Donate to Remove ads

Got a credit card? use our Credit Card & Finance Calculators

Thanks to Wasron,Steffers0,Anonymous,CryptoPlankton,GrahamPlatt, for Donating to support the site

Nationwide to end login with memorable data

Lootman
Lemon Half
Posts: 6231
Joined: November 4th, 2016, 3:58 pm
Has thanked: 38 times
Been thanked: 968 times

Re: Nationwide to end login with memorable data

#262391

Postby Lootman » November 5th, 2019, 7:22 pm

AF62 wrote:
Lootman wrote:I don't think any method that uses a phone can be secure given how easy it is to lose or break a phone, because they can be hacked and because a signal isn't always available. I won't use a phone app for any financial business on principle.

And bear in mind that all this rigmarole is being implemented for the benefit of the financial institutions and not for the customers. That's why some institutions don't care how difficult and awkward it is for us to jump through all these hoops. I just think it is overkill.

You really think an encrypted smartphone only accessible through a biometric key is less secure than what millions of people do - a password scribbled in a notebook or set to the name of the family dog!

My phone has fingerprint protection but I would assume that the average phone thief/hacker would be able to get around that. For me that feature is more about other people not being able to casually use my phone if I set it down at work or home. More generally I do not consider phones to be a safe device precisely because they can easily fall into the wrong hands.

You may be correct that your solution is technically more secure. But surely it is a matter of being 99.9% secure rather than 99.8% secure. For someone to commit fraud on my account they'd need my userid and password on the bank's website AND the userid and password of my email account AND whatever questions the bank asks about first car, pet's name etc. That's a lot of hurdles.

The tradeoff is between security and usability. I've had to abort a few transactions because I didn't have a signal (in the countryside or overseas). In that situation I am effectively being cut off from online commerce or banking because of "security". So where possible my business is going to go to an institution that doesn't require me to cart a second piece of hardware around and rely on there being a reliable signal.

AF62
Lemon Slice
Posts: 491
Joined: November 27th, 2016, 8:45 am
Has thanked: 6 times
Been thanked: 124 times

Re: Nationwide to end login with memorable data

#262406

Postby AF62 » November 5th, 2019, 8:26 pm

Lootman wrote:
AF62 wrote:
Lootman wrote:I don't think any method that uses a phone can be secure given how easy it is to lose or break a phone, because they can be hacked and because a signal isn't always available. I won't use a phone app for any financial business on principle.

And bear in mind that all this rigmarole is being implemented for the benefit of the financial institutions and not for the customers. That's why some institutions don't care how difficult and awkward it is for us to jump through all these hoops. I just think it is overkill.

You really think an encrypted smartphone only accessible through a biometric key is less secure than what millions of people do - a password scribbled in a notebook or set to the name of the family dog!

My phone has fingerprint protection but I would assume that the average phone thief/hacker would be able to get around that. For me that feature is more about other people not being able to casually use my phone if I set it down at work or home. More generally I do not consider phones to be a safe device precisely because they can easily fall into the wrong hands.


I think you are significantly underestimating the security of modern smartphones. There is not a cat in hell's chance the "average phone thief/hacker" will be able to get in. Stolen phones are so secure they are simply sold for parts these days. Sure if you have annoyed MI6/CIA/etc. you might want to worry, but otherwise, nope.

Lootman wrote: You may be correct that your solution is technically more secure. But surely it is a matter of being 99.9% secure rather than 99.8% secure. For someone to commit fraud on my account they'd need my userid and password on the bank's website AND the userid and password of my email account AND whatever questions the bank asks about first car, pet's name etc. That's a lot of hurdles.


Not really.

For many - bank's userid = name and password = something obvious, with the email userid and password being exactly the same. And as for first car, pet, etc. that is easy to obtain from the enormous number of people who plaster their life over the internet without any thought about the impact.

You are thinking about what you do and the thought you give to passwords, but this is intended to deal with the vast majority. So I would be comparing 99.99% security rather than 90%.

Lootman wrote:The tradeoff is between security and usability. I've had to abort a few transactions because I didn't have a signal (in the countryside or overseas). In that situation I am effectively being cut off from online commerce or banking because of "security". So where possible my business is going to go to an institution that doesn't require me to cart a second piece of hardware around and rely on there being a reliable signal.


I agree with disliking security which requires me to cart a second piece of hardware around, which was why I always loathed the separate card reader, but since I always have a smartphone with me through which I can access the bank, then that is fine for me.

I suspect you may struggle to find an institution which is targeting the rather niche customer base of the combination of your particular use and your particular distrust of the security from modern technology.

UncleEbenezer
Lemon Quarter
Posts: 3889
Joined: November 4th, 2016, 8:17 pm
Has thanked: 434 times
Been thanked: 646 times

Re: Nationwide to end login with memorable data

#262469

Postby UncleEbenezer » November 5th, 2019, 11:55 pm

XFool wrote:I speak with some feeling as somebody who, the other day, spent what felt like ten minutes in the checkout queue at Aldi, immediately behind a customer who chose to pay by the 'convenience' of mobile phone. It wasn't to my convenience. :x


Someone immediately behind me in Lidl's queue paid by phone today (she'd only bought a bottle of wine). She was through and out while I was re-packing my coat in my backpack - having taken it out so it wouldn't be buried under my shopping if I needed it on the way home.

Lootman wrote:How about a system that doesn't require you to own any second piece of hardware?


Well, there's the modern banks requiring just their app on a phone - with the option of an accompanying card.

swill453 wrote:That wouldn't be as secure. The First Direct secure key system requires a PIN, password or fingerprint to generate the code.


Email signed and encrypted with PGP would be more secure than any of the current bank solutions I'm aware of.

swill453
Lemon Quarter
Posts: 2584
Joined: November 4th, 2016, 6:11 pm
Has thanked: 158 times
Been thanked: 714 times

Re: Nationwide to end login with memorable data

#262484

Postby swill453 » November 6th, 2019, 3:58 am

UncleEbenezer wrote:
swill453 wrote:That wouldn't be as secure. The First Direct secure key system requires a PIN, password or fingerprint to generate the code.

Email signed and encrypted with PGP would be more secure than any of the current bank solutions I'm aware of.

Well that depends on how you have the mail reader client/app set up. If the miscreant has possession of your (unlocked) device (phone/PC/whatever) it may be that they can read your emails without further authentication.

Possibly not, but the point is that this aspect isn't under control of the bank.

Whereas a banking app like First Direct's can mandate the further authentication (password, fingerprint etc.).

Scott.

UncleEbenezer
Lemon Quarter
Posts: 3889
Joined: November 4th, 2016, 8:17 pm
Has thanked: 434 times
Been thanked: 646 times

Re: Nationwide to end login with memorable data

#262485

Postby UncleEbenezer » November 6th, 2019, 4:56 am

swill453 wrote:
UncleEbenezer wrote:
swill453 wrote:That wouldn't be as secure. The First Direct secure key system requires a PIN, password or fingerprint to generate the code.

Email signed and encrypted with PGP would be more secure than any of the current bank solutions I'm aware of.

Well that depends on how you have the mail reader client/app set up. If the miscreant has possession of your (unlocked) device (phone/PC/whatever) it may be that they can read your emails without further authentication.

You are evidently not a PGP user.

swill453
Lemon Quarter
Posts: 2584
Joined: November 4th, 2016, 6:11 pm
Has thanked: 158 times
Been thanked: 714 times

Re: Nationwide to end login with memorable data

#262500

Postby swill453 » November 6th, 2019, 8:24 am

UncleEbenezer wrote:You are evidently not a PGP user.

I'm not. Are you saying it's not possible to set up a mail client to automatically decrypt encrypted emails?

Scott.

UncleEbenezer
Lemon Quarter
Posts: 3889
Joined: November 4th, 2016, 8:17 pm
Has thanked: 434 times
Been thanked: 646 times

Re: Nationwide to end login with memorable data

#262525

Postby UncleEbenezer » November 6th, 2019, 10:35 am

swill453 wrote:
UncleEbenezer wrote:You are evidently not a PGP user.

I'm not. Are you saying it's not possible to set up a mail client to automatically decrypt encrypted emails?

Scott.

I guess it might be possible if you use PGP software that allows you a null passphrase. Or if you use a utility like "expect" to automate it.

That would be kind-of like issuing chip-with-no-pin cards, or automating your card reader to type the PIN for you.

XFool
Lemon Quarter
Posts: 4351
Joined: November 8th, 2016, 7:21 pm
Been thanked: 203 times

Re: Nationwide to end login with memorable data

#262739

Postby XFool » November 7th, 2019, 11:04 am

Just noticed this morning - Nationwide have actually ended logging in with Memorable Data.

So, it's phone or card reader from now on.

Although OP quoted message saying 28th November. So timing may depend on individual accounts.

XFool
Lemon Quarter
Posts: 4351
Joined: November 8th, 2016, 7:21 pm
Been thanked: 203 times

Re: Nationwide to end login with memorable data

#262743

Postby XFool » November 7th, 2019, 11:17 am

I do have a mobile, but so far have not registered it with NW. I have used the card reader in the past but generally have preferred the 'convenience' of Memorable Data. Actually, MD isn't THAT convenient - having to enter the memorable text and then I always had to look up the PIN number digits when logging in. Having used a card reader (the Barclays' PINSentry) to log in I found it pretty quick and easy. Of course I am familiar with it from transactions.

I never log on away from home so no great inconvenience there, if I did I would register my mobile number.

swill453
Lemon Quarter
Posts: 2584
Joined: November 4th, 2016, 6:11 pm
Has thanked: 158 times
Been thanked: 714 times

Re: Nationwide to end login with memorable data

#262745

Postby swill453 » November 7th, 2019, 11:21 am

XFool wrote:Just noticed this morning - Nationwide have actually ended logging in with Memorable Data.

So, it's phone or card reader from now on.

Although OP quoted message saying 28th November. So timing may depend on individual accounts.

It just let me log in with memorable data. I have a FlexPlus current account and a smattering of savings accounts.

Having said that, I've been using the mobile app exclusively for a while.

Scott.

AJC5001
2 Lemon pips
Posts: 161
Joined: November 4th, 2016, 4:55 pm
Has thanked: 31 times
Been thanked: 33 times

Re: Nationwide to end login with memorable data

#262800

Postby AJC5001 » November 7th, 2019, 3:06 pm

swill453 wrote:It just let me log in with memorable data. I have a FlexPlus current account and a smattering of savings accounts.

Scott.


Same here, but I doubt I'll be logging in much as my Flexplus, Loyalty Saver and ISA now hold the grand total of £2.18 between them. :(

Adrian

swill453
Lemon Quarter
Posts: 2584
Joined: November 4th, 2016, 6:11 pm
Has thanked: 158 times
Been thanked: 714 times

Re: Nationwide to end login with memorable data

#262803

Postby swill453 » November 7th, 2019, 3:16 pm

AJC5001 wrote:Same here, but I doubt I'll be logging in much as my Flexplus, Loyalty Saver and ISA now hold the grand total of £2.18 between them. :(

I've got £3000+ in a regular saver that matures in a couple of days, with no option to renew. At that point pretty much everything will be withdrawn.

(Actually I tell a lie, I've got a foreign trip coming up so I'll put some cash in the Flexplus so I can withdraw abroad without fees.)

Scott.

feder1
2 Lemon pips
Posts: 168
Joined: November 8th, 2016, 8:28 am
Has thanked: 23 times
Been thanked: 8 times

Re: Nationwide to end login with memorable data

#264926

Postby feder1 » November 17th, 2019, 11:45 am

Does it make sense to keep a dedicated phone simply for financial sites?

This could be locked up at home and thus not get lost or stolen.

It seems to me that to walk around with a phone giving open sesame to my money to anyone seems foolish.

supremetwo
Lemon Slice
Posts: 897
Joined: November 8th, 2016, 2:20 am
Has thanked: 61 times
Been thanked: 124 times

Re: Nationwide to end login with memorable data

#264949

Postby supremetwo » November 17th, 2019, 1:17 pm

feder1 wrote:Does it make sense to keep a dedicated phone simply for financial sites?

This could be locked up at home and thus not get lost or stolen.

It seems to me that to walk around with a phone giving open sesame to my money to anyone seems foolish.

Why should any financial site be able to insist on smart phone possession when many areas of the UK have unreliable signals?

Then there is the aspect of providers removing PAYG and insisting on a monthly contract.

https://www.ispreview.co.uk/index.php/2 ... ndles.html
Mobile operator O2 UK appears to have scrapped their Classic Pay-As-You-Go (PAYG) plans for new customers in favour of a refreshed range of Big Bundles, which include unlimited calls and texts as standard; these require you to top-up every month in order to get the allowance.

UncleEbenezer
Lemon Quarter
Posts: 3889
Joined: November 4th, 2016, 8:17 pm
Has thanked: 434 times
Been thanked: 646 times

Re: Nationwide to end login with memorable data

#268321

Postby UncleEbenezer » November 30th, 2019, 8:34 pm

wickham wrote:Nationwide sent me an email yesterday saying that logging into my current account using memorable data will cease on 28th November.

Which year?

It's Nov.30th and I can still log in using memorable data.

chas49
Lemon Slice
Posts: 978
Joined: November 4th, 2016, 10:25 am
Has thanked: 73 times
Been thanked: 133 times

Re: Nationwide to end login with memorable data

#268333

Postby chas49 » November 30th, 2019, 11:49 pm

UncleEbenezer wrote:
wickham wrote:Nationwide sent me an email yesterday saying that logging into my current account using memorable data will cease on 28th November.

Which year?

It's Nov.30th and I can still log in using memorable data.


The email I got actually said the new Terms & Conditions would be effective from 28 October.

Following a link to more info about the changes went to a page which included this:

"Over time we'll be removing the option of logging in to the Internet Bank using memorable data."

AF62
Lemon Slice
Posts: 491
Joined: November 27th, 2016, 8:45 am
Has thanked: 6 times
Been thanked: 124 times

Re: Nationwide to end login with memorable data

#268356

Postby AF62 » December 1st, 2019, 10:15 am

feder1 wrote:Does it make sense to keep a dedicated phone simply for financial sites?


No.

Why would you think a modern smartphone with up-to date software is insecure if used for other things?

feder1 wrote:This could be locked up at home and thus not get lost or stolen.


My phone gets lost or stolen then it is protected by a strong passkey and bio-metric security. And as soon as I notice it is gone then I can send a 'kill' signal to wipe it.

Likely far more secure than an unattended PC at an unoccupied home.

feder1 wrote:It seems to me that to walk around with a phone giving open sesame to my money to anyone seems foolish.


And how does your phone give anyone "open sesame" to your money when it is behind passkeys and bio-metric security?

supremetwo wrote:Why should any financial site be able to insist on smart phone possession when many areas of the UK have unreliable signals?


Their ball their rules!

Anyway, Nationwide are not insisting on a smart phone as they are allowing the use of a card reader.


Return to “Bank Accounts Savings & ISAs”

Who is online

Users browsing this forum: No registered users and 5 guests