Web Browsing, Cookies and Privacy!

What with things like HeartBleed, keyloggers and other exploits that are possible on your machine, web browsing is inherently risk prone. When you choose to do something like “Online Banking”, you just brought these risks very close to your money. So you had things like passwords to keep you safe.

So here’s where I think Banks are going stupid, or they are being advised by imbeciles.

My bank:

  • requires me to login with my account number
  • and provide a password, which they never require me to change
  • and if they find a cookie on my machine, they log me right in!
  • and if they don’t find a cookie, I must answer three questions correctly before being allowed to login.

They are changing this as follows:

  • requires me to login with my account number
  • and provide a password, which they never require me to change
  • and if they find a cookie on my machine, they log me right in!
  • and if they don’t, they will send me an email, an SMS or a phone call and give me a one time use passcode.

In the old way of doing things, I effectively had four passwords and someone would have to compromise all four before he or she could login. And my browser deleted all cookies on exit, and only retained cookies for the session. With the new mechanism, someone who wanted to hack my account only need access to one password and either my telephone or the password to my email account.

How, pray, is this more secure?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s