With this technology you can enjoy far more secure online banking services. Two-factor authentication, means you not only need a password or PIN, but you also need a device unique to you, like the Secure Key. The code you need to input online is displayed on the device and therefore seen only by you. Online fraudsters can not steal something you physically have. This extra layer is something unique for each user. All online banking transactions such as fund transfers to non-designated accounts need to be authenticated by a device held only by you.
This means that even if a third party manages to get your log on details, they still won't be able to fraudulently carry out transactions without your secure key device. You will be able to access online banking without the Secure Key with limited service only. To maintain security your Secure Key must be used when updating your personal information or if you wish to make payments.
It will take approximately five working days to arrive to a UK address, overseas will take longer. If you do not receive it by then, please contact us again. Depending on the country you live in, it may take up to 14 days to reach you.
You'll need to activate your Secure Key before you use it for the first time. Log on to online banking like you normally would, and you will be prompted to activate your device.
You have 60 days to activate your Secure Key. To maintain the security and integrity of the system, only one Secure Key can be activated and linked to each customer. The Secure Key has been designed so that it is small enough to carry in a wallet or purse with your cards or attached to a key ring. Should you need access to your accounts and do not have your Secure Key with you a limited service will be available or our telephone banking teams will be more than happy to assist you.
Once identified, they are able to assist you with any enquiries you have about your account or make payments on your behalf. Once you activate your Secure Key, it's uniquely linked to you. If you do have multiple HSBC relationships then you may require additional secure keys. We are constantly evolving how we keep you protected and Secure Key is the latest of these innovations.
In the face of increasingly sophisticated online threats, it gives valuable added protection. Go to the online banking log on page, locate the security code field and then select the 'forgot PIN' link.
From there, enter the answers to your security questions, enter the unlock code from your device and follow the onscreen instructions to create a new PIN. You can reset any one of your log on details on line by using your security questions and other log on details. Simply follow the appropriate links on the log on pages. This is a two stage process. You can then log on using the new details. Yes, you can change any of your log on security details, but not your Username.
You can do this by selecting 'Services' in the online banking left-hand menu, once you have logged on. These display as:. As good online security practice, we recommend you change these security details at least every 90 days. Please contact us to get a replacement arranged. A replacement will take approximately five working days to arrive to a UK address, overseas will take longer.
In the interim you can continue to use telephone banking. When you receive your new Secure Key, you'll be prompted to activate it next time you log on to Online Banking. You are using an unsupported browser version.
Learn more or update your browser. USB Security Key. What is a USB security key? Create a free Team What is Teams? Collectives on Stack Overflow. Learn more. How Do Hardware Token Devices work? Asked 7 years, 3 months ago. Active 11 months ago. Viewed 53k times. Improve this question. Patrick M 9, 9 9 gold badges 59 59 silver badges 99 99 bronze badges. Feyisayo Sonubi Feyisayo Sonubi 1, 4 4 gold badges 15 15 silver badges 26 26 bronze badges.
They're essentially the same thing, the former using the time, the latter a counter — CodesInChaos. Actually, it generates the digits on a time-based interval, if I press the button for it to generate the digits, it generates the digits and after about 25 seconds, I press it again, the digits change not when I press it again immediately after I'd just pressed it.
This question appears to be off-topic because it is not about programming. It may also interest you that some two-factor authentication schemes actually receive a code from the server, usually via a cell phone over SMS.
The idea is that if you're in possession of your phone, you're more likely to be you than not. This can make use of any number of encryption schemes to ensure that the transmissions are not intercepted.
Show 1 more comment. Active Oldest Votes. Improve this answer. Patrick M Patrick M 9, 9 9 gold badges 59 59 silver badges 99 99 bronze badges. I have a device from Rabobank, a bank in Netherland which displays all the information about my transaction before I approve. How is this enabled in the hardware device? And you approve with a button push, not a code you type into their online transaction form?
Typically the serial number of the token is maintained as a record in the authentication server database, and the serial number is assigned to a username. Also, you were able to punch in a PIN over and over and be authenticated because the authentication server will allow for a couple of minutes of clock drift.
The token you have has a clock built in to generate the time based component. The server generates values for a range of time. It then can see which code you submit, and write a drift value to your record. Some systems will have a 'next-tokencode' mode, which is used if the clocks drift too far apart.
The system will ask you to submit two values and see if they are correct and in the proper order, over a larger 'range' of time. If the values are correct the authentication server can write the clock drift value to the record. I think this question lends itself to a very high level overview of how multi-factor authentication MFA works.
Of course, we have to skim over lots and lots of technical detail. The bank programs the token with a unique encryption key. In this case your Digipass token is made by Vasco, but there are many other companies that make similar tokens, which are " something you have " with regards to multiple factor authentication.
The token will generate a series of characters that are derived from the encryption key, current time, and optionally other various factors. Since the bank knows the unique encryption key, and all other other factors that the token uses, they can reverse-engineer the input to find out who "owns" that token. If the owner of the token matches the owner of the bank account that is being logged-in to, then the login is authentic. There are many variations on this central theme, but in general they always involve "something you have" a physical token, or a smartphone app , a secret key stored within the token, and a mathematical algorithm to produce the output.
Often, time is a critical factor in generating the output. Depending on the algorithm, the output may be different every single time in your case , or it may only vary occasionally e. Every hour. Sign up to join this community. The best answers are voted up and rise to the top. Stack Overflow for Teams — Collaborate and share knowledge with a private group. Create a free Team What is Teams?
0コメント