Westpac morons at work

**davereid** · 6th October 2010, 10:47

Yes, its not only the Gubbermint that can come up with moronic ideas, In my humble opinion Westpac prove that private industry is at the forefront of stupidity.

Todays internet banking logon tells me of a great new security idea. (Its not optional of course, good ideas never are.)

I get to answer some questions "Whats your grandads name", "what was your first car", that kind of stuff.

Then if I forget my password, all I need to do is answer the "challenge question" and I can have a new one !

So, the russian hacker doesnt need to know my really tricky banking password anymore.

All he needs to do is have look at my facebook page to see grandad in my friends list, and ask westpac for a new password.

My lovely secure password and the bank site encryption now amounts to nothing, as the answers to many of the challenge questions are public domain, and even more are known to friends, family and the evil ex wife.

Hmm. Where do we get these security geniuses from ?

**onearmedbandit** · 6th October 2010, 11:03

I went through the same thing last week. Luckily you have more choices than your granddads name, like first street you grew up in, first pet, and lots more choices too. So unless you're stupid enough to put all your personal info on somewhere that is obviously not all that private (although you can make your facebook profile private) your squillions should be safe. Mine are.

**Laava** · 6th October 2010, 11:04

Have you seen how Kiwibanks login works? If they are trying to copy that, then that is a good thing. It's not an alternative. It's an extra and you get to set the questions. It is not a keystroke thing either so no-one can hack your computer and suss it out.

**BuzzardNZ** · 6th October 2010, 11:08

Originally Posted by davereid

So, the russian hacker doesnt need to know my really tricky banking password anymore.

All he needs to do is have look at my facebook page to see grandad in my friends list, and ask westpac for a new password.

My lovely secure password and the bank site encryption now amounts to nothing, as the answers to many of the challenge questions are public domain, and even more are known to friends, family and the evil ex wife.

Hmm. Where do we get these security geniuses from ?

Hmm. Where do we get these security geniuses from ?..... probably Russia!

**davereid** · 6th October 2010, 11:17

Originally Posted by onearmedbandit

I went through the same thing last week. Luckily you have more choices than your granddads name, like first street you grew up in, first pet....

Of course the kids who grew up in your street would know all those ones, as would your first girl friend, the ex wife and scores of people.

While, with care you could select questions that would be hard to find, last week I was much safer as my carefully crafted, and regularly changed password was the only way in to my account.

Now you just might be able to get in if you knew enough about me.

**HenryDorsetCase** · 6th October 2010, 11:20

Originally Posted by davereid

Yes, its not only the Gubbermint that can come up with moronic ideas, Westpac prove that private industry is at the forefront of stupidity.

Todays internet banking logon tells me of a great new security idea. (Its not optional of course, good ideas never are.)

I get to answer some questions "Whats your grandads name", "what was your first car", that kind of stuff.

Then if I forget my password, all I need to do is answer the "challenge question" and I can have a new one !

So, the russian hacker doesnt need to know my really tricky banking password anymore.

All he needs to do is have look at my facebook page to see grandad in my friends list, and ask westpac for a new password.

My lovely secure password and the bank site encryption now amounts to nothing, as the answers to many of the challenge questions are public domain, and even more are known to friends, family and the evil ex wife.

Hmm. Where do we get these security geniuses from ?

Westpac are the most useless when it comes to this stuff. all the other bands have extra features which provide additional but by no means foolproof security

**imdying** · 6th October 2010, 11:22

Only dumb faggots who don't care about their privacy would use facebook anyway.

And FFS use your brain and put different anwers to the questions you muppet

**davereid** · 6th October 2010, 11:40

Originally Posted by imdying

Only dumb faggots who don't care about their privacy would use facebook anyway.

And FFS use your brain and put different anwers to the questions you muppet

The issue is not what you can do to provide yourself with security in spite of Westpac stupidity

(You could as you point out use a pass-phrase unrelated to the question as the answer.)

What erks me, is that this compulsory weakening of my security is foisted on me as a security enhancement !

And it also erks me that idiots cant see that, but its very easy for me to ignore idiots, much harder for me to do without internet banking.

**imdying** · 6th October 2010, 11:44

Originally Posted by davereid

What erks me, is that this compulsory weakening of my security is foisted on me as a security enhancement !

It's only as weak as you make it.

Originally Posted by davereid

And it also erks me that idiots cant see that, but its very easy for me to ignore idiots, much harder for me to do without internet banking.

If you think their security is inadequate, change banks... surely that is what any prudent person would do? Or is that in the too hard basket?

**onearmedbandit** · 6th October 2010, 11:55

Originally Posted by davereid

Of course the kids who grew up in your street would know all those ones, as would your first girl friend, the ex wife and scores of people.

While, with care you could select questions that would be hard to find, last week I was much safer as my carefully crafted, and regularly changed password was the only way in to my account.

Now you just might be able to get in if you knew enough about me.

And if they know your customer id. Now if they've made it that far, you have been too sloppy.

**DangerMice** · 6th October 2010, 12:04

The password for ASB internet banking is case insensitive so there goes your increased complexity with upper & lowercase letters. P7iUYt8R = p7iuyt8r as far as they're concerned. (No, that's not my password)

DM

**davereid** · 6th October 2010, 12:07

Originally Posted by onearmedbandit

And if they know your customer id. Now if they've made it that far, you have been too sloppy.

So IF they know my customer ID, I accept that I have been careless.

But my password is a tough nut to crack, and it was the only key.

Now my password is not the only key.

Westpac has added a whole list of new keys to my account. Some of which may be easier to guess than my password.

How exactly does this help me be more secure...?

Scenario.. someone steals my wallet, and therefore have my drivers licence, DOB, address, and Westpac account number.

At the moment they cannot use that to guess my password. But the security questions are known to all westpac customers, and all hackers.

An hours googling could find answers to many of the questions. The best bit is, that if they guess my challenge questions, then they already know how to answer the challenge question they need to answer to transfet BOTH my dollars to russia.

**onearmedbandit** · 6th October 2010, 12:14

Originally Posted by davereid

So IF they know my customer ID, I accept that I have been careless.

But my password is a tough nut to crack, and it was the only key.

Now my password is not the only key.

Westpac has added a whole list of new keys to my account. Some of which may be easier to guess than my password.

How exactly does this help me be more secure...?

Scenario.. someone steals my wallet, and therefore have my drivers licence, DOB, address, and Westpac account number.

At the moment they cannot use that to guess my password. But the security questions are known to all westpac customers, and all hackers.

An hours googling could find answers to many of the questions. The best bit is, that if they guess my challenge questions, then they already know how to answer the challenge question they need to answer to transfet BOTH my dollars to russia.

You're account number is different to your user id, that should never be written down. You can also modify your user id to something unique.

I do understand what you are saying. However I'd like to know Westpacs reasoning behind it. (I'm assuming there is a legitimate reason for the change)

**SMOKEU** · 6th October 2010, 12:14

BNZ customers have this plastic card with different numbers on it, and you have to look at the card and enter numbers off the card in order to access the account. It seems like a good idea, as long as the thief/fraudster doesn't get hold of that card.

**imdying** · 6th October 2010, 12:21

Originally Posted by davereid

An hours googling could find answers to many of the questions. The best bit is, that if they guess my challenge questions, then they already know how to answer the challenge question they need to answer to transfet BOTH my dollars to russia.

Which the bank will reimburse you for. Just change all of your challenge question answers to the same as your password if you think your password is bulletproof. Or gibberish... you can still ring the bank to have your password reset if required, but that'll never happen because you change them regularly enough.

Thread: Westpac morons at work

Thread Tools

Westpac morons at work

Thread Information

Users Browsing this Thread

Bookmarks

Bookmarks

Posting Permissions