Groups | Search | Server Info | Login | Register

Groups > comp.misc > #23881

Re: Using SMS for password reset.

Message-ID <65b963eb@news.ausics.net> (permalink)
Subject Re: Using SMS for password reset.
Newsgroups comp.misc
References <l1rpu5FbrprU1@mid.individual.net>
From newsmaster@ausics.net
Date 2024-01-31 07:02 +1000
Organization Ausics - https://newsgroups.ausics.net

Show all headers | View raw

Sylvia Else <sylvia@email.invalid> wrote:
> This is really a rant - venting to release some of the frustration.
> 
> I'm in the process of selling my house, and I need somewhere secure to 
> hold the proceeds. I decided I'd create a account with a bank I don't 
> otherwise bank with, and interact online with it using a live-DVD on a 
> system that has no storage. So no risk of key loggers or other hacks.

Although probably a higher risk of running software that's missing
the latest security bug fixes, and therefore _might_ be vulnerable
to snooping on the encrypted data, or page content in web browsers
via Javascript. I suppose you could run updates each time after
booting though.

> Except that the banks insist on having a password reset option, 
> validated using an SMS. This undermines my attempts at ensuring that the 
> account remains secure.

Yes the SMS requirement annoys me too, although for different
reasons related to me not frequently using a mobile at all. But I
only have online banking enabled for accounts from which I want to
make payments for online purchases, where I transfer the required
amount into them before-hand. Otherwise money is kept in accounts
that don't have online banking and I don't have to provide a mobile
phone number for them, although I believe it is an option for
verification with phone banking.

> I've tried telling banks (and other entities, indeed) that I don't want 
> the ability to reset the password. No go, because such an option is not 
> implemented in their systems.
> 
> Telcos in Australia have some quite strict rules regarding transfer of 
> mobile phone numbers, but the rules still get broken, and frauds 
> committed thereby.

I wonder if there's an equivalent to 127.0.0.1 for mobile phone
numbers, where you _know_ they can't call anyone with that number
(even yourself)? CBA requires the SMS code while setting up and
using their online banking funtions too though (rather annoying for
me because I keep my mobile phone in the car all the time).

> If someone perpetrated a fraud as a consequence of the SMS password 
> reset, I'd have a good case that it was a fraud against the bank, rather 
> than against me, and that it was therefore the bank's loss.
> 
> Still, I'd rather not have to deal with it.

Yes I've had bank staff tell me about similar protections
when I say I don't want online banking, but it ignores the
immediate difficulty of finding that all your money's gone and
then having to wait penniless until the bank gets around to looking
into it (and hoping they're competent at doing so).

-- 
__          __
#_ < |\| |< _#  | Note: I won't see posts made from Google Groups |

Back to comp.misc | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Using SMS for password reset. Sylvia Else <sylvia@email.invalid> - 2024-01-30 19:22 +1100
  Re: Using SMS for password reset. Dan Purgert <dan@djph.net> - 2024-01-30 10:39 +0000
    Re: Using SMS for password reset. Sylvia Else <sylvia@email.invalid> - 2024-01-30 21:57 +1100
      Re: Using SMS for password reset. Bruce Horrocks <07.013@scorecrow.com> - 2024-02-06 23:47 +0000
        Re: Using SMS for password reset. "Kerr-Mudd, John" <admin@127.0.0.1> - 2024-02-07 10:31 +0000
        Re: Using SMS for password reset. Ian <gay@sfuu.ca> - 2024-02-07 15:03 -0800
    Re: Using SMS for password reset. Spiros Bousbouras <spibou@gmail.com> - 2024-01-30 14:33 +0000
      Re: Using SMS for password reset. D <nospam@example.net> - 2024-01-30 16:38 +0100
      Re: Using SMS for password reset. Julieta Shem <jshem@yaxenu.org> - 2024-01-30 13:39 -0300
        Re: Using SMS for password reset. Mike Spencer <mds@bogus.nodomain.nowhere> - 2024-01-30 19:56 -0400
          Re: Using SMS for password reset. Julieta Shem <jshem@yaxenu.org> - 2024-01-31 17:57 -0300
      Re: Using SMS for password reset. Dan Purgert <dan@djph.net> - 2024-01-31 11:10 +0000
        Re: Using SMS for password reset. Sylvia Else <sylvia@email.invalid> - 2024-01-31 22:34 +1100
          Re: Using SMS for password reset. Dan Purgert <dan@djph.net> - 2024-02-01 15:16 +0000
        Re: Using SMS for password reset. Spiros Bousbouras <spibou@gmail.com> - 2024-01-31 12:06 +0000
          Re: Using SMS for password reset. Dan Purgert <dan@djph.net> - 2024-02-01 15:48 +0000
            Re: Using SMS for password reset. Spiros Bousbouras <spibou@gmail.com> - 2024-02-01 17:57 +0000
  Re: Using SMS for password reset. Rich <rich@example.invalid> - 2024-01-30 16:39 +0000
  Re: Using SMS for password reset. newsmaster@ausics.net - 2024-01-31 07:02 +1000
  Re: Using SMS for password reset. Sylvia Else <sylvia@email.invalid> - 2024-01-31 09:45 +1100
    Re: Using SMS for password reset. Rich <rich@example.invalid> - 2024-01-30 23:39 +0000
      Re: Using SMS for password reset. Bob Eager <news0009@eager.cx> - 2024-01-31 00:10 +0000
      Re: Using SMS for password reset. Julieta Shem <jshem@yaxenu.org> - 2024-01-30 22:30 -0300
        Re: Using SMS for password reset. kludge@panix.com (Scott Dorsey) - 2024-01-31 01:41 +0000
          Re: Using SMS for password reset. Julieta Shem <jshem@yaxenu.org> - 2024-01-30 23:09 -0300
            Re: Using SMS for password reset. D <nospam@example.net> - 2024-01-31 10:58 +0100
      Re: Using SMS for password reset. Sylvia Else <sylvia@email.invalid> - 2024-01-31 13:32 +1100

csiph-web