Thread: OT Bank relaxes security. Acceptable?
View Single Post
  #45   Report Post  
Posted to alt.home.repair
trader_4 trader_4 is offline
external usenet poster
  
Posts: 15,279
Default OT Bank relaxes security. Acceptable?
On Wednesday, July 29, 2015 at 3:01:02 PM UTC-4, Ed Pawlowski wrote:
On 7/29/2015 2:51 PM, trader_4 wrote:

What is to stop a hacker from presenting the site key?

That they don't know what the site key pic is that you have
personally chosen from a long list of available ones and
that they don't know the tag line you've personally added
to the pic. They aren't going to get that easily. They can
get your user name and pwd by creating a fake logon page
that looks like BA.


I always thought
it would be the perfect method of stealing your info.

I don't see how it's the perfect method, when the hacker doesn't
know the image or tag line for the image that you created.

What is preventing a hacker from getting it? Hackers have been in the
Pentagon computers, many stores, banks, insurance companies and on and
on. Nothing is truly bullet proof.


What's preventing the hacker from getting it is all the
security firewalls and procedures at BA. And if they get inside
that, then essentially all the security goes out the window,
they have all the user names and pwds. Which do you think is
harder? Creating a webpage and webpage address that looks like
the BA one, to get you to enter your credentials or getting inside
BA itself and getting all the user names, pwds, images, etc.
It's a well known method that works. Send someone a
fake message, claiming to be the bank, taking them to a website
that looks like it's the real bank, etc.




There are shady
people out there with all sorts of tricks and one photo is not going to
keep them from taking your fortune.

That added step alone isn't going to prevent all the possible ways, no.
But without it, I could create a hack webpage that looks like the BA
sign on page. So, without it, you put in your logon name and pwd.
Now the hack site has both. With the image challenge, you put in
your name and if you don't see the correct image and tag line, you
know something is up.

If it was that secure, every website would be doing it. Every financial
institution would have it. If it makes you feel good, fine, but like
every man made puzzle, another man has the solution.


I didn't say it was "that" secure. I just said it's a good step
so that you know when you see a webpage that it's really your
bank and not a hacker making a website that looks like the bank.
As I said, I've had many times where the webpage at some financial
institution looked different, or the web address looked slightly
different. With no challenge image, you don't know. With the
addition of that simple image, then you know it's the real bank.



That's what caused Micky to become concerned,
With BA, once I see my image, I'm confident it's
really BA.


Good for you, it never made me feel any better.

I don't know why that would be. How likely do you think
it would be that a hacker would know the image and tag line
that only BA has? And if they do, then they surely don't need
to be phishing via fake websites, which is what the image
challenge prevents.
Reply With QuoteReply With Quote