Good luck I hope that you enjoy the new job! by on this entry
  • Good luck Kieran. :) by on this entry


Not signed in
Sign in

Powered by BlogBuilder