Recommendations to Protect Online Banking

Discussion in 'other anti-malware software' started by drhu22, Oct 30, 2020.

  1. drhu22

    drhu22 Registered Member

    Joined:
    Aug 21, 2010
    Posts:
    585
    I have put off using internet banking mainly because of security concerns, and would really like to know what Wilders members recommend for software and best practices. Any help is much appreciated and thanks in advance.

    Edit: I should explain that I only want to open and monitor my account from my home pc, and not actually make transactions.
     
    Last edited: Oct 30, 2020
  2. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    4,208
    i recommend you use your bank's mobile app on your phone (preferably with kaspersky installed for android).
     
  3. drhu22

    drhu22 Registered Member

    Joined:
    Aug 21, 2010
    Posts:
    585
    Thanks for replying... I was a little late in editing my post, but Im just referring to monitoring my account from my home pc.
     
  4. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    4,208
    well, do the monitoring on your phone too. see, apps are way more secure than browsers.
     
  5. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    4,122
    Location:
    Nebraska, USA
    I am a bit of Luddite too. I don't trust using my phone because phones are too easy to lose. So I do all my banking on my home PC.

    Here is what I recommend.

    Have a current PC that runs Windows 10. Keep Windows current.
    Use decent security on that PC. I use Microsoft Defender (its built into Windows 10) and Malwarebytes just for double checking.
    Don't be "click-happy" on unsolicited downloads, links, popups, and attachments.

    Note the above are standard, you should be doing anyway, precautions.

    For your banking specifically, use a unique password for each bank. Use a strong password. Understand that %George of the Jungle8 is harder to crack to than ^%Rp5(qB. Why? because 22 characters is harder to crack than 8.

    Never write passwords down. Use a password manager.

    Sign up for notifications by your bank. I love this. I set my notifications for everything at $1. So any time there is any transaction on my account that exceeds $1, I get an immediate email. So I can go to the store which is 5 minutes away, use my debit card, run home and there will be an email notice saying $27.23 was charged on my account at this time at that store.

    Having said that, I think banking by phone is probably pretty safe these days too.
     
  6. drhu22

    drhu22 Registered Member

    Joined:
    Aug 21, 2010
    Posts:
    585
    No smart phone here... just Firefox with Cloudflare (esni, tls 1.3, etc), HttpsEverywhere and deleting all cache after every session. Also 360Total and Wisevector Stopx and Screenwings which is an anti screenshot application.
     
    Last edited: Oct 30, 2020
  7. drhu22

    drhu22 Registered Member

    Joined:
    Aug 21, 2010
    Posts:
    585

    Thanks for that Bill... seems I have most of that in place, I just havent got used to pw managers so will have to work on that
     
  8. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    4,122
    Location:
    Nebraska, USA
    The problem with writing passwords down is if a bad guy breaks into your house, and if he or she does not feel rushed to grab and go, he is going to sit down at your computer and search everything within arms reach for your list of passwords.

    There are many PW managers out there. I've been using SplashID for ages, starting way back when I bought my first Palm Pilot! If I were not used to it, I probably would not be using it. Password Safe may be a good one to start out with since it is pretty basic, and free. It is good if you only need your passwords from one computer.
     
  9. drhu22

    drhu22 Registered Member

    Joined:
    Aug 21, 2010
    Posts:
    585
    Thanks, Ill give PWSafe a try
     
  10. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    1,233
    Location:
    Canada
    Password managers are great, but I would never trust any piece of software over good old pen and paper, software breaks. I use a PW manager but I also have all my passwords on paper hidden in my house. And if a thief breaks in I assume they would just grab the computer rather than try to search it.
     
  11. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    4,122
    Location:
    Nebraska, USA
    Depends on why they break in. If just going after drug money, then you are right. They are going to be in and out as quick as possible. But not all thieves are in such a hurry - especially if they live in the neighborhood and know your patterns and know you will be gone for awhile.

    I don't understand why you would not trust a password manager program. They are a million times better than writing it down. For one, even the most basic encrypt your passwords so it is not like someone can read them (like they can a piece of paper) if they try to access the password database file.

    Software breakso_O? Ummm, that's what backups are for. Or a much easier solution is to just delete the program and download and install a new copy. The database file is a separate file. So you simply fire up the new password manager you just re-installed and tell it to use your existing database file. Piece of cake.

    What are you going to do if your house burns down, or floods and there goes your piece of paper up in smoke, as well as your computer?

    And also, just looking at mine, I have over 525 entries in my password safe! Most are indeed passwords, but others are things like credit card numbers, social security numbers for my kids, combinations to cypher locks, a floor safe, various account numbers and other stuff I don't want written down.
     
  12. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    1,233
    Location:
    Canada
    As I said, I do use a password manager, the paper is my backup. I do not trust a manger to one day screwup and delete everything, then what do you do. And although I use a manger I would not trust any one of them with credit card number, social security etc. Everything, and I mean everything, will eventually get hacked, if your password manager gets hacked you can easily just change your passwords for various sites, if the hacker get your social security# etc, your screwed.
     
  13. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    26,038
    Location:
    UK
    Paper is my backup too.
    The passwords are written on the paper backwards.
     
  14. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    1,233
    Location:
    Canada
    Ha ha, never thought of doing that.
     
  15. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    4,122
    Location:
    Nebraska, USA
    Well, I sure would never say that is not a possibility. I just think it would be extremely rare.
    I already explained that. You simply download the password manager again, then use your backup data file to retrieve all your passwords. This is simple.

    And to that, I have done that several times over the years. I upgrade my computer every 3 - 5 years and each time, I migrate over my password manager and data files using that method. I have never had, or even seen, where any password manager or the user's passwords became corrupted.
    Nah! You make it sound like bad guys can easily hack any system they want. Not even close to being true - unless you fail to take even the most basic steps to secure your computer.

    You are assuming a badguy can simply hack past your router and into your network. Then hack past your security programs and Windows itself. Then determine which password manager you have and figure out which file your password database uses. Then hack the encryption used to encrypt that file containing your passwords. Yeah right!

    For starters and most importantly, bad guys are lazy opportunists. They go for the low hanging fruit. Unless they are specifically targeting you personally, once they see any resistance getting into your network, they will move on. And if someone is targeting you specifically, you have much greater problems do deal with.

    Are password managers infallible? Of course not. There certainly have been vulnerabilities noted in the past that could be exploited by a very determined bad guy. But again, it would require the bad guy to get past all your other security features first.

    If users simply keep Windows and their security updated and avoid being "click-happy" on every unsolicited link, download, attachment, and popup they see, their computers, their personal information, and their password manager's data files will remain secure - much more secure than a piece of paper. Especially if they use a very strong password as their password manager master password, and don't write that down on a sticky note attached to their monitor, or "hidden" under their keyboard. :eek: And yes, I've see that. :(

    As for Social Security Numbers, Insurance Numbers and the like, it is MUCH MORE LIKELY that information will be compromised (if it has not already) by Equifax, your bank, your school, Yahoo, local governments, or some other website being hacked by the Russians. Chinese, Iranians, or North Koreans.

    The money (when it comes to hackers) is in hacking company, organization and government networks, not individuals.

    And FTR, I do not recommend using a browser's integrated password managers. I don't trust them.
     
  16. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    9,030
    Location:
    USA
    It doesn't work if you tell everybody...

    I agree with not using a phone app. I have a smartphone but I refuse to put bank apps on it. Someone stealing my phone would get them very little of anything but a phone.
    If you are ultra concerned about online banking my suggestion would be to create a virtual machine with Linux installed and use it only for that.
     
  17. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    1,283
    Location:
    UK
    I use keepassxc since its a portable app you can keep it on a flash drive.

    OSInt privacy podcast would suggest it is more private to as a general rule to use a web browser as apps tend to have more permissions.
     
  18. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    26,038
    Location:
    UK
    Don't worry. They will never find the biscuit tin I have hidden the paper inside of :)
     
  19. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    4,122
    Location:
    Nebraska, USA
    Umm, what? Got a link? Browsers, by definition browse the Internet. And many users install all sorts of add-ins and extensions in their browsers that may or may not be secure.

    While some password managers use "the cloud", many don't.

    ***

    Yummmm, cookies!
     
  20. Nanobot

    Nanobot Registered Member

    Joined:
    Jun 23, 2010
    Posts:
    480
    Location:
    Neo Tokyo
    Make a bootable live linux usb drive and monitor your account from there
     
  21. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    2,208
    Location:
    Canada
    Ha,ha,ha, good one stapp!:) Mine is in the freezer:cool:
     
  22. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,992
    Location:
    The Netherlands
    Probably the most important thing is to use a hardware token. I have been using this for 20 years, and never had a problem with online banking. Of course the online bank must offer such a system. So even if a hacker knows your password or PIN, he/she still needs your credit or debitcard. And a banking trojan might also have difficulties plundering your account, since you need to approve every transaction with the hardware token.

    https://www.onespan.com/products/hardware-authentication
     
  23. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    2,152
    Location:
    Member state of European Union
    I use banking app and I think it is quite safe. In order to see anything you would have to unlock my smartphone, which at least requires my fingerprint (yes, it is easy to lose). It would allow you to see notifications including banking app notifications for up to 72 hours. After that you have to type in password to my phone. If you would like to see entire banking history or do small transaction you would have to eavesdrop second credential which is PIN to my banking app.
    I have limits on transactions set on my banking account, so you can't withdraw all money from my banking account via my banking app even with all credentials to my banking app. Keep in mind I can call my bank 24/7 to close mobile access channel to my account completely in a matter of minutes.
    Nowadays Android and iOS smartphones have encrypted partitions storing system & private app data. Banking apps may have additional in-app layer of encryption to protect data.
    I don't live in US, so your mileage may vary.

    Is it possible to be held at gunpoint/be threatened with knife and therefore be forced to provide credentials? Yes. Would robber obtain all my money from account? No. What I have instead is important: instant notifications of every transaction on my banking account. I don't know about you guys, but I don't have constantly opened banking website in my laptop browser and even if I do then I may be away from my laptop for several hours. Mobile app is better for notifications about transactions on bank account.
    I have bigger limits on web transactions than mobile app transactions. If credentials to that channel be leaked and somebody would do some transactions I will notice it in a matter of minutes, do phone call to bank and try to stop that transaction from being processed. I know that many people successfully stopped transactions by reacting quickly to them.
     
  24. drhu22

    drhu22 Registered Member

    Joined:
    Aug 21, 2010
    Posts:
    585
    Thanks everyone... your replies are much appreciated.

    Edit: Now where is that blasted biscuit tin!?!
     
  25. waking

    waking Registered Member

    Joined:
    Jan 25, 2016
    Posts:
    176
    Did you look under your mattress?

    FWIW, I write mine on a small scrap of brown paper, seal it in a baggy,
    then hide it at the bottom of the (in use) kitty litter tray.

    I'll bet they won't ever go looking for it there!

    (LMAO picturing all of the thieves now rummaging through used kitty litter.)

    Not exactly a traditional "honey pot" ...
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.