Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
266 posts

Ultimate Geek
+1 received by user: 40


  Reply # 1891745 28-Oct-2017 10:50
Send private message quote this post

michaelmurfy:

 

@jim.cox I work for ANZ so will shed some light on this.

 

1) It is important for you both to have separate IB accounts - this is possible as with a joint account you both have customer numbers. In this case, you were operating the account through one customer number which is also a breach of the internet banking terms regarding protecting your password from third parties.
2) If it was a 2 to sign account the IB platform will refuse to allow a transfer through the interface. Furthermore, it is possible for staff to lock down accounts to "view only" mode where you can transfer money in, but not take it out.

In your case you were not using it properly and if you're still an ANZ customer I advise you to call up their contact centre to get internet banking created for your wife under her own customer number. Once you do this then you have by default a separate Online Code mobile number.

 

Edit: Further clarification was done via PM. In this case it was wanting to set 2x mobile numbers on a single IB login which is not possible for security reasons and what sounds like to be sharing logins.

 

 

 

 

You're 100% correct here but I do wish there was an easier option with ANZ Online Banking for mulitple phone numbers. For businesses with multiple signatories this can be a pain as the Online Banking only allows one login/password and one mobile number. 

 

There is ANZ Direct Online but that's overkill for 99% of small/medium sized businesses although AFAIK it's the only option for two to sign accounts (tell a lie - there is a workaround for online banking but it's a PITA)

 

 

 

The BNZ allow different logins for business (e.g. access number/customer number, user ID, password)

 

 

 

 


6799 posts

Uber Geek
+1 received by user: 3132

Moderator
Trusted
Subscriber

  Reply # 1891747 28-Oct-2017 10:57
Send private message quote this post

@logo each signatory under a business account can use their own customer number and from here can use "customer select" which enables them to jump from their own personal account to the business internet banking under their own login which in term transfers over the onlinecode preference from their personal login (so they get texts under the business account too). Directors should be the only ones who login directly to the business account more for accountability reasons but even then they can use customer select also. This is the same sort of solution as BNZ uses. Each signatory should in theory already have their own login (check with your account manager who can set this up for you). Also, it is free.

ANZ Direct Online - while overkill, is a very good solution since you can furthermore fine-tune each login with their own permissions for the account as a whole.




Michael Murphy | https://murfy.nz
Want to be with an epic ISP? Want $20 to join them too? Well, use this link to sign up to BigPipe!
The Router GuideCommunity UniFi Cloud Controller | Ubiquiti Edgerouter Tutorial


 
 
 
 


188 posts

Master Geek
+1 received by user: 8


  Reply # 1891751 28-Oct-2017 10:57
Send private message quote this post

michaelmurfy:

 

Edit: Further clarification was done via PM. In this case it was wanting to set 2x mobile numbers on a single IB login which is not possible for security reasons and what sounds like to be sharing logins.

 

 

NO - separate customers / separate logins - but text approval messages are coming to a single cellphone number.

 

On discussion with Mr Murphy, I suspect the ANZ system defaulted to loading my cellphone number against my wife's customer number.

 

 


6799 posts

Uber Geek
+1 received by user: 3132

Moderator
Trusted
Subscriber

  Reply # 1891763 28-Oct-2017 11:37
Send private message quote this post

jim.cox:

 

michaelmurfy:

 

Edit: Further clarification was done via PM. In this case it was wanting to set 2x mobile numbers on a single IB login which is not possible for security reasons and what sounds like to be sharing logins.

 

NO - separate customers / separate logins - but text approval messages are coming to a single cellphone number.

 

On discussion with Mr Murphy, I suspect the ANZ system defaulted to loading my cellphone number against my wife's customer number.

 

As stated - this is literally impossible to do in the system (also the system doesn't default a mobile number for security reasons). In all your messages it still sounds like you were sharing login details and I bet if you were still a customer and if I looked I'll be proven right. As you're not a customer anymore it is best to just drop the subject and move on. If you still are then call them and let them investigate further as I am not in the customer service space nor is this a medium for customer support. Just clearing up some confusion here before it gets out of hand.





Michael Murphy | https://murfy.nz
Want to be with an epic ISP? Want $20 to join them too? Well, use this link to sign up to BigPipe!
The Router GuideCommunity UniFi Cloud Controller | Ubiquiti Edgerouter Tutorial


20360 posts

Uber Geek
+1 received by user: 3867

Trusted
Subscriber

  Reply # 1891788 28-Oct-2017 11:50
Send private message quote this post

The single mobile number thing is a problem with ASB as well, I will often not have a phone on me if its out of data for that month so useless to me till it rolls over, and if I happen to need to pay someone that needs net code its a PITA.

 

If actually did SMS properly I would just use one of their numbers for it so I could get it from the app or whatever from any device. The other option that ASB suggested was a keychain number thing which is just another piece of crap to carry around, lose, or put thru the wash accidentally.





Richard rich.ms

nas

261 posts

Ultimate Geek
+1 received by user: 131


  Reply # 1891809 28-Oct-2017 12:29
Send private message quote this post

We're with ANZ and my wife and I have separate IB logins.

 

I have SMS 2FA enabled on mine, she doesn't, works fine..


UHD

513 posts

Ultimate Geek
+1 received by user: 216


  Reply # 1891964 28-Oct-2017 20:44
Send private message quote this post

Kiwibank's system is still far and away the best system for me. I don't have to worry about a card, token, cellphone app, or SMS but can simply remember the three answers to my secret questions. IMO it is better than 2FA.




2837 posts

Uber Geek
+1 received by user: 72


  Reply # 1891970 28-Oct-2017 21:11
Send private message quote this post

UHD:

 

Kiwibank's system is still far and away the best system for me. I don't have to worry about a card, token, cellphone app, or SMS but can simply remember the three answers to my secret questions. IMO it is better than 2FA.

 

 

 

 

I feel like it's probably the best compromise with all the banks I've heard of so far. If it wasn't for the fact that BNZ have Apply Pay, I would have stayed with Kiwibank, if only for the easy way for me to login etc.

 

 

 

I would love to see support for 2FA soft tokens.






2374 posts

Uber Geek
+1 received by user: 104


  Reply # 1891972 28-Oct-2017 21:32
One person supports this post
Send private message quote this post

UHD:

Kiwibank's system is still far and away the best system for me. I don't have to worry about a card, token, cellphone app, or SMS but can simply remember the three answers to my secret questions. IMO it is better than 2FA.

 

The problem is, what questions do you have and what the answers? How easily can an attack find out the answers given things like "What town were you born in" etc?

6799 posts

Uber Geek
+1 received by user: 3132

Moderator
Trusted
Subscriber

  Reply # 1892030 28-Oct-2017 22:20
Send private message quote this post

kyhwana2:
UHD:

 

Kiwibank's system is still far and away the best system for me. I don't have to worry about a card, token, cellphone app, or SMS but can simply remember the three answers to my secret questions. IMO it is better than 2FA.

 

The problem is, what questions do you have and what the answers? How easily can an attack find out the answers given things like "What town were you born in" etc?

 

I don't think he'll give that answer in public ;) - I have random questions that make no sense like for example "If a catfish drove into a lake then what happened to the cat?" The answer will also be totally unrelated like "Taylor Swift". This is me though, others may not be as smart and go with "What is my cats name" of which the answer may be on their public Facebook page.

 

This is where even SMS based 2FA is good as it is hard to PEBKAC it unless if you were really stupid.





Michael Murphy | https://murfy.nz
Want to be with an epic ISP? Want $20 to join them too? Well, use this link to sign up to BigPipe!
The Router GuideCommunity UniFi Cloud Controller | Ubiquiti Edgerouter Tutorial


UHD

513 posts

Ultimate Geek
+1 received by user: 216


  Reply # 1892089 29-Oct-2017 11:19
Send private message quote this post

kyhwana2:
UHD:

 

Kiwibank's system is still far and away the best system for me. I don't have to worry about a card, token, cellphone app, or SMS but can simply remember the three answers to my secret questions. IMO it is better than 2FA.

 

The problem is, what questions do you have and what the answers? How easily can an attack find out the answers given things like "What town were you born in" etc?

 

I do what murph does, completely random questions that make no sense even to me. That way an attacker would need to brute(force) my brain in order to log in, rather than just steal my phone. Think of the number of phones that display the content of an SMS without having to have the passcode to enter the device? 2FA in that scenario is about as useful as the old netcode cards.


20360 posts

Uber Geek
+1 received by user: 3867

Trusted
Subscriber

  Reply # 1892090 29-Oct-2017 11:23
Send private message quote this post

UHD:

 

I do what murph does, completely random questions that make no sense even to me. That way an attacker would need to brute(force) my brain in order to log in, rather than just steal my phone. Think of the number of phones that display the content of an SMS without having to have the passcode to enter the device? 2FA in that scenario is about as useful as the old netcode cards.

 

 

I turn that off on my phones. On my stupid note 4 that also turns off music control on the lock screen, and also for some reason the clock on it, so I can see why people leave that turned on.





Richard rich.ms

nas

261 posts

Ultimate Geek
+1 received by user: 131


  Reply # 1892125 29-Oct-2017 13:43
Send private message quote this post

michaelmurfy:

 

kyhwana2:
UHD:

 

Kiwibank's system is still far and away the best system for me. I don't have to worry about a card, token, cellphone app, or SMS but can simply remember the three answers to my secret questions. IMO it is better than 2FA.

 

The problem is, what questions do you have and what the answers? How easily can an attack find out the answers given things like "What town were you born in" etc?

 

I don't think he'll give that answer in public ;) - I have random questions that make no sense like for example "If a catfish drove into a lake then what happened to the cat?" The answer will also be totally unrelated like "Taylor Swift". This is me though, others may not be as smart and go with "What is my cats name" of which the answer may be on their public Facebook page.

 

This is where even SMS based 2FA is good as it is hard to PEBKAC it unless if you were really stupid.

 

 

I just use 1Password and generate a random 25 character string as the answer:

 

Click to see full size

 

That way even I don't know what the answer is without having to look it up


IcI

493 posts

Ultimate Geek
+1 received by user: 108

Trusted

  Reply # 1892143 29-Oct-2017 15:02
Send private message quote this post

michaelmurfy:

 

@kyhwana2:
UHD:

 

Kiwibank's system is still far and away the best system for me. ... but can simply remember the three answers to my secret questions. 

The problem is, what questions do you have and what the answers? How easily can an attack find out the answers given things like "What town were you born in" etc?

 

I don't think he'll give that answer in public ;) - I have random questions that make no sense ...

 

The nice thing about Kiwibanks question system is that you can actually create your own questions if you don't want to select the basic ones.

 

Click to see full size


9892 posts

Uber Geek
+1 received by user: 3011

Trusted
Subscriber

  Reply # 1892297 29-Oct-2017 21:18
Send private message quote this post

michaelmurfy:

kyhwana2:
UHD:


Kiwibank's system is still far and away the best system for me. I don't have to worry about a card, token, cellphone app, or SMS but can simply remember the three answers to my secret questions. IMO it is better than 2FA.


The problem is, what questions do you have and what the answers? How easily can an attack find out the answers given things like "What town were you born in" etc?


I don't think he'll give that answer in public ;) - I have random questions that make no sense like for example "If a catfish drove into a lake then what happened to the cat?" The answer will also be totally unrelated like "Taylor Swift". This is me though, others may not be as smart and go with "What is my cats name" of which the answer may be on their public Facebook page.


This is where even SMS based 2FA is good as it is hard to PEBKAC it unless if you were really stupid.



Good idea. Mind you, not every system allows the user to set the questions. Some just give you a list of options.





1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

UFB killer app: Speed
Posted 17-Nov-2017 17:01


The case for RSS — MacSparky
Posted 13-Nov-2017 14:35


WordPress and Indieweb: Take control of your online presence — 6:30 GridAKL Nov 30
Posted 11-Nov-2017 13:43


Chorus reveals technology upgrade for schools, students
Posted 10-Nov-2017 10:28


Vodafone says Internet of Things (IoT) crucial for digital transformation
Posted 10-Nov-2017 10:06


Police and Facebook launch AMBER Alerts system in NZ
Posted 9-Nov-2017 10:49


Amazon debuts Fire TV Stick Basic Edition in over 100 new countries
Posted 8-Nov-2017 05:34


Vodafone VoIP transition to start this month
Posted 7-Nov-2017 12:33


Spark enhances IoT network capability
Posted 7-Nov-2017 11:33


Vocus NZ sale and broadband competition
Posted 6-Nov-2017 14:36


Hawaiki reaches key milestone in landmark deep-sea fibre project
Posted 4-Nov-2017 13:53


Countdown launches new proximity online shopping app
Posted 4-Nov-2017 13:50


Nokia 3310 to be available through Spark New Zealand
Posted 4-Nov-2017 13:31


Nest launches in New Zealand
Posted 4-Nov-2017 12:31


Active wholesale as Chorus tackles wireless challenge
Posted 3-Nov-2017 10:55



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.