Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7
153 posts

Master Geek


  # 988567 16-Feb-2014 22:15
Send private message

insane: Well as the title suggests, ASB online banking passwords don't seem to be case sensitive. I first noticed it when I tried to add complexity to my password, however was told I can't reuse my existing password. So I tried logging on using an incorrect password (adding upper case letters where there shouldn't be) and can happily login. 

Can any other ASB customers try replicate this?

Their website says they should be... but clearly not.

 



Westpac is the same, I can type my password all caps, all lower case or random, it lets me in. Raised with their phone support, also in person when I was doing some other things in the bank, they had no clue what I was talking about, they even not escalated it to higher level.

3938 posts

Uber Geek

Trusted

  # 988573 16-Feb-2014 22:36
Send private message

I bank with both ASB and ANZ. I have setup 2FA via SMS code sent to my 021 number ported on Telecom few years ago without issues since setup. I understand that SMS can go unreliable anytime but it's the better security system out there at least with these 2 banks. Also have netcode limit set with ASB.




Do whatever you want to do man.

  

 
 
 
 


4530 posts

Uber Geek

Trusted
Lifetime subscriber

  # 988576 16-Feb-2014 22:41
Send private message

engedib:
insane: Well as the title suggests, ASB online banking passwords don't seem to be case sensitive. I first noticed it when I tried to add complexity to my password, however was told I can't reuse my existing password. So I tried logging on using an incorrect password (adding upper case letters where there shouldn't be) and can happily login. 

Can any other ASB customers try replicate this?

Their website says they should be... but clearly not.

 



Westpac is the same, I can type my password all caps, all lower case or random, it lets me in. Raised with their phone support, also in person when I was doing some other things in the bank, they had no clue what I was talking about, they even not escalated it to higher level.


Yeah, Westpac needs lots of improvement with their banking account. They are however, very good at monitoring your account and calls you whenever they think something is 'suspicious'.






2958 posts

Uber Geek


  # 988603 17-Feb-2014 01:53
Send private message

Definitely surprised to see this. Especially since ASBs whole image screams modern and up to date. I've had netcode or whatever it is on for the last 6 months and was considering turning it off as it does get annoying, but seeing this I think it might be a better idea to leave it on for now.

How long do you think this has been the case? Surely a lot of people at ASB know about it.




Bachelor of Computing Systems (2015)

 

--

 

Late 2013 MacBook Pro with Retina Display (4GB/2.4GHz i5/128GB SSD) - HP DV6 (8GB/2.8GHz i7/120GB SSD + 750GB HDD)
iPhone 6S + (64GB/Gold/Vodafone NZ) - Xperia Z C6603 (16GB/White/Spark NZ)

Sam, Auckland 


3336 posts

Uber Geek

Trusted
Lifetime subscriber

  # 988613 17-Feb-2014 07:38
Send private message

tardtasticx: Definitely surprised to see this. Especially since ASBs whole image screams modern and up to date. I've had netcode or whatever it is on for the last 6 months and was considering turning it off as it does get annoying, but seeing this I think it might be a better idea to leave it on for now.

How long do you think this has been the case? Surely a lot of people at ASB know about it.


Ha don't forget bankdirect which is the bast**d child of the ASB group.
Ended up moving away most things from them to another bank, I don't even think bankdirect has an mobile banking site (they do have a wap one however).

I asked ASB about 2 years ago if there will ever be a bankdirect app or give customer access to the ASB one, they said no, I asked them why don't they kill the brand off then, never got a reply.


Bankdirect was the same, no lower/upper case, limit of 8 chars etc.
I still have the account but that is where my direct debts come out of, I would not trust it for anything else these days.






3336 posts

Uber Geek

Trusted
Lifetime subscriber

  # 988614 17-Feb-2014 07:43
Send private message

Just had a look at the bankdirect site it still even has this on their login page


"© ASB Bank Limited 2013"

So we are almost in march and it still shows 2013.


19282 posts

Uber Geek
Inactive user


  # 988615 17-Feb-2014 07:53
Send private message

mrtoken: Just had a look at the bankdirect site it still even has this on their login page


"© ASB Bank Limited 2013"

So we are almost in march and it still shows 2013.



That is not related to what year it is

 
 
 
 


456 posts

Ultimate Geek


  # 988616 17-Feb-2014 07:55
Send private message

Just tested the same issue with my Kiwibank internet banking and sure enough all caps passwords work too.

-A.

1091 posts

Uber Geek


  # 988652 17-Feb-2014 09:14
Send private message

Tested with mine, and i can confirm it.

I have a netcode token device, any transfer's out of my account require the random pin. Works well :)

4159 posts

Uber Geek

Trusted

  # 988657 17-Feb-2014 09:24
2 people support this post
Send private message

I raised the issue with Westpac a while ago and didn't let go... Their "security people" ended up staunchly defending the case insensitivity of their online banking passwords saying that it was "entirely secure"

I know all about how legacy systems can cause unbelievable password constraints, but I would have thought a bank might have the funds to sort it... After all, it's not like they are that poor.

Cheers - N




--

 

Please note all comments are the product of my own brain and don't necessarily represent the position or opinions of my employer, previous employers, colleagues, friends or pets.


917 posts

Ultimate Geek

Trusted

  # 988666 17-Feb-2014 09:50
One person supports this post
Send private message

BNZ *is* case sensitive. And it also warned me that my caps lock was on.




 

19282 posts

Uber Geek
Inactive user


  # 988668 17-Feb-2014 09:52
Send private message

TinyTim: BNZ *is* case sensitive. And it also warned me that my caps lock was on.


I am just in the process of moving to BNZ

2958 posts

Uber Geek


  # 988678 17-Feb-2014 10:08
One person supports this post
Send private message

johnr:
TinyTim: BNZ *is* case sensitive. And it also warned me that my caps lock was on.


I am just in the process of moving to BNZ


that's funny because so did the ASB site, warning me of caps lock on. Then it accepted my password anyway.




Bachelor of Computing Systems (2015)

 

--

 

Late 2013 MacBook Pro with Retina Display (4GB/2.4GHz i5/128GB SSD) - HP DV6 (8GB/2.8GHz i7/120GB SSD + 750GB HDD)
iPhone 6S + (64GB/Gold/Vodafone NZ) - Xperia Z C6603 (16GB/White/Spark NZ)

Sam, Auckland 


917 posts

Ultimate Geek

Trusted

  # 988681 17-Feb-2014 10:15
Send private message

johnr:
TinyTim: BNZ *is* case sensitive. And it also warned me that my caps lock was on.


I am just in the process of moving to BNZ


It doesn't get talked about much, but I really like the BNZ internet banking. (Though I can only compare to ASB.) I prefer the Netcard for 2 factor over having a text messages sent to a mobile.




 

488 posts

Ultimate Geek

Trusted

  # 988720 17-Feb-2014 11:12
Send private message

Gosh, I hope this thread doesn't turn into a "my bank is better than yours" rant.

JamesL: Not a fan text message 2fa though, also that large sum netcode is pointless as they could just drain your account using small amounts :p


I also realised by accident that ASB don't have case sensitivity and I activated 2fa - as mentioned in another thread here at GZ before - 2fa is something you have and something you know and I think txt messaging meets this criteria (if your phone has a pin lock and does not display incoming txt messages on the lock screen, this is better). I've heard of people who get txt messages a long time after they are sent etc, but I've never had that experience with ASB, so I guess it's not an ASB thing.

To my knowledge, the txt message netcode for log in is one time use and tied to the session in progress.

ASB has other mechanisms in place to lock down your account, but as mentioned before on other threads, these seem to be inactive by default and likely becasue the perception is that a majority of customers don't care, can't be bothered or are too tech illiterate to work them out; I have found out by accident that there is a lock out in place using ASB Internet banking, so a weak password could easily be protected from brute force or guess-ware.

PS. I don't work for ASB (I also don't have any reasonable amount of cash in the bank at any time).

I have been ripped off before though, but that was through PayPal having access to my VISA card, which in my ignorance, defeated all the banking security anyway.

1 | 2 | 3 | 4 | 5 | 6 | 7
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Intel expands 10th Gen Intel Core Mobile processor family
Posted 23-Aug-2019 10:22


Digital innovation drives new investment provider
Posted 23-Aug-2019 08:29


Catalyst Cloud becomes a Kubernetes Certified Service Provider (KCSP)
Posted 23-Aug-2019 08:21


New AI legaltech product launched in New Zealand
Posted 21-Aug-2019 17:01


Yubico launches first Lightning-compatible security key, the YubiKey 5Ci
Posted 21-Aug-2019 16:46


Disney+ streaming service confirmed launch in New Zealand
Posted 20-Aug-2019 09:29


Industry plan could create a billion dollar interactive games sector
Posted 19-Aug-2019 20:41


Personal cyber insurance a New Zealand first
Posted 19-Aug-2019 20:26


University of Waikato launches space for esports
Posted 19-Aug-2019 20:20


D-Link ANZ expands mydlink ecosystem with new mydlink Mini Wi-Fi Smart Plug
Posted 19-Aug-2019 20:14


Kiwi workers still falling victim to old cyber tricks
Posted 12-Aug-2019 20:47


Lightning Lab GovTech launches 2019 programme
Posted 12-Aug-2019 20:41


Epson launches portable laser projector
Posted 12-Aug-2019 20:27


Huawei launches new distributed HarmonyOS
Posted 12-Aug-2019 20:20


Lenovo introduces single-socket servers for edge and data-intensive workloads
Posted 9-Aug-2019 21:26



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.