Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Please note this sub-forum does not provide professional finance advice. You should seek advice from a licensed financial advisor.

To post in this sub-forum you must have made 100 posts or have Trust status or have completed our ID Verification.

If investing please consider our affiliate link for new accounts: Sharesies.



ForumsFinance and wealth managementASB online banking passwords not case sensitive!
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7
kenkeniff
628 posts

Ultimate Geek
+1 received by user: 88


  #992410 22-Feb-2014 17:15
Send private message

webwat:
nzkc: They're also restricted to 8 characters.  I brought this up with them on Twitter - got nowhere with them.


Apparently that is a limitation of their ancient core banking software as it has evolved over the years, apparently cant be changed without a major system upgrade. Kiwi Bank have announced they plan to fully replace their core banking system, and have sparked comments that its such a massive project it could kill a small bank like them if they get it wrong.

I think when I signed up with ASB the password had to be 8 characters, and could only be numbers or lowercase letters at that time.


Whilst this is probably the case (an archaic backend) it still doesn't mean they have to pass those limitations through to the frontend as mentioned previously:

kenkeniff: ...
Any backend use of these passwords (authentication / encryption) should be restricted to a sufficiently randomly individually salted derivative of the original password (i.e. a HASH).


(Within following standard best practices for authentication) they should allow you to pick virtually whatever password you want.

They can then use that password to either decrypt their randomly assigned 8-char backend password for your account or simply authenticate a database query of it.

Either way, it's dumb thinking they have to pass mainframe constraints onto the UI because they can't be bothered adding a layer of abstraction.



nzkc
1634 posts

Uber Geek
+1 received by user: 1041


  #992413 22-Feb-2014 17:20
Send private message

webwat:
Apparently that is a limitation of their ancient core banking software as it has evolved over the years, apparently cant be changed without a major system upgrade.


I understand that is correct.  However, I believe ASB are also moving (or have moved) to SAP for their core banking.  

It makes me wonder if they're storing it in plain text rather than a hash of the password.  Surely not you'd think...but we've seen big organisations make simple mistakes like this in the past.

kenkeniff
628 posts

Ultimate Geek
+1 received by user: 88


  #992438 22-Feb-2014 17:32
Send private message

nzkc:
webwat:
Apparently that is a limitation of their ancient core banking software as it has evolved over the years, apparently cant be changed without a major system upgrade.


I understand that is correct.  However, I believe ASB are also moving (or have moved) to SAP for their core banking.  

It makes me wonder if they're storing it in plain text rather than a hash of the password.  Surely not you'd think...but we've seen big organisations make simple mistakes like this in the past.


Remember COBOL pre-dates MD5 etc by some decades..

Can't imagine them adding that functionality when it came along but not addressing others like the password limitations..


Banking is one of those industries long overdue for a massive shake up IMO. It won't be long before something comes along to completely disrupt the market and banks will be wondering what hit them..maybe Bitcoin will be it? (but lets not get off topic here).



kendog
326 posts

Ultimate Geek
+1 received by user: 62


  #992541 22-Feb-2014 20:31
Send private message

kenkeniff: Banking is one of those industries long overdue for a massive shake up IMO.

You haven't seen Youmoney from bnz yet?

loceff13
1089 posts

Uber Geek
+1 received by user: 340


  #992547 22-Feb-2014 20:55
Send private message

I for one would love my bank to offer a token that cheap($1 a month) for non business accounts, westpac are you listening?

kenkeniff
628 posts

Ultimate Geek
+1 received by user: 88


  #992548 22-Feb-2014 21:08
Send private message

kendog:
kenkeniff: Banking is one of those industries long overdue for a massive shake up IMO.

You haven't seen Youmoney from bnz yet?


A small step in the right direction but still a long long way to go..

loceff13: I for one would love my bank to offer a token that cheap($1 a month) for non business accounts, westpac are you listening?


Maybe we should start a wishlist thread?

 
 
 
 

Shop now at Mighty Ape (affiliate link).
ASBBank
37 posts

Geek
+1 received by user: 38

Trusted
ASB

  #1184887 28-Nov-2014 13:40
Send private message

Hi everyone, we are conscious we haven’t updated you for some time on this thread, but that doesn't mean we have forgotten you. Our dev team have been working hand-in-hand with our security guys for some time and are making some concrete progress on the FastNet password issues you have raised.

We will update you again early next year with some firmer timeframes as the planning and execution of these changes is reasonably extensive.

Thanks again for all your feedback and patience. ^FC

Fiona Colgan, General Manager Digital

Kyanar
4089 posts

Uber Geek
+1 received by user: 1684

ID Verified
Trusted

  #1185319 29-Nov-2014 11:05
Send private message

Well, gotta give ASB credit - they're actually paying attention, participating in social media, and making plans to fix issues people have with their platform.  Major kudos.

johnr
19282 posts

Uber Geek
+1 received by user: 2526
Inactive user


  #1185320 29-Nov-2014 11:08
Send private message

Kyanar: Well, gotta give ASB credit - they're actually paying attention, participating in social media, and making plans to fix issues people have with their platform.  Major kudos.


Have to agree Thumbs up to @ASB :)

Frittmann
65 posts

Master Geek
+1 received by user: 1
Inactive user


  #1252367 6-Mar-2015 16:31
Send private message

ASBBank: We will update you again early next year with some firmer timeframes as the planning and execution of these changes is reasonably extensive.


As we could arguably be nearing the end of "early next year", which I'll arbitrarily define as being within the first quarter of 2015, is there any update on this issue?

tardtasticx
3084 posts

Uber Geek
+1 received by user: 483


  #1252372 6-Mar-2015 16:42
Send private message

Frittmann:
ASBBank: We will update you again early next year with some firmer timeframes as the planning and execution of these changes is reasonably extensive.


As we could arguably be nearing the end of "early next year", which I'll arbitrarily define as being within the first quarter of 2015, is there any update on this issue?


https://www.asb.co.nz/story27372.aspx

Some downtime early this Sunday morning for scheduled maintenance. Unsure if it's related.
Havnt had a notification through the iOS ASB app for something like this before.

 
 
 
 

Shop now on Samsung phones, tablets, TVs and more (affiliate link).
ajobbins
5053 posts

Uber Geek
+1 received by user: 1279

Trusted

  #1252377 6-Mar-2015 16:59
Send private message

This isn't limited to just ASB. My Citibank Australia account is the same. Doesn't matter what case I enter my password, it works.

Annoyingly tho, if you have 2FA turned on, you have to use it even to just view your account transactions. They over bake the security on one part of the online banking, and under bake it on others.




Twitter: ajobbins

ASBBank
37 posts

Geek
+1 received by user: 38

Trusted
ASB

  #1254144 9-Mar-2015 16:15
Send private message

Thanks for your question. The teams here are still working very hard on this and we’ll have some more information to update you with as we get closer to the go live date. They successfully completed more of the backend technology changes in preparation for this during Sunday’s scheduled maintenance.  Don't worry, we haven’t forgotten you! - FC [Fiona Colgan, GM Digital]

ASBBank
37 posts

Geek
+1 received by user: 38

Trusted
ASB

  #1305755 15-May-2015 12:44
Send private message

Hi everyone, thanks for your patience on this.

We will be introducing these changes soon - more info over on our blog here: https://blog.asb.co.nz/posts/2015/05/asblogin.html 

Thanks ^SM




Social Media team, ASB Bank Ltd www.asb.co.nz/social

graemeh
2080 posts

Uber Geek
+1 received by user: 226


  #1306128 15-May-2015 20:49
Send private message

ASBBank: Hi everyone, thanks for your patience on this.

We will be introducing these changes soon - more info over on our blog here: https://blog.asb.co.nz/posts/2015/05/asblogin.html 

Thanks ^SM


Is there any chance you will do this for Bankdirect or NZ Home Loans accounts?  Those sites are well overdue for a bit of love.  I understand you may not be able to do this for NZ Home Loans but you have no excuses for not keeping Bankdirect up to date as that is a 100% ASB invention.

1 | 2 | 3 | 4 | 5 | 6 | 7
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright