Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 
networkn
27695 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #2590045 21-Oct-2020 21:20
Send private message

Batman:

 

So i guess the solution is don't use SMS 2FA for banking?

 

 

The solution is do not use SMS 2FA for *anything*

 

 


Affiliate link
 
 
 

Affiliate link: LastPass securely stores your passwords and other personal data.
Linux
9112 posts

Uber Geek

Trusted
Lifetime subscriber

  #2590061 21-Oct-2020 21:51
Send private message

Batman:

I heard from a friend that their direct relation had their phone number ported to another carrier, by thieves and then their bank account was drained after using the phone number as bank account verification for log in.


How does one prevent that?


(Just realised while typing that this may not be android related, though the phone was an android)



Was this in New Zealand or another country?

alasta
5743 posts

Uber Geek

Trusted
Subscriber

  #2590120 22-Oct-2020 08:37
Send private message

jjnz1: 
Access to my bank:
Need username and pass and access to text message to activate new device. (This can't be changed I think) then there is no limit to what I can do IMO.

 

This raises an interesting question; for banks like BNZ which have app based 2FA, what exactly is required to install the app on a new device? I assume that if someone has managed to compromise your internet banking username and password then it wouldn't be hard to also get the 2FA app working?

 

I DONT have $1000 limits on my accounts, 10x that seem to go fine (on the very odd occasion I have done that).

What's not easy about this?

 

I am surprised at the $1000 limit because I had no problem doing the transfer last time I bought a car.




michaelmurfy
/dev/ttys0
11027 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #2590124 22-Oct-2020 08:45
Send private message

Each bank has different policies around transfer limits. I’m just speaking from experience of one of them. Your limits also may be higher especially if you’ve got a home loan or made large purchases.




Michael Murphy | https://murfy.nz | https://keybase.io/michaelmurfy - Referral Links: Sharesies | Electric Kiwi
Are you happy with what you get from Geekzone? Please consider supporting us by making a donation.


qwerty123
147 posts

Master Geek


  #2590481 22-Oct-2020 21:37
Send private message

alasta:

 

This raises an interesting question; for banks like BNZ which have app based 2FA, what exactly is required to install the app on a new device? I assume that if someone has managed to compromise your internet banking username and password then it wouldn't be hard to also get the 2FA app working?

 

 

NetGuard card is required to activate BNZ app. Until the app is activated it doesn't do 2FA, doesn't allow to create payees, etc.


freitasm
BDFL - Memuneh
74176 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #2593790 30-Oct-2020 08:32
Send private message

networkn:

 

Batman:

 

So i guess the solution is don't use SMS 2FA for banking?

 

 

The solution is do not use SMS 2FA for *anything*

 

 

I disagree. SMS 2FA is better than no 2FA at all.

 

As mentioned before, people reuse password or passwords are intercepted by malware. No one is advocating to not use passwords for anything.

 

It is a balance. But most importantly, since SMS is only one of a factors the question that should be asked is actually "how did the Bad Actor get hold of the original bank customer account number, bank customer password and phone number?"

 

The answer could be good old social engineering ("Hello, Mr Gullible Client. I am from The Bank. We need to make sure all is good with your account so first we need to verify your identity. Could I please have your account number and password to confirm you are the account owner?"). 

 

If this was a random call to a landline, it could be followed up with a "Great Mr Gullible Client, now that we know it's you, we have a mobile number here as 0319347273 is that still the best way to contact you?" at which point Mr Gullible Client will say "Oh, no something is mixed there because this is not my number - here is the correct number..."

 

Alternatively, it could be malware installed when someone calls saying "I am from your ISP. Our systems identified a problem with your computer and we need to check it for viruses. Can I please remote access your computer now to check it?"

 

SMS 2FA is only one thing - there is more to it.





Support Geekzone by subscribing, making a donation. or using one of our referral links: Sharesies | Goodsync  | Mighty Ape | Backblaze | Norton 360 | Lenovo laptops 

 

freitasm on Keybase | My technology disclosure

 

 

 

 

 

 


Batman

Mad Scientist
28024 posts

Uber Geek

Trusted
Lifetime subscriber

  #2593792 30-Oct-2020 08:39
Send private message

I see. That's reassuring ...

 

But I thought maybe with certain banks - can you get a new password with SMS?





Involuntary autocorrect in operation on mobile device. Apologies in advance.




freitasm
BDFL - Memuneh
74176 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #2593797 30-Oct-2020 08:44
Send private message

Batman:

 

I see. That's reassuring ...

 

But I thought maybe with certain banks - can you get a new password with SMS?

 

 

Then that wouldn't be a second authentication factor. Password resets would be via email, which would have its own authentication scheme.





Support Geekzone by subscribing, making a donation. or using one of our referral links: Sharesies | Goodsync  | Mighty Ape | Backblaze | Norton 360 | Lenovo laptops 

 

freitasm on Keybase | My technology disclosure

 

 

 

 

 

 


1 | 2 | 3 
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Belkin Screenforce Tempered Glass Screen Protector and Bumper - Apple Watch
Posted 15-Aug-2022 17:20


Samsung Introducing Galaxy Z Flip4 and Galaxy Z Fold4
Posted 11-Aug-2022 01:00


Samsung Unveils Health Innovations with Galaxy Watch5 and Galaxy Watch5 Pro
Posted 11-Aug-2022 01:00


Google Bringing First Cloud Region to Aotearoa New Zealand
Posted 10-Aug-2022 08:51


ANZ To Move to FIS Modern Banking Platform
Posted 10-Aug-2022 08:28


GoPro Hero10 Black Review
Posted 8-Aug-2022 17:41


Amazon to Acquire iRobot
Posted 6-Aug-2022 11:41


Samsung x LIFE Picture Collection Brings Iconic Moments in History to The Frame
Posted 4-Aug-2022 17:04


Norton Consumer Cyber Safety Pulse Report: Phishing for New Bait on Social Media
Posted 4-Aug-2022 16:50


Microsoft Announces New Solutions for Threat Intelligence and Attack Surface Management
Posted 3-Aug-2022 21:54


Seagate Addresses Hyperscale Workloads with Enterprise-Class Nytro SSDs
Posted 3-Aug-2022 21:50


Visa Launching Eco-friendly Payment Solutions in New Zealand
Posted 3-Aug-2022 21:48


NCR Delivers Services to Run Bank of New Zealand ATM Network
Posted 30-Jul-2022 11:06


New HP Portfolio Supports New Era of Hybrid Work
Posted 28-Jul-2022 17:14


Harman Kardon Launches Citation MultiBeam 1100 Soundbar
Posted 28-Jul-2022 17:10









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







Backblaze unlimited backup