Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Please note this sub-forum does not provide professional finance advice. You should seek advice from a licensed financial advisor. If investing please consider our affiliate links for new accounts: Sharesies or Hatch. To post in this sub-forum you must have made 100 posts or have Trust status or have completed our ID Verification



Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7
kenkeniff
628 posts

Ultimate Geek


  #992410 22-Feb-2014 17:15
Send private message

webwat:
nzkc: They're also restricted to 8 characters.  I brought this up with them on Twitter - got nowhere with them.


Apparently that is a limitation of their ancient core banking software as it has evolved over the years, apparently cant be changed without a major system upgrade. Kiwi Bank have announced they plan to fully replace their core banking system, and have sparked comments that its such a massive project it could kill a small bank like them if they get it wrong.

I think when I signed up with ASB the password had to be 8 characters, and could only be numbers or lowercase letters at that time.


Whilst this is probably the case (an archaic backend) it still doesn't mean they have to pass those limitations through to the frontend as mentioned previously:

kenkeniff: ...
Any backend use of these passwords (authentication / encryption) should be restricted to a sufficiently randomly individually salted derivative of the original password (i.e. a HASH).


(Within following standard best practices for authentication) they should allow you to pick virtually whatever password you want.

They can then use that password to either decrypt their randomly assigned 8-char backend password for your account or simply authenticate a database query of it.

Either way, it's dumb thinking they have to pass mainframe constraints onto the UI because they can't be bothered adding a layer of abstraction.

Affiliate link
 
 
 

Affiliate link: Norton 360 antivirus provides enhanced security for your connected devices, a secure VPN for online privacy, Password Manager, Firewall, SafeCam, PC Cloud Backup, Dark Web Monitoring, Parental Control, and more. An all-in-one cybersecurity solution backed by 100% Virus Protection Promise and 60 Day Money Back Guarantee.
nzkc
1063 posts

Uber Geek


  #992413 22-Feb-2014 17:20
Send private message

webwat:
Apparently that is a limitation of their ancient core banking software as it has evolved over the years, apparently cant be changed without a major system upgrade.


I understand that is correct.  However, I believe ASB are also moving (or have moved) to SAP for their core banking.  

It makes me wonder if they're storing it in plain text rather than a hash of the password.  Surely not you'd think...but we've seen big organisations make simple mistakes like this in the past.

kenkeniff
628 posts

Ultimate Geek


  #992438 22-Feb-2014 17:32
Send private message

nzkc:
webwat:
Apparently that is a limitation of their ancient core banking software as it has evolved over the years, apparently cant be changed without a major system upgrade.


I understand that is correct.  However, I believe ASB are also moving (or have moved) to SAP for their core banking.  

It makes me wonder if they're storing it in plain text rather than a hash of the password.  Surely not you'd think...but we've seen big organisations make simple mistakes like this in the past.


Remember COBOL pre-dates MD5 etc by some decades..

Can't imagine them adding that functionality when it came along but not addressing others like the password limitations..


Banking is one of those industries long overdue for a massive shake up IMO. It won't be long before something comes along to completely disrupt the market and banks will be wondering what hit them..maybe Bitcoin will be it? (but lets not get off topic here).



kendog
321 posts

Ultimate Geek


  #992541 22-Feb-2014 20:31
Send private message

kenkeniff: Banking is one of those industries long overdue for a massive shake up IMO.

You haven't seen Youmoney from bnz yet?

loceff13
917 posts

Ultimate Geek


  #992547 22-Feb-2014 20:55
Send private message

I for one would love my bank to offer a token that cheap($1 a month) for non business accounts, westpac are you listening?

kenkeniff
628 posts

Ultimate Geek


  #992548 22-Feb-2014 21:08
Send private message

kendog:
kenkeniff: Banking is one of those industries long overdue for a massive shake up IMO.

You haven't seen Youmoney from bnz yet?


A small step in the right direction but still a long long way to go..

loceff13: I for one would love my bank to offer a token that cheap($1 a month) for non business accounts, westpac are you listening?


Maybe we should start a wishlist thread?


ASBBank
37 posts

Geek

Trusted
ASB

  #1184887 28-Nov-2014 13:40
Send private message

Hi everyone, we are conscious we haven’t updated you for some time on this thread, but that doesn't mean we have forgotten you. Our dev team have been working hand-in-hand with our security guys for some time and are making some concrete progress on the FastNet password issues you have raised.

We will update you again early next year with some firmer timeframes as the planning and execution of these changes is reasonably extensive.

Thanks again for all your feedback and patience. ^FC

Fiona Colgan, General Manager Digital



Kyanar
3453 posts

Uber Geek

Trusted
Subscriber

  #1185319 29-Nov-2014 11:05
Send private message

Well, gotta give ASB credit - they're actually paying attention, participating in social media, and making plans to fix issues people have with their platform.  Major kudos.

johnr
19282 posts

Uber Geek
Inactive user


  #1185320 29-Nov-2014 11:08
Send private message

Kyanar: Well, gotta give ASB credit - they're actually paying attention, participating in social media, and making plans to fix issues people have with their platform.  Major kudos.


Have to agree Thumbs up to @ASB :)

Frittmann
65 posts

Master Geek
Inactive user


  #1252367 6-Mar-2015 16:31
Send private message

ASBBank: We will update you again early next year with some firmer timeframes as the planning and execution of these changes is reasonably extensive.


As we could arguably be nearing the end of "early next year", which I'll arbitrarily define as being within the first quarter of 2015, is there any update on this issue?

tardtasticx
3032 posts

Uber Geek


  #1252372 6-Mar-2015 16:42
Send private message

Frittmann:
ASBBank: We will update you again early next year with some firmer timeframes as the planning and execution of these changes is reasonably extensive.


As we could arguably be nearing the end of "early next year", which I'll arbitrarily define as being within the first quarter of 2015, is there any update on this issue?


https://www.asb.co.nz/story27372.aspx

Some downtime early this Sunday morning for scheduled maintenance. Unsure if it's related.
Havnt had a notification through the iOS ASB app for something like this before.




Bachelor of Computing Systems (2015)

 

--

 

Late 2013 MacBook Pro with Retina Display (4GB/2.4GHz i5/128GB SSD) - HP DV6 (8GB/2.8GHz i7/120GB SSD + 750GB HDD)
iPhone 6S + (64GB/Gold/Vodafone NZ) - Xperia Z C6603 (16GB/White/Spark NZ)

Sam, Auckland 


ajobbins
5050 posts

Uber Geek

Trusted

  #1252377 6-Mar-2015 16:59
Send private message

This isn't limited to just ASB. My Citibank Australia account is the same. Doesn't matter what case I enter my password, it works.

Annoyingly tho, if you have 2FA turned on, you have to use it even to just view your account transactions. They over bake the security on one part of the online banking, and under bake it on others.




Twitter: ajobbins


ASBBank
37 posts

Geek

Trusted
ASB

  #1254144 9-Mar-2015 16:15
Send private message

Thanks for your question. The teams here are still working very hard on this and we’ll have some more information to update you with as we get closer to the go live date. They successfully completed more of the backend technology changes in preparation for this during Sunday’s scheduled maintenance.  Don't worry, we haven’t forgotten you! - FC [Fiona Colgan, GM Digital]

ASBBank
37 posts

Geek

Trusted
ASB

  #1305755 15-May-2015 12:44
Send private message

Hi everyone, thanks for your patience on this.

We will be introducing these changes soon - more info over on our blog here: https://blog.asb.co.nz/posts/2015/05/asblogin.html 

Thanks ^SM




Social Media team, ASB Bank Ltd www.asb.co.nz/social

graemeh
2078 posts

Uber Geek


  #1306128 15-May-2015 20:49
Send private message

ASBBank: Hi everyone, thanks for your patience on this.

We will be introducing these changes soon - more info over on our blog here: https://blog.asb.co.nz/posts/2015/05/asblogin.html 

Thanks ^SM


Is there any chance you will do this for Bankdirect or NZ Home Loans accounts?  Those sites are well overdue for a bit of love.  I understand you may not be able to do this for NZ Home Loans but you have no excuses for not keeping Bankdirect up to date as that is a 100% ASB invention.

1 | 2 | 3 | 4 | 5 | 6 | 7
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

ANZ To Move to FIS Modern Banking Platform
Posted 10-Aug-2022 08:28


GoPro Hero10 Black Review
Posted 8-Aug-2022 17:41


Amazon to Acquire iRobot
Posted 6-Aug-2022 11:41


Samsung x LIFE Picture Collection Brings Iconic Moments in History to The Frame
Posted 4-Aug-2022 17:04


Norton Consumer Cyber Safety Pulse Report: Phishing for New Bait on Social Media
Posted 4-Aug-2022 16:50


Microsoft Announces New Solutions for Threat Intelligence and Attack Surface Management
Posted 3-Aug-2022 21:54


Seagate Addresses Hyperscale Workloads with Enterprise-Class Nytro SSDs
Posted 3-Aug-2022 21:50


Visa Launching Eco-friendly Payment Solutions in New Zealand
Posted 3-Aug-2022 21:48


NCR Delivers Services to Run Bank of New Zealand ATM Network
Posted 30-Jul-2022 11:06


New HP Portfolio Supports New Era of Hybrid Work
Posted 28-Jul-2022 17:14


Harman Kardon Launches Citation MultiBeam 1100 Soundbar
Posted 28-Jul-2022 17:10


Nanogirl Labs Launches Creator Project
Posted 28-Jul-2022 17:05


Marvel Snap Launches as an Action Collectible Card Game
Posted 26-Jul-2022 17:46


Jabra Talk 65 Review
Posted 26-Jul-2022 17:31


Huawei Watch D Review
Posted 26-Jul-2022 17:26









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







Backblaze unlimited backup