Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7
153 posts

Master Geek
+1 received by user: 39


  # 988567 16-Feb-2014 22:15
Send private message

insane: Well as the title suggests, ASB online banking passwords don't seem to be case sensitive. I first noticed it when I tried to add complexity to my password, however was told I can't reuse my existing password. So I tried logging on using an incorrect password (adding upper case letters where there shouldn't be) and can happily login. 

Can any other ASB customers try replicate this?

Their website says they should be... but clearly not.

 



Westpac is the same, I can type my password all caps, all lower case or random, it lets me in. Raised with their phone support, also in person when I was doing some other things in the bank, they had no clue what I was talking about, they even not escalated it to higher level.

3921 posts

Uber Geek
+1 received by user: 269

Trusted

  # 988573 16-Feb-2014 22:36
Send private message

I bank with both ASB and ANZ. I have setup 2FA via SMS code sent to my 021 number ported on Telecom few years ago without issues since setup. I understand that SMS can go unreliable anytime but it's the better security system out there at least with these 2 banks. Also have netcode limit set with ASB.




Do whatever you want to do man.

  

 
 
 
 


4527 posts

Uber Geek
+1 received by user: 882

Trusted
Lifetime subscriber

  # 988576 16-Feb-2014 22:41
Send private message

engedib:
insane: Well as the title suggests, ASB online banking passwords don't seem to be case sensitive. I first noticed it when I tried to add complexity to my password, however was told I can't reuse my existing password. So I tried logging on using an incorrect password (adding upper case letters where there shouldn't be) and can happily login. 

Can any other ASB customers try replicate this?

Their website says they should be... but clearly not.

 



Westpac is the same, I can type my password all caps, all lower case or random, it lets me in. Raised with their phone support, also in person when I was doing some other things in the bank, they had no clue what I was talking about, they even not escalated it to higher level.


Yeah, Westpac needs lots of improvement with their banking account. They are however, very good at monitoring your account and calls you whenever they think something is 'suspicious'.






2940 posts

Uber Geek
+1 received by user: 406


  # 988603 17-Feb-2014 01:53
Send private message

Definitely surprised to see this. Especially since ASBs whole image screams modern and up to date. I've had netcode or whatever it is on for the last 6 months and was considering turning it off as it does get annoying, but seeing this I think it might be a better idea to leave it on for now.

How long do you think this has been the case? Surely a lot of people at ASB know about it.




Bachelor of Computing Systems (2015)

 

--

 

Late 2013 MacBook Pro with Retina Display (4GB/2.4GHz i5/128GB SSD) - HP DV6 (8GB/2.8GHz i7/120GB SSD + 750GB HDD)
iPhone 6S + (64GB/Gold/Vodafone NZ) - Xperia Z C6603 (16GB/White/Spark NZ)

Sam, Auckland 


3312 posts

Uber Geek
+1 received by user: 896

Trusted
Lifetime subscriber

  # 988613 17-Feb-2014 07:38
Send private message

tardtasticx: Definitely surprised to see this. Especially since ASBs whole image screams modern and up to date. I've had netcode or whatever it is on for the last 6 months and was considering turning it off as it does get annoying, but seeing this I think it might be a better idea to leave it on for now.

How long do you think this has been the case? Surely a lot of people at ASB know about it.


Ha don't forget bankdirect which is the bast**d child of the ASB group.
Ended up moving away most things from them to another bank, I don't even think bankdirect has an mobile banking site (they do have a wap one however).

I asked ASB about 2 years ago if there will ever be a bankdirect app or give customer access to the ASB one, they said no, I asked them why don't they kill the brand off then, never got a reply.


Bankdirect was the same, no lower/upper case, limit of 8 chars etc.
I still have the account but that is where my direct debts come out of, I would not trust it for anything else these days.






3312 posts

Uber Geek
+1 received by user: 896

Trusted
Lifetime subscriber

  # 988614 17-Feb-2014 07:43
Send private message

Just had a look at the bankdirect site it still even has this on their login page


"© ASB Bank Limited 2013"

So we are almost in march and it still shows 2013.


19282 posts

Uber Geek
+1 received by user: 2600
Inactive user


  # 988615 17-Feb-2014 07:53
Send private message

mrtoken: Just had a look at the bankdirect site it still even has this on their login page


"© ASB Bank Limited 2013"

So we are almost in march and it still shows 2013.



That is not related to what year it is

 
 
 
 


456 posts

Ultimate Geek
+1 received by user: 139


  # 988616 17-Feb-2014 07:55
Send private message

Just tested the same issue with my Kiwibank internet banking and sure enough all caps passwords work too.

-A.

1088 posts

Uber Geek
+1 received by user: 66


  # 988652 17-Feb-2014 09:14
Send private message

Tested with mine, and i can confirm it.

I have a netcode token device, any transfer's out of my account require the random pin. Works well :)

4118 posts

Uber Geek
+1 received by user: 2869

Trusted

  # 988657 17-Feb-2014 09:24
2 people support this post
Send private message

I raised the issue with Westpac a while ago and didn't let go... Their "security people" ended up staunchly defending the case insensitivity of their online banking passwords saying that it was "entirely secure"

I know all about how legacy systems can cause unbelievable password constraints, but I would have thought a bank might have the funds to sort it... After all, it's not like they are that poor.

Cheers - N




--

 

Please note all comments are the product of my own brain and don't necessarily represent the position or opinions of my employer, previous employers, colleagues, friends or pets.


916 posts

Ultimate Geek
+1 received by user: 53

Trusted

  # 988666 17-Feb-2014 09:50
One person supports this post
Send private message

BNZ *is* case sensitive. And it also warned me that my caps lock was on.




 

19282 posts

Uber Geek
+1 received by user: 2600
Inactive user


  # 988668 17-Feb-2014 09:52
Send private message

TinyTim: BNZ *is* case sensitive. And it also warned me that my caps lock was on.


I am just in the process of moving to BNZ

2940 posts

Uber Geek
+1 received by user: 406


  # 988678 17-Feb-2014 10:08
One person supports this post
Send private message

johnr:
TinyTim: BNZ *is* case sensitive. And it also warned me that my caps lock was on.


I am just in the process of moving to BNZ


that's funny because so did the ASB site, warning me of caps lock on. Then it accepted my password anyway.




Bachelor of Computing Systems (2015)

 

--

 

Late 2013 MacBook Pro with Retina Display (4GB/2.4GHz i5/128GB SSD) - HP DV6 (8GB/2.8GHz i7/120GB SSD + 750GB HDD)
iPhone 6S + (64GB/Gold/Vodafone NZ) - Xperia Z C6603 (16GB/White/Spark NZ)

Sam, Auckland 


916 posts

Ultimate Geek
+1 received by user: 53

Trusted

  # 988681 17-Feb-2014 10:15
Send private message

johnr:
TinyTim: BNZ *is* case sensitive. And it also warned me that my caps lock was on.


I am just in the process of moving to BNZ


It doesn't get talked about much, but I really like the BNZ internet banking. (Though I can only compare to ASB.) I prefer the Netcard for 2 factor over having a text messages sent to a mobile.




 

488 posts

Ultimate Geek
+1 received by user: 80

Trusted

  # 988720 17-Feb-2014 11:12
Send private message

Gosh, I hope this thread doesn't turn into a "my bank is better than yours" rant.

JamesL: Not a fan text message 2fa though, also that large sum netcode is pointless as they could just drain your account using small amounts :p


I also realised by accident that ASB don't have case sensitivity and I activated 2fa - as mentioned in another thread here at GZ before - 2fa is something you have and something you know and I think txt messaging meets this criteria (if your phone has a pin lock and does not display incoming txt messages on the lock screen, this is better). I've heard of people who get txt messages a long time after they are sent etc, but I've never had that experience with ASB, so I guess it's not an ASB thing.

To my knowledge, the txt message netcode for log in is one time use and tied to the session in progress.

ASB has other mechanisms in place to lock down your account, but as mentioned before on other threads, these seem to be inactive by default and likely becasue the perception is that a majority of customers don't care, can't be bothered or are too tech illiterate to work them out; I have found out by accident that there is a lock out in place using ASB Internet banking, so a weak password could easily be protected from brute force or guess-ware.

PS. I don't work for ASB (I also don't have any reasonable amount of cash in the bank at any time).

I have been ripped off before though, but that was through PayPal having access to my VISA card, which in my ignorance, defeated all the banking security anyway.

1 | 2 | 3 | 4 | 5 | 6 | 7
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Dunedin selects Telensa to deliver smart street lighting for 15,000 LEDs
Posted 18-Jul-2019 10:21


Sprint announces a connected wallet card with built-in IoT support
Posted 18-Jul-2019 08:36


Educational tool developed at Otago makes international launch
Posted 17-Jul-2019 21:57


Symantec introduces cloud access security solution
Posted 17-Jul-2019 21:48


New Zealand government unveils new digital service to make business easier
Posted 16-Jul-2019 17:35


Scientists unveil image of quantum entanglement
Posted 13-Jul-2019 06:00


Hackers to be challenged at University of Waikato
Posted 12-Jul-2019 21:34


OPPO Reno Z now available in New Zealand
Posted 12-Jul-2019 21:28


Sony introduces WF-1000XM3 wireless headphones with noise cancellation
Posted 8-Jul-2019 16:56


Xero announces new smarter tools, push into the North American market
Posted 19-Jun-2019 17:20


New report by Unisys shows New Zealanders want action by social platform companies and police to monitor social media sites
Posted 19-Jun-2019 17:09


ASB adds Google Pay option to contactless payments
Posted 19-Jun-2019 17:05


New Zealand PC Market declines on the back of high channel inventory, IDC reports
Posted 18-Jun-2019 17:35


Air New Zealand uses drones to inspect aircraft
Posted 17-Jun-2019 15:39


TCL Electronics launches its first-ever 8K TV
Posted 17-Jun-2019 15:18



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.