Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
324 posts

Ultimate Geek
+1 received by user: 59


  Reply # 1891745 28-Oct-2017 10:50
Send private message

michaelmurfy:

 

@jim.cox I work for ANZ so will shed some light on this.

 

1) It is important for you both to have separate IB accounts - this is possible as with a joint account you both have customer numbers. In this case, you were operating the account through one customer number which is also a breach of the internet banking terms regarding protecting your password from third parties.
2) If it was a 2 to sign account the IB platform will refuse to allow a transfer through the interface. Furthermore, it is possible for staff to lock down accounts to "view only" mode where you can transfer money in, but not take it out.

In your case you were not using it properly and if you're still an ANZ customer I advise you to call up their contact centre to get internet banking created for your wife under her own customer number. Once you do this then you have by default a separate Online Code mobile number.

 

Edit: Further clarification was done via PM. In this case it was wanting to set 2x mobile numbers on a single IB login which is not possible for security reasons and what sounds like to be sharing logins.

 

 

 

 

You're 100% correct here but I do wish there was an easier option with ANZ Online Banking for mulitple phone numbers. For businesses with multiple signatories this can be a pain as the Online Banking only allows one login/password and one mobile number. 

 

There is ANZ Direct Online but that's overkill for 99% of small/medium sized businesses although AFAIK it's the only option for two to sign accounts (tell a lie - there is a workaround for online banking but it's a PITA)

 

 

 

The BNZ allow different logins for business (e.g. access number/customer number, user ID, password)

 

 

 

 


Meow
7623 posts

Uber Geek
+1 received by user: 3705

Moderator
Trusted
Lifetime subscriber

  Reply # 1891747 28-Oct-2017 10:57
Send private message

@logo each signatory under a business account can use their own customer number and from here can use "customer select" which enables them to jump from their own personal account to the business internet banking under their own login which in term transfers over the onlinecode preference from their personal login (so they get texts under the business account too). Directors should be the only ones who login directly to the business account more for accountability reasons but even then they can use customer select also. This is the same sort of solution as BNZ uses. Each signatory should in theory already have their own login (check with your account manager who can set this up for you). Also, it is free.

ANZ Direct Online - while overkill, is a very good solution since you can furthermore fine-tune each login with their own permissions for the account as a whole.




195 posts

Master Geek
+1 received by user: 10


  Reply # 1891751 28-Oct-2017 10:57
Send private message

michaelmurfy:

 

Edit: Further clarification was done via PM. In this case it was wanting to set 2x mobile numbers on a single IB login which is not possible for security reasons and what sounds like to be sharing logins.

 

 

NO - separate customers / separate logins - but text approval messages are coming to a single cellphone number.

 

On discussion with Mr Murphy, I suspect the ANZ system defaulted to loading my cellphone number against my wife's customer number.

 

 


Meow
7623 posts

Uber Geek
+1 received by user: 3705

Moderator
Trusted
Lifetime subscriber

  Reply # 1891763 28-Oct-2017 11:37
Send private message

jim.cox:

 

michaelmurfy:

 

Edit: Further clarification was done via PM. In this case it was wanting to set 2x mobile numbers on a single IB login which is not possible for security reasons and what sounds like to be sharing logins.

 

NO - separate customers / separate logins - but text approval messages are coming to a single cellphone number.

 

On discussion with Mr Murphy, I suspect the ANZ system defaulted to loading my cellphone number against my wife's customer number.

 

As stated - this is literally impossible to do in the system (also the system doesn't default a mobile number for security reasons). In all your messages it still sounds like you were sharing login details and I bet if you were still a customer and if I looked I'll be proven right. As you're not a customer anymore it is best to just drop the subject and move on. If you still are then call them and let them investigate further as I am not in the customer service space nor is this a medium for customer support. Just clearing up some confusion here before it gets out of hand.





21300 posts

Uber Geek
+1 received by user: 4299

Trusted
Subscriber

  Reply # 1891788 28-Oct-2017 11:50
Send private message

The single mobile number thing is a problem with ASB as well, I will often not have a phone on me if its out of data for that month so useless to me till it rolls over, and if I happen to need to pay someone that needs net code its a PITA.

 

If actually did SMS properly I would just use one of their numbers for it so I could get it from the app or whatever from any device. The other option that ASB suggested was a keychain number thing which is just another piece of crap to carry around, lose, or put thru the wash accidentally.





Richard rich.ms

nas

399 posts

Ultimate Geek
+1 received by user: 244


  Reply # 1891809 28-Oct-2017 12:29
Send private message

We're with ANZ and my wife and I have separate IB logins.

 

I have SMS 2FA enabled on mine, she doesn't, works fine..


UHD

649 posts

Ultimate Geek
+1 received by user: 290


  Reply # 1891964 28-Oct-2017 20:44
Send private message

Kiwibank's system is still far and away the best system for me. I don't have to worry about a card, token, cellphone app, or SMS but can simply remember the three answers to my secret questions. IMO it is better than 2FA.




:)
2876 posts

Uber Geek
+1 received by user: 85

Subscriber

  Reply # 1891970 28-Oct-2017 21:11
Send private message

UHD:

 

Kiwibank's system is still far and away the best system for me. I don't have to worry about a card, token, cellphone app, or SMS but can simply remember the three answers to my secret questions. IMO it is better than 2FA.

 

 

 

 

I feel like it's probably the best compromise with all the banks I've heard of so far. If it wasn't for the fact that BNZ have Apply Pay, I would have stayed with Kiwibank, if only for the easy way for me to login etc.

 

 

 

I would love to see support for 2FA soft tokens.






2437 posts

Uber Geek
+1 received by user: 144


  Reply # 1891972 28-Oct-2017 21:32
One person supports this post
Send private message

UHD:

Kiwibank's system is still far and away the best system for me. I don't have to worry about a card, token, cellphone app, or SMS but can simply remember the three answers to my secret questions. IMO it is better than 2FA.

 

The problem is, what questions do you have and what the answers? How easily can an attack find out the answers given things like "What town were you born in" etc?

Meow
7623 posts

Uber Geek
+1 received by user: 3705

Moderator
Trusted
Lifetime subscriber

  Reply # 1892030 28-Oct-2017 22:20
Send private message

kyhwana2:
UHD:

 

Kiwibank's system is still far and away the best system for me. I don't have to worry about a card, token, cellphone app, or SMS but can simply remember the three answers to my secret questions. IMO it is better than 2FA.

 

The problem is, what questions do you have and what the answers? How easily can an attack find out the answers given things like "What town were you born in" etc?

 

I don't think he'll give that answer in public ;) - I have random questions that make no sense like for example "If a catfish drove into a lake then what happened to the cat?" The answer will also be totally unrelated like "Taylor Swift". This is me though, others may not be as smart and go with "What is my cats name" of which the answer may be on their public Facebook page.

 

This is where even SMS based 2FA is good as it is hard to PEBKAC it unless if you were really stupid.





UHD

649 posts

Ultimate Geek
+1 received by user: 290


  Reply # 1892089 29-Oct-2017 11:19
Send private message

kyhwana2:
UHD:

 

Kiwibank's system is still far and away the best system for me. I don't have to worry about a card, token, cellphone app, or SMS but can simply remember the three answers to my secret questions. IMO it is better than 2FA.

 

The problem is, what questions do you have and what the answers? How easily can an attack find out the answers given things like "What town were you born in" etc?

 

I do what murph does, completely random questions that make no sense even to me. That way an attacker would need to brute(force) my brain in order to log in, rather than just steal my phone. Think of the number of phones that display the content of an SMS without having to have the passcode to enter the device? 2FA in that scenario is about as useful as the old netcode cards.


21300 posts

Uber Geek
+1 received by user: 4299

Trusted
Subscriber

  Reply # 1892090 29-Oct-2017 11:23
Send private message

UHD:

 

I do what murph does, completely random questions that make no sense even to me. That way an attacker would need to brute(force) my brain in order to log in, rather than just steal my phone. Think of the number of phones that display the content of an SMS without having to have the passcode to enter the device? 2FA in that scenario is about as useful as the old netcode cards.

 

 

I turn that off on my phones. On my stupid note 4 that also turns off music control on the lock screen, and also for some reason the clock on it, so I can see why people leave that turned on.





Richard rich.ms

nas

399 posts

Ultimate Geek
+1 received by user: 244


  Reply # 1892125 29-Oct-2017 13:43
Send private message

michaelmurfy:

 

kyhwana2:
UHD:

 

Kiwibank's system is still far and away the best system for me. I don't have to worry about a card, token, cellphone app, or SMS but can simply remember the three answers to my secret questions. IMO it is better than 2FA.

 

The problem is, what questions do you have and what the answers? How easily can an attack find out the answers given things like "What town were you born in" etc?

 

I don't think he'll give that answer in public ;) - I have random questions that make no sense like for example "If a catfish drove into a lake then what happened to the cat?" The answer will also be totally unrelated like "Taylor Swift". This is me though, others may not be as smart and go with "What is my cats name" of which the answer may be on their public Facebook page.

 

This is where even SMS based 2FA is good as it is hard to PEBKAC it unless if you were really stupid.

 

 

I just use 1Password and generate a random 25 character string as the answer:

 

Click to see full size

 

That way even I don't know what the answer is without having to look it up


IcI

719 posts

Ultimate Geek
+1 received by user: 154

Trusted

  Reply # 1892143 29-Oct-2017 15:02
Send private message

michaelmurfy:

 

@kyhwana2:
UHD:

 

Kiwibank's system is still far and away the best system for me. ... but can simply remember the three answers to my secret questions. 

The problem is, what questions do you have and what the answers? How easily can an attack find out the answers given things like "What town were you born in" etc?

 

I don't think he'll give that answer in public ;) - I have random questions that make no sense ...

 

The nice thing about Kiwibanks question system is that you can actually create your own questions if you don't want to select the basic ones.

 

Click to see full size


11709 posts

Uber Geek
+1 received by user: 3788

Trusted
Lifetime subscriber

  Reply # 1892297 29-Oct-2017 21:18
Send private message

michaelmurfy:

kyhwana2:
UHD:


Kiwibank's system is still far and away the best system for me. I don't have to worry about a card, token, cellphone app, or SMS but can simply remember the three answers to my secret questions. IMO it is better than 2FA.


The problem is, what questions do you have and what the answers? How easily can an attack find out the answers given things like "What town were you born in" etc?


I don't think he'll give that answer in public ;) - I have random questions that make no sense like for example "If a catfish drove into a lake then what happened to the cat?" The answer will also be totally unrelated like "Taylor Swift". This is me though, others may not be as smart and go with "What is my cats name" of which the answer may be on their public Facebook page.


This is where even SMS based 2FA is good as it is hard to PEBKAC it unless if you were really stupid.



Good idea. Mind you, not every system allows the user to set the questions. Some just give you a list of options.





1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Intel introduces new NUC kits and NUC mini PCs
Posted 16-Aug-2018 11:03


The Warehouse leaps into the AI future with Google
Posted 15-Aug-2018 17:56


Targus set sights on enterprise and consumer growth in New Zealand
Posted 13-Aug-2018 13:47


Huawei to distribute nova 3i in New Zealand
Posted 9-Aug-2018 16:23


Home robot Vector to be available in New Zealand stores
Posted 9-Aug-2018 14:47


Panasonic announces new 2018 OLED TV line up
Posted 7-Aug-2018 16:38


Kordia completes first live 4K TV broadcast
Posted 1-Aug-2018 13:00


Schools get safer and smarter internet with Managed Network Upgrade
Posted 30-Jul-2018 20:01


DNC wants a safer .nz in the coming year
Posted 26-Jul-2018 16:08


Auldhouse becomes an AWS Authorised Training Delivery Partner in New Zealand
Posted 26-Jul-2018 15:55


Rakuten Kobo launches Kobo Clara HD entry level reader
Posted 26-Jul-2018 15:44


Kiwi team reaches semi-finals at the Microsoft Imagine Cup
Posted 26-Jul-2018 15:38


KidsCan App to Help Kiwi Children in Need
Posted 26-Jul-2018 15:32


FUJIFILM announces new high-performance lenses
Posted 24-Jul-2018 14:57


New FUJIFILM XF10 introduces square mode for Instagram sharing
Posted 24-Jul-2018 14:44



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.