Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

AIB Internet banking authentication change

  • 19-05-2015 10:47am
    #1
    Registered Users, Registered Users 2 Posts: 695 ✭✭✭


    Has anyone noticed they seem to have removed the second level of authentication, ie all they want now is your registration number then selected digits from your passcode. That's it- you're then in.

    Before you needed to also input parts of your password.

    I rang them and was told this is to bring it into line with their phone banking method.

    Anyone else find it very strange and worrying that they seem to be slackening off on security?


Comments

  • Registered Users, Registered Users 2 Posts: 84,762 ✭✭✭✭Atlantic Dawn
    M


    You can change the code you are using.


  • Registered Users, Registered Users 2 Posts: 10,910 ✭✭✭✭28064212


    Chelon wrote: »
    Before you needed to also input parts of your password.
    Password? It was parts of your phone number, no?

    And if someone already has your Registration No and your PAC, how much difficulty do you think they'll have retrieving the last 4 digits of your phone number? Requiring that to log in wasn't any more secure, so removing it doesn't lessen security

    Boardsie Enhancement Suite - a browser extension to make using Boards on desktop a better experience (includes full-width display, keyboard shortcuts, dark mode, and more). Now available through your browser's extension store.

    Firefox: https://addons.mozilla.org/addon/boardsie-enhancement-suite/

    Chrome/Edge/Opera: https://chromewebstore.google.com/detail/boardsie-enhancement-suit/bbgnmnfagihoohjkofdnofcfmkpdmmce



  • Registered Users, Registered Users 2 Posts: 695 ✭✭✭Chelon


    28064212 wrote: »
    Password? It was parts of your phone number, no?

    And if someone already has your Registration No and your PAC, how much difficulty do you think they'll have retrieving the last 4 digits of your phone number? Requiring that to log in wasn't any more secure, so removing it doesn't lessen security

    Yes you're correct, it was the phone number or digits from your credit card.

    But still not a bit concerning to be removing a level of security? Other internet banking I use has 2 levels to pass after you've entered your reg number.

    Plus with AIB, if you have the reg number, all that's left is a 5 digit passcode - digits only, no alpha or special characters etc.

    I'm no hacker but surely that has to be less secure than a full password?


  • Registered Users, Registered Users 2 Posts: 10,910 ✭✭✭✭28064212


    Chelon wrote: »
    But still not a bit concerning to be removing a level of security?
    But that's missing the point: it's not a level of security. It's an entirely useless step. It's like having a locked door, with a curtain hanging inside it. No-one who gets through the door will be stopped by the curtain. No-one who would be stopped by the curtain would get through the door in the first place. Removing the curtain isn't taking away a level of security, all of the security is provided by the door
    Chelon wrote: »
    Plus with AIB, if you have the reg number, all that's left is a 5 digit passcode - digits only, no alpha or special characters etc.
    The fact that they ask for 3 random digits increases the strength quite a bit. A simple 5-digit passcode is quite easy to crack, you just have 100,000 combinations to try, one after the other. When the digits that are asked for constantly change, it's more difficult.

    Also, it's pretty easy to spot suspicious behaviour. If someone puts the wrong passcode in a couple of times in a row, locking them out for a period of time is simple. You can also lock them out permanently, until they verify their identity to a phone operator.

    Boardsie Enhancement Suite - a browser extension to make using Boards on desktop a better experience (includes full-width display, keyboard shortcuts, dark mode, and more). Now available through your browser's extension store.

    Firefox: https://addons.mozilla.org/addon/boardsie-enhancement-suite/

    Chrome/Edge/Opera: https://chromewebstore.google.com/detail/boardsie-enhancement-suit/bbgnmnfagihoohjkofdnofcfmkpdmmce



  • Registered Users, Registered Users 2 Posts: 695 ✭✭✭Chelon


    28064212 wrote: »
    But that's missing the point: it's not a level of security. It's an entirely useless step. It's like having a locked door, with a curtain hanging inside it. No-one who gets through the door will be stopped by the curtain. No-one who would be stopped by the curtain would get through the door in the first place. Removing the curtain isn't taking away a level of security, all of the security is provided by the door


    The fact that they ask for 3 random digits increases the strength quite a bit. A simple 5-digit passcode is quite easy to crack, you just have 100,000 combinations to try, one after the other. When the digits that are asked for constantly change, it's more difficult.

    Also, it's pretty easy to spot suspicious behaviour. If someone puts the wrong passcode in a couple of times in a row, locking them out for a period of time is simple. You can also lock them out permanently, until they verify their identity to a phone operator.

    But before they'd have to know either your phone number or credit card number - ok maybe not as secure as a full password but surely a tiny bit better than what they've replaced this step with (answer- nothing).

    Just thinking it's very strange when just about every other system you see is adding more security, asking for complex passwords, etc. AIB seem to be going the other way.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 695 ✭✭✭Chelon


    28064212 wrote: »
    Password? It was parts of your phone number, no?

    And if someone already has your Registration No and your PAC, how much difficulty do you think they'll have retrieving the last 4 digits of your phone number? Requiring that to log in wasn't any more secure, so removing it doesn't lessen security

    I'm just curious here - imagine you are on holiday and someone breaks into your house and steals your pc, on which you have very foolishly left a note of both your Reg number and passcode.

    How would they then be able to discover your mobile phone number?


  • Registered Users, Registered Users 2 Posts: 10,910 ✭✭✭✭28064212


    Chelon wrote: »
    I'm just curious here - imagine you are on holiday and someone breaks into your house and steals your pc, on which you have very foolishly left a note of both your Reg number and passcode.

    How would they then be able to discover your mobile phone number?
    Really? Someone who's written down their Reg number and passcode, but nowhere in their entire house do they have any reference to their mobile phone number? I find that to be a pretty unlikely scenario. Even if it were true, a mobile number is not a difficult thing to discover. If I had someone's reg number and passcode, targeting their phone number would be trivial

    Not to mention that there's not a whole lot you can do with just the reg number and passcode. For any kind of transfer, you'd need your card-reader and PIN

    Boardsie Enhancement Suite - a browser extension to make using Boards on desktop a better experience (includes full-width display, keyboard shortcuts, dark mode, and more). Now available through your browser's extension store.

    Firefox: https://addons.mozilla.org/addon/boardsie-enhancement-suite/

    Chrome/Edge/Opera: https://chromewebstore.google.com/detail/boardsie-enhancement-suit/bbgnmnfagihoohjkofdnofcfmkpdmmce



  • Registered Users, Registered Users 2 Posts: 695 ✭✭✭Chelon


    I just reckon a smash and grab thief would do just that - he wouldn't spend time scouring the house for stuff like a phone number.

    Just aksing because I've tried to find mobile numbers for people online before and it wasn't that easy.


Advertisement