Bank Pin code
if you got an authenticator for your account it would do the same thing and even more because they couldn’t log into your account at all..
OR you could use your brain and make a unique password for each account you have minimizing the risk of being hacked.
you got a point, but just saying, password was unique and i had email authenticator, what i think is the hacker logged to my email, but that is not the point, it is a feature that i’m suggesting which he/she can disable or use.
Other possible security mesures aside, an optional bank pin is a good idea, preferably alpha-numeric instead of just numeric.
I’d also like to suggest a sort of auto-lock where it’s impossible to get stuff out of your bank until the time you set is up. With the lock in place, you can put stuff in but not out. This is more for those times where you know you are going to be away from the game for a long time so you can set the lock to run for days weeks or even months. However i THINK hackers may not be so willing to jump on your account and take stuff if they see they have towait30+ minutes to steal. i could be wrong tho.
Wouldn’t a key logger or something be able to take your code? Yes this idea is good, but by itself, after a while it’ll be like it’s not there at all. A hacker will eventually find a way to get your password.
authenticator works better bank pin is annoying, they also have a rollback feature so you can and will get all ur stuff back, also not the right spot for this really u should take this issue up with support
What are you a jock?…. get out, This is nerd landia, where nerds gather!
(edited by RaGe.9834)
If ANET adds a bank pin, the people hijacking accounts will just grab the pin when they keylog/phish you. So it won’t make anything more secure, but will make it more annoying for people trying to access their own stuff.
This kind of security theater is pointless. Unlike an authenticator, which does make things more secure.
If ANET adds a bank pin, the people hijacking accounts will just grab the pin when they keylog/phish you. So it won’t make anything more secure, but will make it more annoying for people trying to access their own stuff.
This kind of security theater is pointless. Unlike an authenticator, which does make things more secure.
They actually do this in Runescape and it works awesome. It’s an onscreen prompt where you click the numbers and the prompt randomly regenerates/swaps the numbers positions on each button press. You also only input it the first time you access the bank each time you log on. It’s really no more of an inconvenience than the mobile authenticator.
If ANET adds a bank pin, the people hijacking accounts will just grab the pin when they keylog/phish you. So it won’t make anything more secure, but will make it more annoying for people trying to access their own stuff.
This kind of security theater is pointless. Unlike an authenticator, which does make things more secure.
They actually do this in Runescape and it works awesome. It’s an onscreen prompt where you click the numbers and the prompt randomly regenerates/swaps the numbers positions on each button press. You also only input it the first time you access the bank each time you log on. It’s really no more of an inconvenience than the mobile authenticator.
An onscreen prompt is far more annoying to use than typing on a keyboard. Especially when the layout keeps changing. But that’s not my problem with the pin. My problem is that a pin doesn’t make anything more secure because like the username and password, it is only another knowledge factor.
A keylogger can break it by screenshots as you select the numbers. Or throw in some very simple image recognition software to identify which of the keys you clicked on from the list of all the keys.
A phisher just needs to ask for the pin when they ask for the rest of your information.
In both cases, it’s only a minor change to how they grab the username and password.
An authenticator works because it isn’t a knowledge factor. It’s a possession factor. To break through an authenticators security the attacker needs to do one of the following:
– Steal your authenticator
– Predict the next code the authenticator spits out. Which means knowing the algorithm, and enough previous codes you have used to know the algorithms internal states.
This is on top of how they steal your username and password. So the authenticator adds security, because it adds another thing the attacker needs to do to break in.
Go read up on Two Factor authentication. That is what the authenticator offers.
Now read about Security theater. That is what the pin offers. The appearance of being more secure, without actually improving security.
I really like the way Aion handled this. No authenticator is needed. You have 1 password to log in and a separate PIN for each char. The PIN is entered via an on-screen keypad which is arranged differently every time it appears. You can’t use the keyboard, so it can’t be captured via a keylogger.
This message was brought to you by a Kitten with a Keyboard
I really like the way Aion handled this. No authenticator is needed. You have 1 password to log in and a separate PIN for each char. The PIN is entered via an on-screen keypad which is arranged differently every time it appears. You can’t use the keyboard, so it can’t be captured via a keylogger.
This message was brought to you by a Kitten with a Keyboard
Not a simple keylogger. But it can be caught by a keylogger that has enough image recognition capability to tell the difference between the keys on the virtual keyboard.