Credit, Personal Finance 
11
comments

ING Direct’s Annoying Security Measures

Email  Print Print  

ING recently added in a very annoying third step to their login procedures that “encrypts” your PIN before they send it across an already encrypted SSL (secure socket layer) connection. I’m a fan of Step 2 (a revolving set of questions that changes each time) as a security measure because it’s actually a security measure. Encrypting a pin twice doesn’t seem to be that much added security and logging into my account takes that much longer ebcasue I need to click on these stupid buttons or type in the corresponding letters. The transmission encryption they use is High-grade SSL Encryption (RC4 128-bit) and it’s so much more powerful than this silly little keypad.

{ 11 comments, please add your thoughts now! }

Related Posts


RSS Subscribe Like this article? Get all the latest articles sent to your email for free every day. Enter your email address and click "Subscribe." Your email will only be used for this daily subscription and you can unsubscribe anytime.

11 Responses to “ING Direct’s Annoying Security Measures”

  1. Dave says:

    The purpose of the ‘silly little keypad’ is to prevent keyboard loggers from getting a hold of your pin number. This is primarily targeted at people who use computers in public locations (library, internet cafe, etc…). It prevents the user from ever having to actaully type their pin.

    Certainly it is annoying but it does serve its purpose.

  2. jim says:

    Ahhh, now I understand, I would argue against logging into sensitive accounts from public computers but I also understand that some people don’t have a choice.

  3. If you think this is annoying, just wait for the new security measures to be rolled out at banks across the web.

  4. jim says:

    That reminds me of the SecureID things that practically all my employers have used. It’s a little widget with a display that cycles through numbers, you need to use those numbers to login to the system remotely.

  5. denon says:

    It’s not just public PCs, it’s also to help protect against a widespread or even a narrowly targeted virus capturing the info, even on a home PC. In our experience, well over 75% of home and poorly managed office PCs have viruses or spyware that would be capable of logging critical information. This certainly isn’t foolproof, because you could always do screen caps and track click parameters and get the information, but it’s much more difficult to process the data on a large scale (from thousands of PCs).

    Hopefully we’ll see more measures like this on other banks, or better still, support for a hardware device such as secureID or a biometric reader.

  6. Cap says:

    as denon mentioned its also to prevent keylog softwares.

    a few other banks are starting this too.

    rather annoying for those of us accessing from home, and are 100% positive their computer is safe from funky programs.

    I guess for the average joe its a good thing.

  7. jim says:

    In the end, if it prevents one case of fraud and helps get us all greater returns (though Emigrant still has a higher return than ING), I can handle it.

  8. Cap says:

    no way. I hate it with a passion. lol.

    you reminded me how much I hated it. I guess its annoying cuz I have to deal with two of ‘em.

  9. denon says:

    Cap,
    We deal with home and office users all the time, that are 100% sure their computers are “safe”. They figure since they have an AV software, and ran some adware detection util, they’ve caught everything. Very often, we find either undetected malware, or something not yet in AV or spyware definitions. Even on my own workstation, I’m reasonably sure that it’s secured well, and free of malware, but I’d not stake my life on it. There’s always a new exploit, or ways of loading new malicious payloads..

  10. Cap says:

    well maybe 100% is stretching it, you’re right.

    I duno about staking my life on it, but I’m fairly certain I’ve secure my system well enough. I’ve used the net for a long long time now, and I have had my fair share of silly trojans to malware.

    most of those are because I was being stupid, accessing obvious potential problem source.

    still, I hardly spend time browsing around the web/net anymore, and my list of frequently accessed sites are down to a handful.

    you’re right on that there’s always new exploits, (using Windows, for example, is just really asking for it) but unless I’m being specifically targetted, I don’t really worry about it much.

  11. echidnina says:

    I like ING’s PIN method because it guards against keyloggers. The security feature that annoys me most on some websites are unreadable CAPTCHAs. I must be a robot, because I can never read the things 90% of the time. Some websites have implemented a ‘refresh’ button to get a new one if you can’t read it, but it’s still a hassle.


Please Leave a Reply
Bargaineering Comment Policy


Previous Article: «
Next Article: »
Advertising Disclosure: Bargaineering may be compensated in exchange for featured placement of certain sponsored products and services, or your clicking on links posted on this website.
About | Contact Me | Privacy Policy/Your California Privacy Rights | Terms of Use | Press
Copyright © 2014 by www.Bargaineering.com. All rights reserved.