Banking Security

[Mr. Scram]

Nothing is perfect, but if something is isolated in a VM it's pretty difficult to get any kind of cross contamination. If you only use the browser in the VM for banking then it's not going to have any cookies or sketchy browser extensions or anything like that. Using a clean VM is a bit like wearing a mask to prevent the spread of infection, it's not a panacea but it's another step away from being low hanging fruit.

If you don't want cookies or sketchy extensions its easier to use an incognito window, different browser or different Windows profile if you want to be thorough. A VM can be a great tool, but there doesn't seem to be a lot of added value there. Much of the advice here is reasonable or prudent computing but doesn't protect much against the likely dangers of online banking. Let's not get into a discussion about masks. 

[Lindley]

Much of the advice here is reasonable or prudent computing but doesn't protect much against the likely dangers of online banking.

Which does bring us back to my opening post - how can the average w10 PC user protect themselves against online banking dangers ....

[PKTKS]

Much of the advice here is reasonable or prudent computing but doesn't protect much against the likely dangers of online banking.

Which does bring us back to my opening post - how can the average w10 PC user protect themselves against online banking dangers ....

WON'T HAPPEN .. any time soon

By it very own nature I am still wondering after dealing
with that buzz model of MS since 80's  :

- WHY PEOPLE STILL CREDIT CONFIDENCE TO A CLOSED SOURCE CODE?
- WHY PEOPLE ALLOW a "by design" INSECURE OS to SELL SECURITY?
- WHY PEOPLE STILL TRUST  ANTI-VIRUS as a "normal" thing?

Ditched all MS insecure unreliable code by late 90s
Never used it again

All anti virus are gone - no virus - only source code available
running on a reasonable "trusted" system

And still there are things to consider

So why people still trust that  FUCKING OS made
to sell security and threats of malware and paid (ant) virus

FUCKED that in toilette  late 90s.

No chances taken - problems raised to reasonable level of safety

But i still wonder why people trust that opaque undisclosed buzz..
Just because they "say":  hey we care of you your family ..
or something like that?

They want our money. period. no matter consequences.

till I am concerned MS should go to hell
Paul

[c64]

Has your bank set you up to use Transaction Authentication Numbers (TANs)? Mine happened to call me this morning, to finish setting up a two-factor authenticated account using a TAN generator reading QR codes from whatever browser I am using. The generator is a separate, hand held unit tied to my bank card, like the one you see in the middle of this image:



The generator is supposed to secure transactions even if the computer or data link have been compromised.

Here in Australia, all the banks I know, don't use any TAN generators. They just use your mobile. They send sms with the code which you need to enter to confirm the transaction. I guess this feature by itself is better than nothing (and free).

But they also have another "feature" - if you forget your internet banking password, they are happy to reset it by sending the code to you by sms. It means anyone who has access to your mobile can reset you password. This feature I consider extremely retarded.

[jfiresto]

My bank also offers a TAN generator application that you can run on your smart phone. That seemed like a great deal of hardware and software for such a simple application; I thought a much simpler, single purpose, hardware generator would be more secure. I had and have to call on my bank – and watch them set (or change) the internet banking password.