11
comments
comments
ING Direct’s Annoying Security Measures
Email
 Print
|
ING recently added in a very annoying third step to their login procedures that “encrypts” your PIN before they send it across an already encrypted SSL (secure socket layer) connection. I’m a fan of Step 2 (a revolving set of questions that changes each time) as a security measure because it’s actually a security measure. Encrypting a pin twice doesn’t seem to be that much added security and logging into my account takes that much longer ebcasue I need to click on these stupid buttons or type in the corresponding letters. The transmission encryption they use is High-grade SSL Encryption (RC4 128-bit) and it’s so much more powerful than this silly little keypad.
{ 11 comments, please add your thoughts now! }Related Posts
 By Jim |
 Stumble It! Bookmark reddit.comTags: Oct 26, 2005 | Read more in Credit, Personal Finance |
Like this article? Get all the latest articles sent to your email for free every day. Enter your email address and click "Subscribe." Your email will only be used for this daily subscription and you can unsubscribe anytime.
The purpose of the ‘silly little keypad’ is to prevent keyboard loggers from getting a hold of your pin number. This is primarily targeted at people who use computers in public locations (library, internet cafe, etc…). It prevents the user from ever having to actaully type their pin.
Certainly it is annoying but it does serve its purpose.
Ahhh, now I understand, I would argue against logging into sensitive accounts from public computers but I also understand that some people don’t have a choice.
If you think this is annoying, just wait for the new security measures to be rolled out at banks across the web.
That reminds me of the SecureID things that practically all my employers have used. It’s a little widget with a display that cycles through numbers, you need to use those numbers to login to the system remotely.
It’s not just public PCs, it’s also to help protect against a widespread or even a narrowly targeted virus capturing the info, even on a home PC. In our experience, well over 75% of home and poorly managed office PCs have viruses or spyware that would be capable of logging critical information. This certainly isn’t foolproof, because you could always do screen caps and track click parameters and get the information, but it’s much more difficult to process the data on a large scale (from thousands of PCs).
Hopefully we’ll see more measures like this on other banks, or better still, support for a hardware device such as secureID or a biometric reader.
as denon mentioned its also to prevent keylog softwares.
a few other banks are starting this too.
rather annoying for those of us accessing from home, and are 100% positive their computer is safe from funky programs.
I guess for the average joe its a good thing.
In the end, if it prevents one case of fraud and helps get us all greater returns (though Emigrant still has a higher return than ING), I can handle it.
no way. I hate it with a passion. lol.
you reminded me how much I hated it. I guess its annoying cuz I have to deal with two of ‘em.
Cap,
We deal with home and office users all the time, that are 100% sure their computers are “safe”. They figure since they have an AV software, and ran some adware detection util, they’ve caught everything. Very often, we find either undetected malware, or something not yet in AV or spyware definitions. Even on my own workstation, I’m reasonably sure that it’s secured well, and free of malware, but I’d not stake my life on it. There’s always a new exploit, or ways of loading new malicious payloads..
well maybe 100% is stretching it, you’re right.
I duno about staking my life on it, but I’m fairly certain I’ve secure my system well enough. I’ve used the net for a long long time now, and I have had my fair share of silly trojans to malware.
most of those are because I was being stupid, accessing obvious potential problem source.
still, I hardly spend time browsing around the web/net anymore, and my list of frequently accessed sites are down to a handful.
you’re right on that there’s always new exploits, (using Windows, for example, is just really asking for it) but unless I’m being specifically targetted, I don’t really worry about it much.
I like ING’s PIN method because it guards against keyloggers. The security feature that annoys me most on some websites are unreadable CAPTCHAs. I must be a robot, because I can never read the things 90% of the time. Some websites have implemented a ‘refresh’ button to get a new one if you can’t read it, but it’s still a hassle.