I just logged into our HSBC Direct Savings Account and was greeted by a lengthy page of Terms & Conditions as well as a request to create a super-secret “Security Key” as well as two security questions. The security key works just like the one that they use for accessing bank-to-bank transfers in that you enter it by clicking on a little on-screen keypad instead of typing it in. So now the login process consists of:
(1) Entering your username on the first screen, and
(2) Entering your password plus the security key on the second screen
The security questions only seem to come into play if you forget your password, as which point you’ll need to answer them to regain access to your account. While I’m all for increased online security, I’ve never really felt that my accounts were at risk, so this is little more than an added annoyance in my book. That being said, this change should decrease the likelihood of accounts being compromised via keyboard loggers.
5 Responses to “HSBC Direct Adds (More) Annoying Security Features”
It’s even worse for me. HSBC says I can only use the Keypad, but the screen they give me just has the old place to type in the number– no keypad! So I’m locked out.
I think that all these extra security features actually wind up making accounts significantly less secure. When you have to keep track of a dozen or so different passwords, people inevitably wind up writing them all down on a post-it note kept cleverly hidden right next to the computer.
I try to keep it simple – I have five passwords, for different levels of security:
1. Nonsecure – Newspaper websites, dummy email addresses (to log into those aforementioned newspaper websites), etc.
2. Medium Security A – Personal email account, private documents, home computer
3. Medium Security B – Accounts at online retailers/utilities (anybody whose databases contain things like credit card/bank account numbers)
4. High Security – Accounts at financial institutions
5. High Security (rolling) – Accounts which require you to change passwords after a given period of time (most of my work accounts).
It’s a tradeoff between being able to remember the passwords without writing anything down, vs the potential havoc wreaked if a password is compromised. What drives me nuts is when different password requirements force me to re-synchronize my accounts.
HSBC started to begin irritating me when they stoped supporting direct connect in Quicken, and I have no problem with security, but I just think this is over the top… I’m almost thinking of switching over to one of the other high APY banks and has a more convenient login and is more Quicken friendly. I can see why using the mouse to enter a password is good, but then what the heck is the point of that first password you have to enter… just to get to -> the password screen (part 2)! 3 Screens to see my account on a regular basis is just really pushing it in my mind
Bank of America started doing this about a year ago. I believe there is a law going into effect soon for online banking requiring the two step process.
What happens is the bank takes your userID and sends back a “site key.” Bank of America uses a picture. Only you and the bank should have this picture since it is not transmitted until then. If the correct picture is sent to your browser you can be reasonably sure it is really the bank site and not a phising site.
It can be a pain in the ass, especially if you use a program to automatically enter passwords to website; but it is actually much better security and necessary because of the increase in phising attacks in recent years.
Read more at http://www.SuccessfulPersonalFinance.com
Personally, I think that some people take web security too seriously. I do not understand why some random website that requires registration needs me to have a super secure password.
As for banks, I think that increased security is nice, but it should be customizable. I hate having to use those keyboards where you point and click. I worry more about people looking over my shoulder than key loggers, and it is a pain for somebody that uses the mouse as seldom as possible. Let me choose which features I want for my account!