A question about bank security
-
Hi, I am just wondering what opinions people have on this matter. The bank I bank with, claim to have a very secure website, but I noticed what I believe is a bug, and want to know if you do as well. They have username and password boxes, and obviously a submit. Input the correct details, and it lets you in. Anyway, today I made a mistake, I mispelt my username, and the login page was returned with the incorrect username displayed, and the password box was showing *'s. Viewing the source revealed that they sent my password back in plain text (which could now even be viewed in my temporary internet files. Sure, I know they wont be able to do anything with this because they have the wrong username, but I could just have easily have put a space on the end by mistake. So, is this a security flaw?
-
Hi, I am just wondering what opinions people have on this matter. The bank I bank with, claim to have a very secure website, but I noticed what I believe is a bug, and want to know if you do as well. They have username and password boxes, and obviously a submit. Input the correct details, and it lets you in. Anyway, today I made a mistake, I mispelt my username, and the login page was returned with the incorrect username displayed, and the password box was showing *'s. Viewing the source revealed that they sent my password back in plain text (which could now even be viewed in my temporary internet files. Sure, I know they wont be able to do anything with this because they have the wrong username, but I could just have easily have put a space on the end by mistake. So, is this a security flaw?
It is in my book. Give me the misspelled username and the password, and I'm 90% of the way home. Anger is the most impotent of passions. It effects nothing it goes about, and hurts the one who is possessed by it more than the one against whom it is directed. Carl Sandburg
-
Hi, I am just wondering what opinions people have on this matter. The bank I bank with, claim to have a very secure website, but I noticed what I believe is a bug, and want to know if you do as well. They have username and password boxes, and obviously a submit. Input the correct details, and it lets you in. Anyway, today I made a mistake, I mispelt my username, and the login page was returned with the incorrect username displayed, and the password box was showing *'s. Viewing the source revealed that they sent my password back in plain text (which could now even be viewed in my temporary internet files. Sure, I know they wont be able to do anything with this because they have the wrong username, but I could just have easily have put a space on the end by mistake. So, is this a security flaw?
Personally I would mail the bank and point them to it. And I ask if they can prove a hacker won't get your data to break in. It's still your money :-). Encrypting a password can't be that hard can it? Is it only username and password? In my bank I have a certain key file (on usb stick) without it I can't log in. Other banks use digipasses. You'll have to enter that number along with your username/password. If you really want to do E-banking, make sure the site is safe. (look also if it has a secure connection ==> https://... and a correct certificate) No hurries, no worries.
-
Hi, I am just wondering what opinions people have on this matter. The bank I bank with, claim to have a very secure website, but I noticed what I believe is a bug, and want to know if you do as well. They have username and password boxes, and obviously a submit. Input the correct details, and it lets you in. Anyway, today I made a mistake, I mispelt my username, and the login page was returned with the incorrect username displayed, and the password box was showing *'s. Viewing the source revealed that they sent my password back in plain text (which could now even be viewed in my temporary internet files. Sure, I know they wont be able to do anything with this because they have the wrong username, but I could just have easily have put a space on the end by mistake. So, is this a security flaw?
The banks I use in the UK always ask for a few characters of your password, so they may ask for chars 3,7, and 9, the idea being that the information is no good to a hacker as each time you log in they ask for different chars which I think works quite well.
-
Hi, I am just wondering what opinions people have on this matter. The bank I bank with, claim to have a very secure website, but I noticed what I believe is a bug, and want to know if you do as well. They have username and password boxes, and obviously a submit. Input the correct details, and it lets you in. Anyway, today I made a mistake, I mispelt my username, and the login page was returned with the incorrect username displayed, and the password box was showing *'s. Viewing the source revealed that they sent my password back in plain text (which could now even be viewed in my temporary internet files. Sure, I know they wont be able to do anything with this because they have the wrong username, but I could just have easily have put a space on the end by mistake. So, is this a security flaw?
Sounds dodgy to me too. I'd also say they should have a PIN (different to your ATM PIN) input when using internet banking. My online banking asks for my card number, a password and a PIN which is entered via an onscreen number-pad. Your bank should return a generic "Incorrect login" message rather than pointing out it is the username which is invalid. regards, Paul Watson South Africa PMW Photography Gary Wheeler wrote: It's people like you that keep me heading for my big debut on CNN...
-
Hi, I am just wondering what opinions people have on this matter. The bank I bank with, claim to have a very secure website, but I noticed what I believe is a bug, and want to know if you do as well. They have username and password boxes, and obviously a submit. Input the correct details, and it lets you in. Anyway, today I made a mistake, I mispelt my username, and the login page was returned with the incorrect username displayed, and the password box was showing *'s. Viewing the source revealed that they sent my password back in plain text (which could now even be viewed in my temporary internet files. Sure, I know they wont be able to do anything with this because they have the wrong username, but I could just have easily have put a space on the end by mistake. So, is this a security flaw?
-
Hi, I am just wondering what opinions people have on this matter. The bank I bank with, claim to have a very secure website, but I noticed what I believe is a bug, and want to know if you do as well. They have username and password boxes, and obviously a submit. Input the correct details, and it lets you in. Anyway, today I made a mistake, I mispelt my username, and the login page was returned with the incorrect username displayed, and the password box was showing *'s. Viewing the source revealed that they sent my password back in plain text (which could now even be viewed in my temporary internet files. Sure, I know they wont be able to do anything with this because they have the wrong username, but I could just have easily have put a space on the end by mistake. So, is this a security flaw?
Sounds really dodgy. Username & password for online banking just isn't enough. Natwest require a customer ID which is your date of bith and a number (which i think is dependant on how many customers with your sort code signed up to online banking). This must be entered in full. They then require a password and Pin of which they randomly ask for 3 characters from each. I think this is probably minimum. Sending passwords plain text is just insane. I think i would be really worried :~