Bankwest Forum

Ask a new question
Reply
New Member

Please improve account security

Posted by mpfl mpfl
Message 1 of 2 402 Views

Could BankWest please improve online banking security?

 

Facebook has added U2F security, which means my Facebook account is now more secure than my BankWest account.

 

Please consider:

 

1. Removing the the character limit on passwords

2. Introducing alternatives to inherently insecure SMS messages for two-factor authentication, such as TOTP and U2F

Frequent Contributor

Re: Please improve account security

Posted by thewinchester thewinchester
Message 2 of 2 395 Views

I concur with this feedback @mpfl.

 

Ensuring account security needs to be a priority, and the SMS-based method used doesn't cut it considering the risk of interception in transit.

 

I went hunting for an earlier post of mine where this issue was discussed, and I can't seem to find it.

 

Personally, I would love the BOB app to have an in-built TOTP generator, or allow the customer to be able to register their own TOTP generator (using either supported hardware, or compliant software) using the BOB website.

 

This would solve a number of key issues BWA has with customers who they need to use the current Secure Code system with when travelling overseas to verify transactions.

 

TOTP would be the smarter move - given U2F methods are a little harder in the mobile space, given the dispartity of support across mobile platforms. The U2F method FaceBook is using, which is via the NFC reader on the mobile device will only work for Android and other supported device manufacturers. Apple 's devices do not currently allow installed apps to access the NFC circut for the purpose of reading data.

 

Going to TOTP would require only changes to the code based used for authentication, and wouldn't need wholesale redevelopment to support devices like U2F would.

 

The key thing I would stress is that any TOTP implimentation in BOB needs to be done like the Citibank model, where it's contained within the app once registered and the customer authenticated. The ANZ model, having a seperate app for providing their version of a TOTP code is a nightmare when the average user already has >100 apps on their device - simply no reason that such a small thing should be in a standalone application.

 

Reply
0 Kudos
Ask a new question
Top kudoed contributors

Bankwest SWIFT code: BKWAAU6P | Find your BSB by logging into Online Banking
© 2017 Copyright Bankwest, a division of Commonwealth Bank of Australia (Bankwest) ABN 48 123 123 124 AFSL / Australian credit licence 234945. All rights reserved. To use this Website, you are required to read the Financial Services Guide (which you agree to be provided by accessing the link). Bankwest is a division of Commonwealth Bank of Australia, which is the product issuer unless otherwise stated. Rates stated are subject to change without notice. Any advice given does not take into account your objectives, financial situation or needs so please consider whether it is appropriate for you. For deposit and payment products, please ensure you read and consider the Product Disclosure Statement (which you agree to be provided through this link) before making any decision about the product(s). For lending products, lending criteria and fees and charges apply. Terms and conditions apply and are available on request.