On Tuesday 15 June 2010 10:45:02 Saswata Banerjee & Associates wrote:
On 15-Jun-2010, at 10:32 AM, Kenneth Gonsalves wrote:
On Tuesday 15 June 2010 10:18:22 Arun Khan wrote:
On Mon, Jun 14, 2010 at 8:21 PM, Mukund Deshmukh
mukund.deshmukh@gmail.com wrote:
I do with HDFC NetBanking.
even on your personal laptop/machine?
Why not! If you are on Wifi...
Precisely! Even though the connection is encrypted it is better to be safe than sorry.
I find hdfc a bit too paranoid. One cannot store the password or the username, but has to type it every time - and every now and then a new password is demanded - and one cannot use the last three passwords used. As a result, I find it very difficult to remember the password.
That is not paranoid. Its standard corporate security practice. The password has to be changed every 6 months (many corporates ask for it to be done every month). They know most users will not bother to change passwords unless forced.
Sprinting 100 mtrs to compete in the marathon. Users are going to use simple easily remembered passwords with this type of forced changes.
I use an "algorithm" to mangle a set of characters known password
and tataindicom is totally messed up - on forgot password they ask 'mother's maiden name - and there are two fields to be filled
- 'hint question' and 'hint answer' - hint answer I know, but
what is hint question?
LOL. I write down the question and answers for key items and keep it in record. More for my banking info ofcourse.
If they pose the question, the answer can be guessed, reducing the security to rubbish.
and axis bank has a funny system of verifying some payments - you are supposed to get an sms with a pin number. This is supposed to come within a minute - at peak hours it takes longer than a minute, by which time the site times out, so everything has to be repeated.
Many banks follow this practice. Its called 2-token authentication. It ensures that if someone has seen your password, he cant still get in unless he has flicked your phone too.
Or masqurades as you and has your phone no. changed to his. Dont know what sort of procedures are followed at Axis, but the procedure at UBI is quite unreliable. So a change of address took months, resulting in important stuff being despatched to the old address.
Trying to protect a user from himself is stupidity itself. There are enough holes in the chain as is, and the banks should concentrate on this and improving their abysymal services, rather than idiotic measures like changing passwords.
One of the banks had a small token with an lcd which diplayed a number everytime you pressed a button. When you did a web transaction, the app would ask you to press the token button and enter the displayed number. Of course if someone ficked this from you and knows your username and password, you are going to be in a deep hole.