I have put off using internet banking mainly because of security concerns, and would really like to know what Wilders members recommend for software and best practices. Any help is much appreciated and thanks in advance. Edit: I should explain that I only want to open and monitor my account from my home pc, and not actually make transactions.
i recommend you use your bank's mobile app on your phone (preferably with kaspersky installed for android).
Thanks for replying... I was a little late in editing my post, but Im just referring to monitoring my account from my home pc.
I am a bit of Luddite too. I don't trust using my phone because phones are too easy to lose. So I do all my banking on my home PC. Here is what I recommend. Have a current PC that runs Windows 10. Keep Windows current. Use decent security on that PC. I use Microsoft Defender (its built into Windows 10) and Malwarebytes just for double checking. Don't be "click-happy" on unsolicited downloads, links, popups, and attachments. Note the above are standard, you should be doing anyway, precautions. For your banking specifically, use a unique password for each bank. Use a strong password. Understand that %George of the Jungle8 is harder to crack to than ^%Rp5(qB. Why? because 22 characters is harder to crack than 8. Never write passwords down. Use a password manager. Sign up for notifications by your bank. I love this. I set my notifications for everything at $1. So any time there is any transaction on my account that exceeds $1, I get an immediate email. So I can go to the store which is 5 minutes away, use my debit card, run home and there will be an email notice saying $27.23 was charged on my account at this time at that store. Having said that, I think banking by phone is probably pretty safe these days too.
No smart phone here... just Firefox with Cloudflare (esni, tls 1.3, etc), HttpsEverywhere and deleting all cache after every session. Also 360Total and Wisevector Stopx and Screenwings which is an anti screenshot application.
Thanks for that Bill... seems I have most of that in place, I just havent got used to pw managers so will have to work on that
The problem with writing passwords down is if a bad guy breaks into your house, and if he or she does not feel rushed to grab and go, he is going to sit down at your computer and search everything within arms reach for your list of passwords. There are many PW managers out there. I've been using SplashID for ages, starting way back when I bought my first Palm Pilot! If I were not used to it, I probably would not be using it. Password Safe may be a good one to start out with since it is pretty basic, and free. It is good if you only need your passwords from one computer.
Password managers are great, but I would never trust any piece of software over good old pen and paper, software breaks. I use a PW manager but I also have all my passwords on paper hidden in my house. And if a thief breaks in I assume they would just grab the computer rather than try to search it.
Depends on why they break in. If just going after drug money, then you are right. They are going to be in and out as quick as possible. But not all thieves are in such a hurry - especially if they live in the neighborhood and know your patterns and know you will be gone for awhile. I don't understand why you would not trust a password manager program. They are a million times better than writing it down. For one, even the most basic encrypt your passwords so it is not like someone can read them (like they can a piece of paper) if they try to access the password database file. Software breaks? Ummm, that's what backups are for. Or a much easier solution is to just delete the program and download and install a new copy. The database file is a separate file. So you simply fire up the new password manager you just re-installed and tell it to use your existing database file. Piece of cake. What are you going to do if your house burns down, or floods and there goes your piece of paper up in smoke, as well as your computer? And also, just looking at mine, I have over 525 entries in my password safe! Most are indeed passwords, but others are things like credit card numbers, social security numbers for my kids, combinations to cypher locks, a floor safe, various account numbers and other stuff I don't want written down.
As I said, I do use a password manager, the paper is my backup. I do not trust a manger to one day screwup and delete everything, then what do you do. And although I use a manger I would not trust any one of them with credit card number, social security etc. Everything, and I mean everything, will eventually get hacked, if your password manager gets hacked you can easily just change your passwords for various sites, if the hacker get your social security# etc, your screwed.
Well, I sure would never say that is not a possibility. I just think it would be extremely rare. I already explained that. You simply download the password manager again, then use your backup data file to retrieve all your passwords. This is simple. And to that, I have done that several times over the years. I upgrade my computer every 3 - 5 years and each time, I migrate over my password manager and data files using that method. I have never had, or even seen, where any password manager or the user's passwords became corrupted. Nah! You make it sound like bad guys can easily hack any system they want. Not even close to being true - unless you fail to take even the most basic steps to secure your computer. You are assuming a badguy can simply hack past your router and into your network. Then hack past your security programs and Windows itself. Then determine which password manager you have and figure out which file your password database uses. Then hack the encryption used to encrypt that file containing your passwords. Yeah right! For starters and most importantly, bad guys are lazy opportunists. They go for the low hanging fruit. Unless they are specifically targeting you personally, once they see any resistance getting into your network, they will move on. And if someone is targeting you specifically, you have much greater problems do deal with. Are password managers infallible? Of course not. There certainly have been vulnerabilities noted in the past that could be exploited by a very determined bad guy. But again, it would require the bad guy to get past all your other security features first. If users simply keep Windows and their security updated and avoid being "click-happy" on every unsolicited link, download, attachment, and popup they see, their computers, their personal information, and their password manager's data files will remain secure - much more secure than a piece of paper. Especially if they use a very strong password as their password manager master password, and don't write that down on a sticky note attached to their monitor, or "hidden" under their keyboard. And yes, I've see that. As for Social Security Numbers, Insurance Numbers and the like, it is MUCH MORE LIKELY that information will be compromised (if it has not already) by Equifax, your bank, your school, Yahoo, local governments, or some other website being hacked by the Russians. Chinese, Iranians, or North Koreans. The money (when it comes to hackers) is in hacking company, organization and government networks, not individuals. And FTR, I do not recommend using a browser's integrated password managers. I don't trust them.
It doesn't work if you tell everybody... I agree with not using a phone app. I have a smartphone but I refuse to put bank apps on it. Someone stealing my phone would get them very little of anything but a phone. If you are ultra concerned about online banking my suggestion would be to create a virtual machine with Linux installed and use it only for that.
I use keepassxc since its a portable app you can keep it on a flash drive. OSInt privacy podcast would suggest it is more private to as a general rule to use a web browser as apps tend to have more permissions.
Umm, what? Got a link? Browsers, by definition browse the Internet. And many users install all sorts of add-ins and extensions in their browsers that may or may not be secure. While some password managers use "the cloud", many don't. *** Yummmm, cookies!
Probably the most important thing is to use a hardware token. I have been using this for 20 years, and never had a problem with online banking. Of course the online bank must offer such a system. So even if a hacker knows your password or PIN, he/she still needs your credit or debitcard. And a banking trojan might also have difficulties plundering your account, since you need to approve every transaction with the hardware token. https://www.onespan.com/products/hardware-authentication
I use banking app and I think it is quite safe. In order to see anything you would have to unlock my smartphone, which at least requires my fingerprint (yes, it is easy to lose). It would allow you to see notifications including banking app notifications for up to 72 hours. After that you have to type in password to my phone. If you would like to see entire banking history or do small transaction you would have to eavesdrop second credential which is PIN to my banking app. I have limits on transactions set on my banking account, so you can't withdraw all money from my banking account via my banking app even with all credentials to my banking app. Keep in mind I can call my bank 24/7 to close mobile access channel to my account completely in a matter of minutes. Nowadays Android and iOS smartphones have encrypted partitions storing system & private app data. Banking apps may have additional in-app layer of encryption to protect data. I don't live in US, so your mileage may vary. Is it possible to be held at gunpoint/be threatened with knife and therefore be forced to provide credentials? Yes. Would robber obtain all my money from account? No. What I have instead is important: instant notifications of every transaction on my banking account. I don't know about you guys, but I don't have constantly opened banking website in my laptop browser and even if I do then I may be away from my laptop for several hours. Mobile app is better for notifications about transactions on bank account. I have bigger limits on web transactions than mobile app transactions. If credentials to that channel be leaked and somebody would do some transactions I will notice it in a matter of minutes, do phone call to bank and try to stop that transaction from being processed. I know that many people successfully stopped transactions by reacting quickly to them.
Did you look under your mattress? FWIW, I write mine on a small scrap of brown paper, seal it in a baggy, then hide it at the bottom of the (in use) kitty litter tray. I'll bet they won't ever go looking for it there! (LMAO picturing all of the thieves now rummaging through used kitty litter.) Not exactly a traditional "honey pot" ...
