Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




Glurp
9509 posts

Uber Geek
+1 received by user: 4507

Subscriber

Topic # 247952 4-Mar-2019 18:08
Send private message quote this post

My security is fairly primitive. As a pensioner my needs are simple and I don’t bother with Internet banking. I don’t keep anything of value on my computers and I don’t visit shady sites so I only have basic security (Windows firewall, Defender, Malwarebytes). I have never had any issues. My security is basically keeping a low profile.

 

I need to undergo some medical procedures in Thailand in a few months and I have to figure out a good way of making substantial payments from my Kiwibank account. I will probably have to activate Internet banking. I do not have a credit card but I do have the usual Visa debit/EFTPOS card and I can make overseas payments with that. Until now I have kept most of my funds in a Saver account with only the Now account linked to the card. That way even I can only access what is on that account. To transfer funds I have to ring the bank or physically go there. This has the virtue of simplicity and it has worked well for me until now.

 

However I may be using borrowed computers or odd browsers on unknown ISPs in Thailand, so I need to find the best possible way of protecting my account when making overseas payments or withdrawals. I don’t carry a cell phone and I don’t really want to, so I am looking at other 2FA alternatives, but I’m not sure what to look for. I did read the Yubikey review @freitasm has posted. Something like that, such as a USB dongle I can plug into any computer, sounds like it might be exactly what I need, but I’m not completely sure. Any advice, recommendations or suggestions are welcome. Thanks in advance.

 

 





I reject your reality and substitute my own. - Adam Savage
 


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
BDFL - Memuneh
62678 posts

Uber Geek
+1 received by user: 13360

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 2190869 4-Mar-2019 18:10
One person supports this post
Send private message quote this post

You will have to use what the bank offer. NZ Banks don't seem to support FIDO standards yet so it is either a card, app, SMS or a hardware token (depending on the bank). Talk to your bank.

 

As for other services then you will be using 2FA as an authenticator app on a smartphone (I recommend Authy) or a hardware key (like the Yubikey). Again it will depend of the service.







Glurp
9509 posts

Uber Geek
+1 received by user: 4507

Subscriber

  Reply # 2190873 4-Mar-2019 18:18
Send private message quote this post

Okay, thanks for that. Very helpful.

 

 





I reject your reality and substitute my own. - Adam Savage
 


 
 
 
 


3682 posts

Uber Geek
+1 received by user: 1092


  Reply # 2190883 4-Mar-2019 18:45
2 people support this post
Send private message quote this post

I do have the usual Visa debit/EFTPOS card and I can make overseas payments with that.

 

Upgrading to credit rather than debit card will give you an extra level of protection in that "your" funds are not actually used in any transactions until you get the bill at the end of the month... if there is anything dodgy you can dispute it more easily, .. pretty sure all the banks offer a no frills low annual fee card..

 

You might even be able to time it so that you dont have to pay you credit card bill until you are back in NZ.. (depending on how long you are away)


BDFL - Memuneh
62678 posts

Uber Geek
+1 received by user: 13360

Administrator
Trusted
Geekzone
Lifetime subscriber

14497 posts

Uber Geek
+1 received by user: 2667

Trusted
Subscriber

  Reply # 2190949 4-Mar-2019 20:12
One person supports this post
Send private message quote this post

It's a shame Kiwibank don't offer a physical token you can take.

 

While the advice here is good, when it comes to banking you should validate any advice you get online with your bank.





AWS Certified Solution Architect Professional, Sysop Administrator Associate, and Developer Associate
TOGAF certified enterprise architect
Professional photographer


351 posts

Ultimate Geek
+1 received by user: 36

Lifetime subscriber

  Reply # 2190960 4-Mar-2019 20:45
Send private message quote this post

I can understand your reluctance to use Internet Banking, and you clearly face major medical issues (with associated stress) if you are headed offshore for treatment.  I would strongly suggest you talk to your bank about your concerns and see what options they suggest.  Make sure they cover concerns you have such as the use of devices you dont own.

 

Post back to this thread if you need independent advice on what your bank is suggesting you do.





--

OldGeek.


3399 posts

Uber Geek
+1 received by user: 883


  Reply # 2190961 4-Mar-2019 20:48
2 people support this post
Send private message quote this post

I generally use the Kiwbank app on my phone, and (once set up) this uses one's fingerprint for logging in.

 

As for other authentication protocols: Kiwibank's 2FA is fairly weak - to log into the website (ie, via a browser) they use a random selection of one of three (I think) 'questions' to which you need to add the missing letters to the marked box; there are preset options (of the type 'What city did your parents meet in?'), but you can also set your own questions/answers. This doesn't get used on the phone app (perhaps initially for set-up?).

 

On my phone I've also noticed that for certain transactions (perhaps the first to a new account number and/or over a certain amount?) I've been texted a code to authenticate the transaction. 


14665 posts

Uber Geek
+1 received by user: 1969


  Reply # 2190992 4-Mar-2019 21:37
Send private message quote this post

jonathan18:


I generally use the Kiwbank app on my phone, and (once set up) this uses one's fingerprint for logging in.


As for other authentication protocols: Kiwibank's 2FA is fairly weak - to log into the website (ie, via a browser) they use a random selection of one of three (I think) 'questions' to which you need to add the missing letters to the marked box; there are preset options (of the type 'What city did your parents meet in?'), but you can also set your own questions/answers. This doesn't get used on the phone app (perhaps initially for set-up?).


On my phone I've also noticed that for certain transactions (perhaps the first to a new account number and/or over a certain amount?) I've been texted a code to authenticate the transaction. 



 


I don't think the interface  has been updated for many years. The fact that it doesn't use mobile responsive design, or even a mobile view shows it is pretty ancient. 


mdf

2162 posts

Uber Geek
+1 received by user: 665

Trusted
Subscriber

  Reply # 2191007 4-Mar-2019 22:14
Send private message quote this post

You should have a chat to Kiwibank. Some years ago I got locked out of Kiwibank online banking as they detected "suspicious activity" - in my case an internet banking log on from a country they thought was suspicious even though I was on holiday there. Perhaps because I was on holiday there? All got sorted relatively quickly but it is worth letting them know your travel plans are. They may have suggestions too.

 

In any event, Kiwibank have a Loaded for Travel prepaid card that could be an alternative to a Visa. You can load it via internet banking from your existing accounts, or if it is an option, you can have someone else load in from NZ using a secure account number (there is a load only account number and a spend account number). The latter would save you having to register for online banking at all, and you can't spend more than is loaded on it. You'd need some way of contacting that person though which may well be the dreaded cell phone, though you might be able to avoid a smart phone and just text?


1616 posts

Uber Geek
+1 received by user: 235


  Reply # 2191057 5-Mar-2019 08:58
Send private message quote this post

It should be more secure to use a banks app on a phone rather than try to log into their website. You've also got a bit more come-back if something goes wrong.

 

A credit card gives you more protection than a debit card. My credit card was skimmed in London several years ago and the crooks went on a spending spree in Harrods to wrack up several thousand pounds worth of debt. I didn't find out until I had returned to NZ but my bank took ownership and removed the debt.

 

Don't forget to tell your bank where you're going and the dates. That way they won't flag your ligit transactions as being suspicious.


14497 posts

Uber Geek
+1 received by user: 2667

Trusted
Subscriber

  Reply # 2191075 5-Mar-2019 09:08
Send private message quote this post

A cheap Android phone, purchased in New Zealand, using a Thailand SIM is probably the best, easiest, and most secure way to do this.





AWS Certified Solution Architect Professional, Sysop Administrator Associate, and Developer Associate
TOGAF certified enterprise architect
Professional photographer




Glurp
9509 posts

Uber Geek
+1 received by user: 4507

Subscriber

  Reply # 2191102 5-Mar-2019 09:22
One person supports this post
Send private message quote this post

I would rather avoid a phone if possible. I don't know anything about phones. I have never had one. On the few occasions I tried to use one I couldn't figure out how to make it work.

 

If I am in a foreign country undergoing treatment and trying to make a major financial transaction, I will already be anxious. At my age I don't want to compound that by having to screw with a piece of technology I am not familiar with and don't feel confident about. That may sound silly to anyone younger than 60 but it is how I feel.

 

Edited to add this postscript: I actually tried to do this once. Someone gave me a cheap Spark phone and I took it to Thailand just to use as a phone. I had forgotten about that. When I got to Thailand I did buy a local SIM but couldn't get it to work. A Thai computer technician I consulted couldn't get it to work either. It never did work and the phone is still sitting on a shelf somewhere. I can't afford to have something like that happen again after I am already there.

 

 

 

 

 

 





I reject your reality and substitute my own. - Adam Savage
 


14497 posts

Uber Geek
+1 received by user: 2667

Trusted
Subscriber

  Reply # 2191103 5-Mar-2019 09:25
Send private message quote this post

Can you just call Kiwibank on the phone and ask them to do the transaction manually? They'll ask standard questions to make sure it's you. They might charge a fee, but it'd probably be worth paying for ease of use and peace of mind.





AWS Certified Solution Architect Professional, Sysop Administrator Associate, and Developer Associate
TOGAF certified enterprise architect
Professional photographer


Mad Scientist
19821 posts

Uber Geek
+1 received by user: 2681

Trusted
Lifetime subscriber

  Reply # 2191105 5-Mar-2019 09:26
Send private message quote this post

The phone is not the most secure thing in the world.

 

Someone who really wanted your money would get your phone and they will get all the codes to get in if they knew a couple more information about your account.





Swype on iOS is detrimental to accurate typing. Apologies in advance.


BDFL - Memuneh
62678 posts

Uber Geek
+1 received by user: 13360

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 2191106 5-Mar-2019 09:35
Send private message quote this post

Batman:

 

The phone is not the most secure thing in the world.

 

Someone who really wanted your money would get your phone and they will get all the codes to get in if they knew a couple more information about your account.

 

 

It depends what "phone" is in this context. A voice call? Yes, not secure - know a few things about you and a person with social engineering skills could drain someone's account. An app? More secure than phone calls. Phones can be locked out, require fingerprint for transactions/login, require a second authentication factor for transactions, etc.





 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic


Donate via Givealittle


Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Amazon introduces new Kindle with adjustable front light
Posted 21-Mar-2019 20:14


A call from the companies providing internet access for the great majority of New Zealanders, to the companies with the greatest influence over social media content
Posted 19-Mar-2019 15:21


Two e-scooter companies selected for Wellington trial
Posted 15-Mar-2019 17:33


GeForce GTX 1660 available now
Posted 15-Mar-2019 08:47


Artificial Intelligence to double the rate of innovation in New Zealand by 2021
Posted 13-Mar-2019 14:47


LG demonstrates smart home concepts at LG InnoFest
Posted 13-Mar-2019 14:45


New Zealanders buying more expensive smartphones
Posted 11-Mar-2019 09:52


2degrees Offers Amazon Prime Video to Broadband Customers
Posted 8-Mar-2019 14:10


D-Link ANZ launches D-Fend AC2600 Wi-Fi Router Protected by McAfee
Posted 7-Mar-2019 11:09


Slingshot commissions celebrities to design new modems
Posted 5-Mar-2019 08:58


Symantec Annual Threat Report reveals more ambitious, destructive and stealthy attacks
Posted 28-Feb-2019 10:14


FUJIFILM launches high performing X-T30
Posted 28-Feb-2019 09:40


Netflix is killing content piracy says research
Posted 28-Feb-2019 09:33


Trend Micro finds shifting threats require kiwis to rethink security priorities
Posted 28-Feb-2019 09:27


Mainfreight uses Spark IoT Asset Tracking service
Posted 28-Feb-2019 09:25



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.