Products > Test Equipment
Ebay SCAMS?
<< < (11/12) > >>
manicdoc:

--- Quote from: RolandK on August 16, 2022, 07:56:17 pm ---Whenever you use the same device for both parts of 2FA it is per se vulnerable.This is the scenario which hijacker try to get control of. Keylogger plus remote control plus the right exploit. Your encryption HW wont help. They just use it.

Only different hardware is safe. Eg. use an old phone for the key sms where you have no other apps. Use a different email account only on a non-surf and work device without stored password for all financial account reset possibilities, e.g on an old pc.

There is just too much illegal money for those who succeed. It is not the question if, but when. The system must only be very common to be a lucrative target. If you believe the propaganda, that this can't happen, this is your first mistake.

--- End quote ---

Exactly, I'm a CISSP with 20+ years of online security experience, I have zero banking apps and use separate physical tokens...  None of my financial accounts have ever been hacked.   Do not mix up your factors, number one security sin. If your bank insists you can only use SMS auth, change your bank to one that allows physical token auth, or limit the amount you keep with that bank to an amount you do not mind loosing.

What really gets my goat is that scammers deliberately target over 60-year-olds, as they know they can be easily led by the nose. If banks put in place some additional checks (like secondary person auth for new payees) for those wanting it who are over 60 years old, this scamming would come to a halt. They have the ability, yet do nothing - which talks volumes about how little banks really care about their customers.  There are some good banks, Bendigo Bank in Australia being one, they actually phone you up and help you keep your money safe - the others don't give a hoot.
EEVblog:

--- Quote from: manicdoc on August 16, 2022, 10:10:20 pm ---If your bank insists you can only use SMS auth, change your bank to one that allows physical token auth, or limit the amount you keep with that bank to an amount you do not mind loosing.

--- End quote ---

The biggest bank in Australia doesn't have hardware 2FA, just SMS code.
According to this directory, none of the banks do:
https://2fa.directory/au/#banking
manicdoc:

--- Quote from: EEVblog on August 16, 2022, 10:56:08 pm ---
--- Quote from: manicdoc on August 16, 2022, 10:10:20 pm ---If your bank insists you can only use SMS auth, change your bank to one that allows physical token auth, or limit the amount you keep with that bank to an amount you do not mind loosing.

--- End quote ---

The biggest bank in Australia doesn't have hardware 2FA, just SMS code.

--- End quote ---

CBA will do hardware 2FA - netcode token, but you have to fight for it...

Ah ANZ - don't use them directly. Bendigo certainly does 2FA, got a physical token, it's not my imagination...
bd139:
There is SCA legislation in AU. I’ve been working on a large AU fintech proposition for a couple of years that requires it. Particularly when you have OpenBanking integration.

Note here from Auspaynet for their cardholder not present stuff. I think the banks probably talked around physical tokens for ages rather than force it on users. They did in the UK for ages but are bending now. See:  https://www.auspaynet.com.au/sites/default/files/2019-06/CNP_Fraud_Mitigation_Framework_Summary.pdf

To note my online banking here uses the online banking apps as the 2FA device. That’s an almost acceptable compromise as my phone has a reasonable security posture. You can’t just pick it up and log into the banking apps without me actually being present (FaceID device unlock and secondary app authentication)
EEVblog:

--- Quote from: manicdoc on August 16, 2022, 10:59:34 pm ---
--- Quote from: EEVblog on August 16, 2022, 10:56:08 pm ---
--- Quote from: manicdoc on August 16, 2022, 10:10:20 pm ---If your bank insists you can only use SMS auth, change your bank to one that allows physical token auth, or limit the amount you keep with that bank to an amount you do not mind loosing.

--- End quote ---

The biggest bank in Australia doesn't have hardware 2FA, just SMS code.

--- End quote ---

CBA will do hardware 2FA - netcode token, but you have to fight for it...

Ah ANZ - don't use them directly. Bendigo certainly does 2FA, got a physical token, it's not my imagination...

--- End quote ---

Do any of them support any of the modern ubiquitious hardware tokens like Yubikey?

https://www.commbank.com.au/support.digital-banking.explain-netcode-token.html
"Exceptional circumstances", and you only get one. Too bad if you lose it or it breaks.
There is a reason why I have 4 Yubikeys.
Navigation
Message Index
Next page
Previous page
There was an error while thanking
Thanking...

Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod