Kiwibank's second-step validation is easily bypassed by changing your browser agent to something Linuxy and heading to their mobile login page. You can do everything from the mobile site that you can do from the main site. Their security is basically for show.
I asked them about their stupid "something you know" and "something else you know, picked from three questions and typed by clicking on buttons" system, apparently "customers don't like the idea of codes". If only there was an opt in to 2-factor.
On 21/11/2011, at 3:04 PM, David Robinson wrote:
> On 20 November 2011 10:17, Don Gould <don@bowenvale.co.nz> wrote:
>> I don't know if KiwiBank have an active team dealing with this sort of
>> rubbish, though I get hit with them quite often, so clearly someone has KB
>> in their sights.
> Hi,
>
> I'm not a KB customer but I did email them asking to fix their
> internet banking security KB Phising outnumbers other banks Phisisng
> 10 or 20 to 1 (on my email). My email to them was along the lines of
> seeing you don't have some type of two factor authentication on your
> internet banking you are a low hanging fruit for Phising compared to
> the other NZ banks, hence the high number of phishing emails. Their
> response was we try and make things easy for our customers, so we
> don't have two factor auth and we rely on anti fraud software to pick
> this up. (can dig up the email if anyone is interested)
Also kiwibank passwords aren't case sensitive. At least that's better than another major bank, which only takes the first 8 characters and also isn't case sensitive.
I would like that. When I used to run my own mail servers receive time SPF and basic spam checking wiped out 90% of my spam. Plus a legit sender would get a bounce and find another way to contact me.
> Also it would help if Gmail bounced emails at the border before
> accepting if they are a SPF hardfail as most banks have their SPF set
> up to hardfail so it would be nice if GMail's inbound server never
> accepted emails that had a hard SPF fail. Does mean having to do SPF
> at accept time rather than later.
_______________________________________________
NZNOG mailing list
NZNOG@list.waikato.ac.nz
http://list.waikato.ac.nz/mailman/listinfo/nznog