Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Please note this sub-forum does not provide professional finance advice. You should seek advice from a licensed financial advisor. If investing please consider our affiliate links for new accounts: Sharesies or Hatch. To post in this sub-forum you must have made 100 posts or have Trust status or have completed our ID Verification



Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7
engedib
250 posts

Master Geek


  #988567 16-Feb-2014 22:15
Send private message

insane: Well as the title suggests, ASB online banking passwords don't seem to be case sensitive. I first noticed it when I tried to add complexity to my password, however was told I can't reuse my existing password. So I tried logging on using an incorrect password (adding upper case letters where there shouldn't be) and can happily login. 

Can any other ASB customers try replicate this?

Their website says they should be... but clearly not.

 



Westpac is the same, I can type my password all caps, all lower case or random, it lets me in. Raised with their phone support, also in person when I was doing some other things in the bank, they had no clue what I was talking about, they even not escalated it to higher level.




MCSE+M/S, MCITP


Affiliate link
 
 
 

Affiliate link: Shop Mighty Ape for electronics, games, computers books and more.
billgates
4399 posts

Uber Geek

Trusted

  #988573 16-Feb-2014 22:36
Send private message

I bank with both ASB and ANZ. I have setup 2FA via SMS code sent to my 021 number ported on Telecom few years ago without issues since setup. I understand that SMS can go unreliable anytime but it's the better security system out there at least with these 2 banks. Also have netcode limit set with ASB.




Do whatever you want to do man.

  

nakedmolerat
4589 posts

Uber Geek

Trusted
Lifetime subscriber

  #988576 16-Feb-2014 22:41
Send private message

engedib:
insane: Well as the title suggests, ASB online banking passwords don't seem to be case sensitive. I first noticed it when I tried to add complexity to my password, however was told I can't reuse my existing password. So I tried logging on using an incorrect password (adding upper case letters where there shouldn't be) and can happily login. 

Can any other ASB customers try replicate this?

Their website says they should be... but clearly not.

 



Westpac is the same, I can type my password all caps, all lower case or random, it lets me in. Raised with their phone support, also in person when I was doing some other things in the bank, they had no clue what I was talking about, they even not escalated it to higher level.


Yeah, Westpac needs lots of improvement with their banking account. They are however, very good at monitoring your account and calls you whenever they think something is 'suspicious'.




tardtasticx
3032 posts

Uber Geek


  #988603 17-Feb-2014 01:53
Send private message

Definitely surprised to see this. Especially since ASBs whole image screams modern and up to date. I've had netcode or whatever it is on for the last 6 months and was considering turning it off as it does get annoying, but seeing this I think it might be a better idea to leave it on for now.

How long do you think this has been the case? Surely a lot of people at ASB know about it.




Bachelor of Computing Systems (2015)

 

--

 

Late 2013 MacBook Pro with Retina Display (4GB/2.4GHz i5/128GB SSD) - HP DV6 (8GB/2.8GHz i7/120GB SSD + 750GB HDD)
iPhone 6S + (64GB/Gold/Vodafone NZ) - Xperia Z C6603 (16GB/White/Spark NZ)

Sam, Auckland 


tripp
3671 posts

Uber Geek

Trusted
Lifetime subscriber

  #988613 17-Feb-2014 07:38
Send private message

tardtasticx: Definitely surprised to see this. Especially since ASBs whole image screams modern and up to date. I've had netcode or whatever it is on for the last 6 months and was considering turning it off as it does get annoying, but seeing this I think it might be a better idea to leave it on for now.

How long do you think this has been the case? Surely a lot of people at ASB know about it.


Ha don't forget bankdirect which is the bast**d child of the ASB group.
Ended up moving away most things from them to another bank, I don't even think bankdirect has an mobile banking site (they do have a wap one however).

I asked ASB about 2 years ago if there will ever be a bankdirect app or give customer access to the ASB one, they said no, I asked them why don't they kill the brand off then, never got a reply.


Bankdirect was the same, no lower/upper case, limit of 8 chars etc.
I still have the account but that is where my direct debts come out of, I would not trust it for anything else these days.






tripp
3671 posts

Uber Geek

Trusted
Lifetime subscriber

  #988614 17-Feb-2014 07:43
Send private message

Just had a look at the bankdirect site it still even has this on their login page


"© ASB Bank Limited 2013"

So we are almost in march and it still shows 2013.


johnr
19282 posts

Uber Geek
Inactive user


  #988615 17-Feb-2014 07:53
Send private message

mrtoken: Just had a look at the bankdirect site it still even has this on their login page


"© ASB Bank Limited 2013"

So we are almost in march and it still shows 2013.



That is not related to what year it is



AidanS
458 posts

Ultimate Geek


  #988616 17-Feb-2014 07:55
Send private message

Just tested the same issue with my Kiwibank internet banking and sure enough all caps passwords work too.

-A.

jaymz
1132 posts

Uber Geek


  #988652 17-Feb-2014 09:14
Send private message

Tested with mine, and i can confirm it.

I have a netcode token device, any transfer's out of my account require the random pin. Works well :)

Talkiet
4573 posts

Uber Geek

Trusted

  #988657 17-Feb-2014 09:24
Send private message

I raised the issue with Westpac a while ago and didn't let go... Their "security people" ended up staunchly defending the case insensitivity of their online banking passwords saying that it was "entirely secure"

I know all about how legacy systems can cause unbelievable password constraints, but I would have thought a bank might have the funds to sort it... After all, it's not like they are that poor.

Cheers - N




--

 

Please note all comments are the product of my own brain and don't necessarily represent the position or opinions of my employer, previous employers, colleagues, friends or pets.


TinyTim
981 posts

Ultimate Geek

Trusted

  #988666 17-Feb-2014 09:50
Send private message

BNZ *is* case sensitive. And it also warned me that my caps lock was on.




 

johnr
19282 posts

Uber Geek
Inactive user


  #988668 17-Feb-2014 09:52
Send private message

TinyTim: BNZ *is* case sensitive. And it also warned me that my caps lock was on.


I am just in the process of moving to BNZ

tardtasticx
3032 posts

Uber Geek


  #988678 17-Feb-2014 10:08
Send private message

johnr:
TinyTim: BNZ *is* case sensitive. And it also warned me that my caps lock was on.


I am just in the process of moving to BNZ


that's funny because so did the ASB site, warning me of caps lock on. Then it accepted my password anyway.




Bachelor of Computing Systems (2015)

 

--

 

Late 2013 MacBook Pro with Retina Display (4GB/2.4GHz i5/128GB SSD) - HP DV6 (8GB/2.8GHz i7/120GB SSD + 750GB HDD)
iPhone 6S + (64GB/Gold/Vodafone NZ) - Xperia Z C6603 (16GB/White/Spark NZ)

Sam, Auckland 


TinyTim
981 posts

Ultimate Geek

Trusted

  #988681 17-Feb-2014 10:15
Send private message

johnr:
TinyTim: BNZ *is* case sensitive. And it also warned me that my caps lock was on.


I am just in the process of moving to BNZ


It doesn't get talked about much, but I really like the BNZ internet banking. (Though I can only compare to ASB.) I prefer the Netcard for 2 factor over having a text messages sent to a mobile.




 

gundar
488 posts

Ultimate Geek

Trusted

  #988720 17-Feb-2014 11:12
Send private message

Gosh, I hope this thread doesn't turn into a "my bank is better than yours" rant.

JamesL: Not a fan text message 2fa though, also that large sum netcode is pointless as they could just drain your account using small amounts :p


I also realised by accident that ASB don't have case sensitivity and I activated 2fa - as mentioned in another thread here at GZ before - 2fa is something you have and something you know and I think txt messaging meets this criteria (if your phone has a pin lock and does not display incoming txt messages on the lock screen, this is better). I've heard of people who get txt messages a long time after they are sent etc, but I've never had that experience with ASB, so I guess it's not an ASB thing.

To my knowledge, the txt message netcode for log in is one time use and tied to the session in progress.

ASB has other mechanisms in place to lock down your account, but as mentioned before on other threads, these seem to be inactive by default and likely becasue the perception is that a majority of customers don't care, can't be bothered or are too tech illiterate to work them out; I have found out by accident that there is a lock out in place using ASB Internet banking, so a weak password could easily be protected from brute force or guess-ware.

PS. I don't work for ASB (I also don't have any reasonable amount of cash in the bank at any time).

I have been ripped off before though, but that was through PayPal having access to my VISA card, which in my ignorance, defeated all the banking security anyway.

1 | 2 | 3 | 4 | 5 | 6 | 7
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

GoPro Hero10 Black Review
Posted 8-Aug-2022 17:41


Amazon to Acquire iRobot
Posted 6-Aug-2022 11:41


Samsung x LIFE Picture Collection Brings Iconic Moments in History to The Frame
Posted 4-Aug-2022 17:04


Norton Consumer Cyber Safety Pulse Report: Phishing for New Bait on Social Media
Posted 4-Aug-2022 16:50


Microsoft Announces New Solutions for Threat Intelligence and Attack Surface Management
Posted 3-Aug-2022 21:54


Seagate Addresses Hyperscale Workloads with Enterprise-Class Nytro SSDs
Posted 3-Aug-2022 21:50


Visa Launching Eco-friendly Payment Solutions in New Zealand
Posted 3-Aug-2022 21:48


NCR Delivers Services to Run Bank of New Zealand ATM Network
Posted 30-Jul-2022 11:06


New HP Portfolio Supports New Era of Hybrid Work
Posted 28-Jul-2022 17:14


Harman Kardon Launches Citation MultiBeam 1100 Soundbar
Posted 28-Jul-2022 17:10


Nanogirl Labs Launches Creator Project
Posted 28-Jul-2022 17:05


Marvel Snap Launches as an Action Collectible Card Game
Posted 26-Jul-2022 17:46


Jabra Talk 65 Review
Posted 26-Jul-2022 17:31


Huawei Watch D Review
Posted 26-Jul-2022 17:26


Huawei Introduces Watch Fit 2
Posted 14-Jul-2022 17:06









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







Backblaze unlimited backup