Because I run a small business I have multiple bank accounts with Barclays, one of the “big four” banks here in the UK. As banks go they aren’t too bad (although that is like saying that as diseases go Malaria isn’t too bad, don’t think I actually like these guys). So at the weekend a package arrived containing my new Pinsentry card reader that I have to use to get into online banking. In the past I needed to know two user IDs, some personal information and a password to log into each of my accounts. Now, in addition to that I have to put my bank card into this card reader, enter the PIN for the card and then type another 8 digit number to log in. It’s classic dual factor authentication, and it’s absolutely crazy.
Frankly the old system was more than secure enough. All that the new system will achieve is to make me log in to the site less frequently as it is such a palaver. I genuinely can’t think of a reason why they have gone this far with the security, if someone is foolish enough to give out their personal details, two secret (and hard to guess) user IDs and their password then frankly they deserve what they get.
Setting aside the absurdness of the over-security, when I tried to log in yesterday (taxes to pay, thanks Gordon) I couldn’t actually get in at all any more. The reason which was discovered after nearly an hour on the phone was that my personal bank card has now been tied to my business account. So to log in to my business bank account I have to partially use business details and partially personal details. Their response when I asked how it was going to be fixed… “Well you have both sets of details so you can just live with it”! This from a company which last year made over seven billion punds profit. That’s more than fourteen billion dollars. And the worst thing is that moving banks is not really an option, they are all as bad as each other.
Urghh!
That’s just stupid. I’m using RBS and at times they are a bit annoying, but the online part is pretty good atm. One login, consisting of user number (inc. date of birth), 3 of 4 digits from a pin and another 3 chars from a longer password, gives access to all my RBS accounts. If I want to transfer money or set up a standing order etc I have to supply a further 3 chars from the password.
The only problem I ever had was when I forgot one of the chars and they locked me out (after 3 goes). Once that had happened they would not just re-activate it so I had to go through the whole process of enrolling for the service and bits of actual paper being signed etc. It was a pain, but I can see the security benefit.
It’s all a trade off
http://www.11tmr.com/11tmr.nsf/emoticons/DLYH-5N3GL7/$File/undecided.gif“ />
Waiting for my card reader at the moment. Hopefully I won’t be in the same boat.
http://www.11tmr.com/11tmr.nsf/emoticons/DLYH-5N3GK8/$File/cry.gif“ />
Ooof. I use HSBC for my business accounts. I have a login, a LOOOOOONG password, and one of those wee number generator thingies you can put on your keyring. But at least I can fit it on my keyring. Barclays solution does seem a tad OTT.
There’s a very interesting discussion of the Pinsentry here… { http://faultyflipper.co.uk/?p=43“ rel=”nofollow” target =”blank”>Link }
Well my PIN Sentry calculator look-a-like has also now arrived and I can’t login either. Great. My new bank card is tied to my personal account yet the PIN Sentry card reader arrived addressed to my company so I’m probably in the same boat as you.
http://www.11tmr.com/11tmr.nsf/emoticons/DLYH-5N3GK5/$File/huh.gif“ /> I need to summon up the courage to try the call centre now. I’d rather stick needles into my eyes.
After a lot of reading yesterday there was mention of a hack that seems to work to at least save you from having to carry the stupid thing around with you. (NB – I do not recommend this in any way, use at your own risk etc etc).
The keys that are generated do not seem to be time aware, so you could”pre-generate” a load of keys, store them in a file and just use them one by one as and when you need them.
This approach obviously makes a mockery of the “extra security” provided by Pinsentry but it does make life a lot easier.
So I got mine a few days ago. I don’t like it but finally tried it and it worked. So then tried out the “Not got your card reader?” procedure that they helpfully provide. Got error 30544: compuer says no. So spent two and half hours on the phone to their help desk only to be told my problem was escalated and would now take five days to fix.
That was yesterday.
Today I tried to log-on using the PINsentry and got error 1100: computer says no.
So now I don’t have a bank account. That’s nothing, tomorrow Barclays won’t have a customer.
Quite frankly Barclays have lost the plot. The existing (old) online login is actually really good – if I had YOUR card and your membership number (how likeley is that to begin with) would I be able to guess your online login pin and guess two letters out of your magic word in three goes before being blocked? Whoever advised Barclays on this project is laughing all the way to (another) bank – Barclays have been conned themselves for believing this will work (and keep customers). It’s actually pathetic and an example of nanny-state blinkered hysteria about ‘your safety and security’. OK I’ll get off the orange box now!
my barclays card reader still hasnt arrived (after calling them twice to send it) now i cant log into my account, not even with the other method of entering in the card number, how great is that. called the call center earlier and the dude told me i failed my security questions!! my name, date of birth, and mothers maiden name and my phone number, i think i know those for sure…now on monday i have to go see the scum at the branch, probably to close my account.
Has anyone seen any customer reseach from Barclays suggesting this pin sentry was a good Idea and what customers wanted – I asked but they fobbed me off saying it was to ‘improve security’.
I think it is rubbish as it totally limits the flexibility of online banking – before all you needed was to remember your online codes – more than sufficient- now you have to have also your card and pin reader with you – what if you are on holiday and your card or reader gets stolen? I say again, it is total rubbish.
I am actually fuming that they think this is a good idea.
Has anyone seen any customer reseach from Barclays suggesting this pin sentry was a good Idea and what customers wanted – I asked but they fobbed me off saying it was to ‘improve security’.
<br /> I think it is rubbish as it totally limits the flexibility of online banking – before all you needed was to remember your online codes – more than sufficient- now you have to have also your card and pin reader with you – what if you are on holiday and your card or reader gets stolen? I say again, it is total rubbish.
<br />I am actually fuming that they think this is a good idea.
Just to re-iterate, you don’t need to have the card reader with you, you can pre-generate a load of keys and store them on whatever computer you need (or your phone or something that is always with you). That’s what I do now, even though it is massively less secure than the old security method!
I am so glad I am not the only one who resents these awful PinSentry devices.
Barclays have really lost the plot with this one. I reckon they have some stupid IT boff, working in the back offices somewhere who’s made this idiotic recommendation. Just like you used to see in thier adverts when they portrayed thier staff as those caring baphoons working hard inventing new revolutionary ideas for future banking.
Unfortunatley I have ordered my card reader aswell, after failing to set up an SO. However after learning from your above posts and with some common sense of my own, I have decided to always click “no” when it asks me if I have recieved my card reader or not. Although i know this is temporary short fix.
What I don’t understand is, why don’t they leave this ‘nanny security’ just for setting up SO’s and Loan applications?
I mean is it neccessary for someone to have this stupid device just to log onto thier account and just to view thier bank balance aswell?
If I logged in the old way and someone had ALL my details to login aswell (highly unlikely). How much damage would they be able to do by just simply viewing my bank balance? – Atleast I’d be able to watch my account whilst on holiday in France hey, without carrying this dreadful device around everywhere.
BARCLAYS CUSTOMER RESEARCH – IF YOUR READING THESE COMMENTS THEN TAKE NOTE!
I am so glad I am not the only one who resents these awful PinSentry devices.
<br />
<br />Barclays have really lost the plot with this one. I reckon they have some stupid IT boff, working in the back offices somewhere who’s made this idiotic recommendation. Just like you used to see in thier adverts when they portrayed thier staff as those caring baphoons working hard inventing new revolutionary ideas for future banking.
<br />
<br />Unfortunatley I have ordered my card reader aswell, after failing to set up an SO. However after learning from your above posts and with some common sense of my own, I have decided to always click “no” when it asks me if I have recieved my card reader or not. Although i know this is temporary short fix.
<br />
<br />What I don’t understand is, why don’t they leave this ‘nanny security’ just for setting up SO’s and Loan applications?
<br />I mean is it neccessary for someone to have this stupid device just to log onto thier account and just to view thier bank balance aswell?
<br />
<br />If I logged in the old way and someone had ALL my details to login aswell (highly unlikely). How much damage would they be able to do by just simply viewing my bank balance? – Atleast I’d be able to watch my account whilst on holiday in France hey, without carrying this dreadful device around everywhere.
<br />
<br />BARCLAYS CUSTOMER RESEARCH – IF YOUR READING THESE COMMENTS THEN TAKE NOTE!
I’m sure it wouldn’t have been too differcult to make this pinsentry an optional extra for those customers that feel their online banking is not secure enough. And the rest of us, which have some common sense, could just stick to the old system??
http://www.11tmr.com/11tmr.nsf/emoticons/DLYH-5N3GK5/$File/huh.gif“ />
To all the people who resent the PINsentry from barclays, you really must appreciate the fact that they are protecting your money. I have read many comments on this page stating ‘how hard’ it is to guess 2 letters of someones password with the old system. Anyone can be vulnarable with the amount of hackers they are out there, so as a barclays customer i appreciate them tightning security up. Jus be patient with the new system, and im sure you will all get used to it. Wouldnt you rather spend that extra minute logging in, rather than potentially losing money out of your bank account?
Matt, check the ip address of for that last comment (16). That stinks of astro turf.
@17 – Kerr, it seems like a genuine, if fairly badly informed, comment. I’ll leave for the moment.
@16 – As far as I know the liability of losses from online banking have not transferred to the customer so the risk is not with me but with Barclays if my account gets hacked. As for the 2 letters guessing comment, you get three goes at guessing two letters from what is, for me, a complex random password. I am quite happy with the old system’s compromise of security and usability. The new Pinsentry system is skewed too far towards the impression of security in my view.
That being said, my approach of pre-generating the keys for logging in seems to work OK for me, it is just hugely less secure than the old system.
Matt
I hate my PINsentry so much I emailed Barclays to ask if there was an alternative as i was thinking of switching accounts. It took them 3 weeks to respond, by which time I had opened a new online-only current account (Coventry BS 6%+ APR!). Interestingly, Barclays sais it is optional – if you don’t like it you can go back to the old ways but certain transactions (e.g. setting up a new payee) have to go through the call centre.
Did anybody else experience problems late last week with logging onto Barclays personal accounts…my virus scanner picked up Trojan-spy.hyml.fruad.gen within the sites code, maybe within an image on the site, messages got posted online, but got deleted rapidly. they denied it, blamed my pc, but later in the day my scanner informed me the site was safe again!!!
Did anybody else experience problems late last week with logging onto Barclays personal accounts…my virus scanner picked up Trojan-spy.hyml.fruad.gen within the sites code, maybe within an image on the site, messages got posted online, but got deleted rapidly. they denied it, blamed my pc, but later in the day my scanner informed me the site was safe again!!!
Hi all, I’ve been following this thread and I especially liked Eddy’s opinion : “Can’t wait until some smart ass hacks into this stupid thing making thier whole expensive new venture completely futile.” – This may sound like a joke but I think devices similar to PIN Sentry readers are already being developed by relevant mafia organizations, they look and work the same and the only difference is that they have a mobile device built in that forwards your PIN number as you enter it along with all the data stored on your card’s magnetic bar, give it some time, lets see what Barclays is to say about that. Oh, hang on… I think I know what they’ll say : “You should never ever use 3rd party devices unless they are approved by Barclays” – excellent, what if I was sent one by post in a letter that would seem to originate from Barclays’ encouraging me to replace my current device with a new one for security reasons ? LOL.
Burglar breaks in, finds PINsentry, forces the PIN from me in the privacy of my own home (the device kindly tells him if I am telling the truth), Barclays responsible for loss, I am the one who is physically threatened.
I am now with Halifax.
i have just got one of these pin sentrys today and yes they can be way more insecure and are open for fraud i have not had much time to play with it but i know you can use any card in them you only get 3 attemps but you can still see if the pin works i tried my nat west card and it accepted my pin and gave me a code back so i`m thinking if you can get the software off of it and remove the 3 pin try limit you could brute force stolen card pin numbers all day long a 4 digit pin wont take long when a cheap pc can attempt millions a second. its only a matter of time before this all goes tits up
I don’t mind the PINsentry reader. Working in Lloyds security department I’ve seen a lot of fraud and the internet is the most common one.
Its not just phishing scams that can con a customer, a very silent trojan can transmit small packets of data to its owner which is enough for someone to learn your password, and user ID’s.
The Pinsentry has dropped internet banking fraud by nearly 100%! Which is very impressive. And its not that inconvenient really, just a few more seconds to log on/transfer…a small price to pay for the benefits.
i have just recieved my new barclays Pinsentry thing. it drives me crazy. i swear mine doesnt work. i push ”identify” but it doesnt do anything. its abit rubbish tbh. grr. x
The old system was vunerable to phishing and key logging software which not all anti-virus software detects and if passwords etc are logged over a long enough period it is possible to work out the login details