Yes, its not only the Gubbermint that can come up with moronic ideas, In my humble opinion Westpac prove that private industry is at the forefront of stupidity.

Todays internet banking logon tells me of a great new security idea. (Its not optional of course, good ideas never are.)

I get to answer some questions "Whats your grandads name", "what was your first car", that kind of stuff.

Then if I forget my password, all I need to do is answer the "challenge question" and I can have a new one !

So, the russian hacker doesnt need to know my really tricky banking password anymore.

All he needs to do is have look at my facebook page to see grandad in my friends list, and ask westpac for a new password.

My lovely secure password and the bank site encryption now amounts to nothing, as the answers to many of the challenge questions are public domain, and even more are known to friends, family and the evil ex wife.

Hmm. Where do we get these security geniuses from ?

I went through the same thing last week. Luckily you have more choices than your granddads name, like first street you grew up in, first pet, and lots more choices too. So unless you're stupid enough to put all your personal info on somewhere that is obviously not all that private (although you can make your facebook profile private) your squillions should be safe. Mine are.

Have you seen how Kiwibanks login works? If they are trying to copy that, then that is a good thing. It's not an alternative. It's an extra and you get to set the questions. It is not a keystroke thing either so no-one can hack your computer and suss it out.

So, the russian hacker doesnt need to know my really tricky banking password anymore.

All he needs to do is have look at my facebook page to see grandad in my friends list, and ask westpac for a new password.

My lovely secure password and the bank site encryption now amounts to nothing, as the answers to many of the challenge questions are public domain, and even more are known to friends, family and the evil ex wife.

Hmm. Where do we get these security geniuses from ?

Hmm. Where do we get these security geniuses from ?..... probably Russia!

I went through the same thing last week. Luckily you have more choices than your granddads name, like first street you grew up in, first pet....


Of course the kids who grew up in your street would know all those ones, as would your first girl friend, the ex wife and scores of people.

While, with care you could select questions that would be hard to find, last week I was much safer as my carefully crafted, and regularly changed password was the only way in to my account.

Now you just might be able to get in if you knew enough about me.

Yes, its not only the Gubbermint that can come up with moronic ideas, Westpac prove that private industry is at the forefront of stupidity.

Todays internet banking logon tells me of a great new security idea. (Its not optional of course, good ideas never are.)

I get to answer some questions "Whats your grandads name", "what was your first car", that kind of stuff.

Then if I forget my password, all I need to do is answer the "challenge question" and I can have a new one !

So, the russian hacker doesnt need to know my really tricky banking password anymore.

All he needs to do is have look at my facebook page to see grandad in my friends list, and ask westpac for a new password.

My lovely secure password and the bank site encryption now amounts to nothing, as the answers to many of the challenge questions are public domain, and even more are known to friends, family and the evil ex wife.

Hmm. Where do we get these security geniuses from ?

Westpac are the most useless when it comes to this stuff. all the other bands have extra features which provide additional but by no means foolproof security

Only dumb faggots who don't care about their privacy would use facebook anyway.

And FFS use your brain and put different anwers to the questions you muppet :laugh:

Only dumb faggots who don't care about their privacy would use facebook anyway.

And FFS use your brain and put different anwers to the questions you muppet :laugh:

The issue is not what you can do to provide yourself with security in spite of Westpac stupidity

(You could as you point out use a pass-phrase unrelated to the question as the answer.)

What erks me, is that this compulsory weakening of my security is foisted on me as a security enhancement !

And it also erks me that idiots cant see that, but its very easy for me to ignore idiots, much harder for me to do without internet banking.

What erks me, is that this compulsory weakening of my security is foisted on me as a security enhancement !It's only as weak as you make it.

And it also erks me that idiots cant see that, but its very easy for me to ignore idiots, much harder for me to do without internet banking.If you think their security is inadequate, change banks... surely that is what any prudent person would do? Or is that in the too hard basket?

Of course the kids who grew up in your street would know all those ones, as would your first girl friend, the ex wife and scores of people.

While, with care you could select questions that would be hard to find, last week I was much safer as my carefully crafted, and regularly changed password was the only way in to my account.

Now you just might be able to get in if you knew enough about me.

And if they know your customer id. Now if they've made it that far, you have been too sloppy.

The password for ASB internet banking is case insensitive so there goes your increased complexity with upper & lowercase letters. P7iUYt8R = p7iuyt8r as far as they're concerned. (No, that's not my password)

DM

And if they know your customer id. Now if they've made it that far, you have been too sloppy.

So IF they know my customer ID, I accept that I have been careless.

But my password is a tough nut to crack, and it was the only key.

Now my password is not the only key.

Westpac has added a whole list of new keys to my account. Some of which may be easier to guess than my password.

How exactly does this help me be more secure...?

Scenario.. someone steals my wallet, and therefore have my drivers licence, DOB, address, and Westpac account number.

At the moment they cannot use that to guess my password. But the security questions are known to all westpac customers, and all hackers.

An hours googling could find answers to many of the questions. The best bit is, that if they guess my challenge questions, then they already know how to answer the challenge question they need to answer to transfet BOTH my dollars to russia.

So IF they know my customer ID, I accept that I have been careless.

But my password is a tough nut to crack, and it was the only key.

Now my password is not the only key.

Westpac has added a whole list of new keys to my account. Some of which may be easier to guess than my password.

How exactly does this help me be more secure...?

Scenario.. someone steals my wallet, and therefore have my drivers licence, DOB, address, and Westpac account number.

At the moment they cannot use that to guess my password. But the security questions are known to all westpac customers, and all hackers.

An hours googling could find answers to many of the questions. The best bit is, that if they guess my challenge questions, then they already know how to answer the challenge question they need to answer to transfet BOTH my dollars to russia.

You're account number is different to your user id, that should never be written down. You can also modify your user id to something unique.

I do understand what you are saying. However I'd like to know Westpacs reasoning behind it. (I'm assuming there is a legitimate reason for the change)

BNZ customers have this plastic card with different numbers on it, and you have to look at the card and enter numbers off the card in order to access the account. It seems like a good idea, as long as the thief/fraudster doesn't get hold of that card.

An hours googling could find answers to many of the questions. The best bit is, that if they guess my challenge questions, then they already know how to answer the challenge question they need to answer to transfet BOTH my dollars to russia.Which the bank will reimburse you for. Just change all of your challenge question answers to the same as your password if you think your password is bulletproof. Or gibberish... you can still ring the bank to have your password reset if required, but that'll never happen because you change them regularly enough.

are you sure this is from westpac? Theres a scam going round that seems to be from banks but its not

A scam? Just one?
Come on, Frosty...
Nah, this one's legit. I'm not sure how it makes my log-in safer, tho. And I don't do facebook.

On an unrelated note;

Anyone who is not banking with Kiwibank or TSB is a national traitor.

That is all.

On an unrelated note;

Anyone who is not banking with Kiwibank or TSB is a national traitor.

That is all.

So you're saying if there's a kiwi alternative, you're a traitor for not using it?

Hypocrate Much?

On an unrelated note;

Anyone who is not banking with Kiwibank or TSB is a national traitor.

That is all.

That's a good one that is...

Sounds like a perfectly good reason not to belong to arsebook...oops er I mean FACEbook...

On an unrelated note;

Anyone who is not banking with Kiwibank or TSB is a national traitor.

That is all.
Nah the aussies are nice.
They tell us they are going to fuck us.
I was a long term post bank customer - for 10 years they told us that we were kiwi, we are proud, we'll look after ya.....
Meanwhile postbank was silently raping us from behind.

You wait - there will be a time when one of these lovely NZ business rapists touches kiwibank.........then is onto the disassemble line with
- Bluebirds
- NZ Rail....

At least international banks have to be kept honest here.
"I am going to fuck you sir"
"Thankyou - please be gentle, its my first mortgage"
"I will try to sir, bend over, and thank you for banking with ANZ/Westpac...."

the alternative is
"We have the cheapest rates"
"I would like the cheapest rates"
"here you go, sign here"
"Great......hey that was ok........why am I bleeding........where is this blood coming from???? .............WTF!.......RAPE RAPE or god why wont the rape stop!!!!????"
Next thing you know the doctor is pulling a smart car out your ass, your money will be gone in some SCF fund and the pain will be incredible.

I'm BNZ and they have an initial logon that you create yourself, but it still doesn't allow you in to your account.
They send you a gridded card with numbers and letters in it and when you have done your initial logon the bank will ask for a sequence of numbers and letters from this card they give you. It changes every time you logon and they change your card every few months. Seems pretty damn fine to me.

Use ASB daily. No jumping through hoops. Enter your password and you get access.
No one knows my username anyway.

I'm BNZ and they have an initial logon that you create yourself, but it still doesn't allow you in to your account.
They send you a gridded card with numbers and letters in it and when you have done your initial logon the bank will ask for a sequence of numbers and letters from this card they give you. It changes every time you logon and they change your card every few months. Seems pretty damn fine to me.


PSIS have a RSA key. Every 30 seconds it displays a new 6 digit number. You have to know this as well as your login and password.

Its my opinion that Westpac have just come up with a crap idea that saves them $5 per account for a proper system like an RSA key, or a TXT message.

keep ya fucking pittance under the mattress if ur that god damn worried

Anyone who is not banking with Kiwibank ... is a national traitor.

On a related note...
Anyone who uses kiwiwank is an arrogant, selfish, bastard.
Fuck off and get your own buildings and stop parasiting on Postshop.
Those of us who want to simply post a parcel do not want some 2-digit IQ fuckwit who cannot pay their telephone bill online, holding up the queue.

Get your own building.

BNZ customers have this plastic card with different numbers on it, and you have to look at the card and enter numbers off the card in order to access the account. It seems like a good idea, as long as the thief/fraudster doesn't get hold of that card.

If a fraudster gets hold of my card...he also needs to connect it wth the correct bank account number....then he has to know my password which only I know...1+ for the BNZ system.

Why on earth would you have your grandparents or mothers maiden name etc on Facebook? WTF?

Why on earth would you have your grandparents or mothers maiden name etc on Facebook? WTF?

I havent.

I dont even have a face book page.

But for all I know, my mother may have one. Or my Auntie, or a cousin.

Or your great Aunty Ethel may have published the results of her genealogy research on line.

The point is adding more locks to a security system makes it more secure.

Adding more keys makes it less secure.

And a good lock/key combination is obscure, encrypted and random.

Westpacs new system adds more keys, as knowing the answers to the challenge questions obviates the need to know the password.

It also fails the obscure, encrypted, random test, as the challenge questions are common to ALL Westpac customers.

But for all I know, my mother may have one. Or my Auntie, or a cousin.

Or your great Aunty Ethel may have published the results of her genealogy research on line.

Fair point.

Do they not let you set your own questions? I left Westpac ages ago...

why not use false answers? eg, put down grandads name as daisy or something. :yes:

as for facebook, most of my info is false and what is real, isnt displayed even to friends. false username, photos of anything but my face, no identifying info at all.

why not use false answers? eg, put down grandads name as daisy or something. :yes:

as for facebook, most of my info is false and what is real, isnt displayed even to friends. false username, photos of anything but my face, no identifying info at all.

Good idea.. but lots of westpac customers will write down grandmas name. It doesn't overcome the fact that westpac appear to have forced customers to reduce security !

Dave --look at the end of the day if its that much of an issue then why not just change banks?

On a related note...
Anyone who uses kiwiwank is an arrogant, selfish, bastard.
Fuck off and get your own buildings and stop parasiting on Postshop.
Those of us who want to simply post a parcel do not want some 2-digit IQ fuckwit who cannot pay their telephone bill online, holding up the queue.

Get your own building.

Oh God, someone's started Swoop off about Kiwibank again.

Dave --look at the end of the day if its that much of an issue then why not just change banks?

Its not an issue for me, I work in the industry and have a good understanding of internet security.

I know lots of the replies on here have been based on the premise that I can "avoid it", change banks or whatever. But I don't need to do that, as an indivisual I have already patched Westpacs system.

But, its an issue for for many others. I'm aggrieved here for sure, but not on my behalf.

Its just that I see many who trust their banks judgement being made less secure here, not more secure.

I must say, Westpac have listened. I am engaged in a sensible and polite discussion with one of their security guys.

Westapc have nothing on Diners.I recieved a new pin number a few weeks ago,rang and asked why.Reply was our pin numbers have been found faulty,hmm wtf.

So waited til Monday and rang,got an intelligent kiwi(ala tv presenter not an indian)who said "we've changed from charge card to credit card,you should've recieved the card first,the pin you recieved will work on new card".All good but I asked why I couldn't use old pin(different from bank pin)and told no we generate pin for you,and you are only one who knows it.

That's fine but my old pin for example was 8849,new pin is along lines of 6668 or 5559 or 9222,i.e 3 digits same,so rang and said you idiots have given me a pin,which I can't go into Westpac and change(can deposit funds in Westpac)to another number,the reply was you can get new pin sent,then she said at a cost.I said I'm not paying for a new pin,give me a manager please I wish to speak higher.Eventually I was able to change,at no cost,so each time they sent me a computer pin I rang and said wtf it's 1112(true)send another,took 3 attempts to get one I am happy with,they all had double numerals together.

Fuck off and get your own buildings and stop parasiting on Postshop.
Those of us who want to simply post a parcel do not want some 2-digit IQ fuckwit who cannot pay their telephone bill online, holding up the queue.

Get your own building.

:lol: FUCK YEAH!!!! +100....and they all show up at 'the post shop' at lunch time too...bastards!

On an unrelated note;

Anyone who is not banking with Kiwibank or TSB is a national traitor.

That is all.
I assume you ride a Britten to work everyday then?

On an unrelated note;

Anyone who is not banking with Kiwibank or TSB is a national traitor.

That is all.
So those who are with SBS or PSIS or any other New Zealand bank are traitors? Please explain.

Kiwibank was an idiotic plan for labour to get in government by appeasing Anderton's party vote,no fees yeah right.

TSB,SBS,PSIS were all free fee banks at the time,so didn't need another,sure they were not nationwide as kiwibank,but I never had fees with TSB although at the time living in Hawera so local branch in my town.

Am with TSB and Kiwibank(student fees etc was ok)but still have fees with Kiwibank.

Kiwibank allows you to set your own challenge / response questions.

I was going to go with "how long is your schlong?" but the answer field only went to 12 inches.

PS: What is a facebook anyway?

On a related note...
Anyone who uses kiwiwank is an arrogant, selfish, bastard.
Fuck off and get your own buildings and stop parasiting on Postshop.
Those of us who want to simply post a parcel do not want some 2-digit IQ fuckwit who cannot pay their telephone bill online, holding up the queue.

Get your own building.

Yeah, let's make buildings that can only do one thing.


I assume you ride a Britten to work everyday then?

Yep, the Britten 250RS. A 250cc motorcycle that's cost-competitive, warrantable AND actually exists in mass production.


So those who are with SBS or PSIS or any other New Zealand bank are traitors? Please explain.

No, I'll let you off with your building society and co-operative.


Looks like I really hit a nerve with some TRAITORS

Let the hate flow. If you strike me down yadda yadda

Looks like I really hit a nerve with some TRAITORS
Huh? Traitor?
That would mean that I would have to change from my current bank, which is just fine for my needs. It is a real bank.
You cannot go there to post a letter, thank fuck the queue is much shorter than the kiwiwank queue...

PS: What is a facebook anyway?

ANOTHER website for people to talk shit on on the internet....

On a more improtant note - your avatar is mesmerising...

ANOTHER website for people to talk shit on on the internet....

On a more improtant note - your avatar is mesmerising...

I must admit it's been a while since I fit into that g-string

The point is adding more locks to a security system makes it more secure.

Adding more keys makes it less secure.Exactly.


it's 1112(true)send another,took 3 attempts to get one I am happy with,they all had double numerals together.Statistically it doesn't matter if there are successive repeated digits. There's no more or less chance of getting it correct as a guess.


why not use false answers? eg, put down grandads name as daisy or something. :yes:Because come time to use it you probably won't remember what you answered...

I was going to go with "how long is your schlong?" but the answer field only went to 12 inches.Yeah. I tried to use that one but it started at 2.

[QUOTE=Max Preload;1129884443]

Statistically it doesn't matter if there are successive repeated digits. There's no more or less chance of getting it correct as a guess.

QUOTE]

For sure,but every bank warns against it,mind you not writing PIN down is a great piece of advice,shame elderly don't take heed.I guessed a ladies pin,I knew her and she said "hopefully this is pin" which wasn't so I said try 1112,and it was,she used her birthday for that card,stupid yep.

Hmm. Where do we get these security geniuses from ?..... probably Russia!
Actually that would have been a good solution.
"Ok, we know you can breach our security.
Now are you kewl enough to come up with your own that no one can get through?"
A true hacker, Russian or otherwise, would pick up the gauntlet and build a bulletproof security just to prove his superiority or die trying.

A true hacker, Russian or otherwise, would pick up the gauntlet and build a bulletproof security just to prove his superiority or die trying.While leaving a backdoor for themself, of course...