This is from anecdotal experience but it seems that the email service, Gmail accounts users are guaranteed more safety than online bank account users for many banks across the world.
One of my former colleagues who lives in Canada got a visit from the local police after accessing a female acquaintance’s gmail account. He used a keylogger to record the details when she used a laptop of a friend who was clueless on computers and then after obtaining details and accessing her account, he looked through emails to ‘put himself’ i whatever activities she was in to have a greater chance of being with her :rolleyes:. Smart idea but it when wrong. She didn’t suspect anything at all until she received sign-in attempts which he could not delete that Google investigated and eventually forwarded to the local police. I’m not to sure what happened to him but despite not being charged, he definitely has had his life changed by more run-ins with the law.
Conversely, I knew shithead kids in my school who improved themselves and were making more trips abroad than me but everyone knew it was because they were involved in something similar to the Canadian acquaintance; either recording the keystrokes that their desired victims typed on their bank details or various types of debit card skimming etc.
What really gets me is that these guys were pretty dumb to but that was not at all a prison sentence for any of them. They were accessing accounts from London, Paris, New York, Moscow but the bank didn’t alert to sign-in’s from different I.P addresses like Google does even when it’s a different computer in the same city. They were able to take thousands of pounds.
What’s the explanation for this? Are banks as they say only concerned about other companies/banks who steal from them but not their customers because they’re too busy raking in money?
I can’t definitively say yes, but it doesn’t surprise me that banks may be less secure. My bank doesn’t even offer two factor authentication. I play video games that at least offer 2FA. I know 2FA isn’t the best security out there, but it’s better than nothing.
I suppose that this could tun into a debate, depending on the answers provided and the responses of other posters, but at the moment it looks more like a factual/GQ question.
I don’t use G-mail so I am not familiar with their security measures, but my bank, and AFAIK all UK banks take security very seriously. A key logger would not give you enough to hack my account as there are some drop-down boxes to click.
I find it curious that rational people will happily carry substantial wads of currency on their person, but refuse to use internet banking.
My bank requires a one time code generated by either a physical generator or an app on my phone (which can only be installed on the phone registered with the bank), plus a personal password. Every login also shows the last previous successful login attempt.
I don’t know what kind of regime they have for following up on hacking attempts, as they are very rare and difficult to perform.
I haven’t seen 2-factor authentication at Canadian institutions yet, including Tangerine and Desjardins. Some institutions offer a physical key generator, but only for commercial accounts.
Anecdote:
For several years, the Banque de Montréal (BMO) Web site used this approach:
1- Type in the debit card number (optionally remembered) and click a button.
2- The site shows a pre-selected picture and phrase, and prompts for a password.
3- Type in the password (4 digits plus 2 letters) and click a button.
So the passwords are pretty weak, but at least step 2 gives the user some assurance that the Web site is legit.
They used this for their mobile app too, as I recall, but then they redesigned the mobile app, prompting for card number and password on the same page, skipping step 2.
Last October (?), I got a message saying “October is online security month!”… and another saying “Because the mobile app doesn’t do it, you won’t need [step 2] on the Web site from now on either!”. :rolleyes:
I don’t think gmail requires 2-factor authentication, though it is available and recommended. My banks all require 2-factor authentication (security code sent by e-mail or SMS) when you log in from a new computer.
I don’t use debit cards.
Bank shows every failed log in attempt
My pocket can’t be scanned very easily for how much cash I have on me. Go ahead and try to pick my pocket. Bawahahaha
Just heard a rumor two day ago that the strips in some of the new money can be used by scanning to see how much you have on you… Never heard that before. ( true or false? ) (( new DEA tool ))
I find it quite bizarre that a lot of people these days depend exclusively on internet connectivity to do important and possibly time-sensitive things like banking. Having cash on hand is the functional equivalent of backing up your computer files.
Options to help you protect your password and secure login
Procedures to prevent brute force attacks
Monitoring of servers to detect intrusion
Research and updating to prevent exploits
And lots else besides. Only Google is really rocking all of that.
Dynamic internet based companies like Google have a much easier time implementing cutting edge security than formal institutions like banks, because Google literally is an internet related company, whereas banks simply have an online portal. Also with the (probably) more red tape to try to match the legal standards for being a bank, they stagnate and simply cant keep up.
From the posts in the thread, Canadians and Americans definitely have better security measures than the banks here in the UK.
I just got a scam text an hour ago telling me to log in. The site at first glance appeared incredibly genuine and had I not gone through my rudimentary experiences from watching documentaries and articles on various scams, I would have fallen for it.
Could someone explain how these guys are able to do it? I know it’s definitely a scam but the text number they used was the genuine one from my bank even though they said when I called them today and always on their site that they never ask for info. How can they fake text numbers?
No, Google doesn’t require 2FA. Which is really great.
More and more sites are catching on that 2FA isn’t really secure so it is becoming increasingly deprecated. It will eventually end up in the security theater bit bucket.