All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
What do you do about your bank logins?
asterisk14
Member
Hi all,
I am getting more and more banks asking me to use online banking and in some of these there are quite high amounts which is causing me to question how I store the log in info.
Currently I used Bitwarden to store account info/login/password/memorbable word or date etc. So ALL the info someone would need to access my account and withdraw my money is in bitwarden. I used bitwarden as a broswer extension on my many laptops but only need the bank data infrequently so I do not HAVE to store it there. I read Botwarden is encrypted so if anyone gets data it will be useless to them. I guess I'm more concerned if a website or another program manages to steal the data whilst I access Bitwarden in my browser as it will be unencrypted at that point.
So the possible options are:
1) Keep on bitwarden and not be paranoid or ditch it and use one/more of the options below:
2) Written on a piece of paper and store in >1 locations
3) Keep it locally on a computer after encrypting it with Boxcryptor
4) Encrypt and store in the cloud
5) A combo of the above?
6) Something else?
What do the rest of you do about this?
Comments
Any half serious portal should use 2auth, especially banks. Do you not have that option? Security key/phone app
I have security key for 2 accounts but not for 3 others.
For these others they are saving/investment accounts who don't issue security key and they ask for memorable date/place instead to access account. ALL this info is stored in Bitwarden so someone could gain complete access to high value investment accounts.
I just use my phone with bio-metric login. My local banks do not use 2auth, but uses the phone app as the 2nd factor for authentication, so if you try to login from PC, it'll show a popup on the phone app to confirm login with bio-metric verification.
Wtf? What country is this?
You've just described exactly what 2FA is. Or even 3FA (password+phone+biometrics).
Britain/UK.
Thinbing about it, I'm sure there's also enough info in the emails these investment banks have sent me & info I have in the email account to access the accounts too, so all someone has to do is hack my email and they have all the information to withdraw 10,000s of pounds. Probably easier than Bitwarden too.
Haha, ya... The phone is the second factor.
I usually associate 2FA with those 6 digit numbers you get by SMS, since it is the most common one. So did not realize biometric verification on phone still counts as 2FA.
I wish banks allowed the use of Yubikey. So far I know of no bank where customers can configure these.
Banks needs to keep their services available to everyone, even those without computers. Since now a days almost everyone uses phones, that's their target audience. So they do not consider hardware options like Yubikey that are designed primarily for computers.
I remember a few years back our bank issued out TOTP devices where you had to generate the OTP on the device and enter it. But most people lost it or did not have it handy outside their home. Maybe Yubikey would have similar issues? Dunno...
But I do agree that tying everything to phone is a bad idea. Should have more hardware based options to separate the logins. Passwords should have been obsolete by now...
The OTP devices are all well and good, 2 of my banks use them. They can be a bit of a ball ache when I'm out and about but then again there's usually no urgent need to access my accounts. The worst thing is I keep losing them!
My major issue is that of where to keep the access data so it's readily available when needed but also secure and backed up .
Bank login info are out of PWD Managers for me. That's an area where my memory has to be my PWD manager.
One does not have to use just one Yubikey, but 3 (one in wallet, one in house, one at work), or one for every accountant and bookkeeper if it's a company.
That is a LOT of Yubikey...
Exactly the problem I described. Most people keep losing them
That is also a lot of security. This way one can keep track of their company and who logins where. The price of multiple Yubikey for a company is insignificant compared to security it receives for every access.
For a companies it makes sense but not for individuals, unless you have enough money to warrant that kind of personal security.
Sometimes I realize how lucky I am to live in Sweden, digital signing and identification have been standardized here for over a decade.
Doesn't Sweden have compulsory military training as well?
I just keep it on Bitwarden, hopefully it's okay .
Well, kind of. You do 10-15 months of training usually around the age of 18, but it is far from everyone that gets to do it. I would guess somewhere around 5-10%, and most of them are voluntaries anyway.
Same for Denmark. It is not always problem free but it is quite nice that digital sign-in is mandatory.
I am wondering if you will feel the same after the next 6 months of listening tattoo by Loreen on every radio station 20x per day :P
You're stuck on me like a tattooooo..............
That would be a problem, but luckily I never listen to the radio.
Didn't even know she won until I googled it right now.
Singapore has compulsory military training AND was late to start the digitization of their banking systems. So I guess Sweden is much better place to live...
Does anyone listen to the radio anymore? Full of ads and useless commentary. Give me non stop music, not "great deals for under $100" on the music channel... I mostly use adblocked youtube to play music now a days...
Anyway, back on topic, is there any country where they have yet to roll out internet banking?
I just have to verify that I get this right.
Are you saying that it is possible to login to your online banking and gain access to tens of thousands of pounds with just a username and password? And this is not like a mistake from a single shady institution, this is common practice amongst banks?
Is this common in other countries? Americans, you do this?
One of my investment banks asks for login/password and 1 of:
memorable date
mem name
mem place
maiden name
and then gives access to my account with £xxk in it. At present ALL this information is stored in Bitwarden so if someone gained access to it (via rogue web browser extension, spyware or hack and decrypt Bitwarden server) they could access all my money in this and another account.
Why would you store all that information in Bitwarden? Your bank (kind of) gives you a 2FA option, if you can't memorize login/password surely you can memorize one of those "memorable" options?
A few of my banks use OTP/PIN type devices and also have the same questions memorable date/ name/ place, however, I don't want to use the SAME answers to these questions for every bank (I have around 7 banks) for obvious reasons. So I have different answers to these questions for each of the 7 different banks which means I can't remember all the different answers! That's without taking into account the credit cards accounts I have got at another 7 or so places.
Storing them in Bitwarden was simpler solution as I would have access to this information whenever and where ever I needed it. I recently consolidated my accounts and put higher sums into 2 banks and removed money from banks which are at risk of collapse. There's a few banks in the UK that are heavily leveraged, if even one of the top 3 banks collapsed, it would take more than half of the GDP of the UK to bail them out. It's more likely that depositers would not get their money or there would be a Cyprus-style "bail in" (the state Bank of England has produced a "bail-in" document if anyone wants to google it) and again depositers lose their money. So I have moved it to smaller investment banks which are more able to be rescued in the event of a collapse and are not heavily leveraged, but this now means 2 banks contain around a third of all my life savings.
The down side is that these banks don't do the OTP/don't issue PIN devices for verification and rely on these memorable date/ name / place to determine that I'm a genuine account holder.
This is why I asked the above Q as I cannot remember all the verification infomation so how do people on here store these kind of details
1) Keep on bitwarden and not be paranoid or ditch it and use one/more of the options below:
2) Written on a piece of paper and store in >1 locations
3) Keep it locally on a computer after encrypting it with Boxcryptor
4) Encrypt and store in the cloud
5) A combo of the above?
6) Something else?