Slashdot Mirror

← Back to Stories (view on slashdot.org)

Why Gmail Has Better Security Than Your Bank

Posted by timothy on from the your-mileage-may-vary dept.

Gizmodo gives some insight to a strange situation that many of us have -- at least in the U.S. -- when it comes to online security: Gmail, while free, offers two-factor authentication, while many banks don't use security tools that would make online financial transactions safer, contenting themselves with single-factor, weak password systems, or lackluster secondary screens. It's certainly true at one bank I use, which even now allows short, all-alphabetical, all lower-case passwords. U.S. banks could certainly use multi-factor authentication, and some do, but it's nothing like universal.

5 of 271 comments (clear)

  1. Re:bank I use ... allows (weak passwords) by Russ1642 · · Score: 4, Informative

    Google will send you a text to your phone every time you login from a different computer. The settings are quite adjustable from being a minor annoyance to requiring it every time you login. You can also print emergency codes for when you don't have access to your phone.

  2. Re:bank I use ... allows (weak passwords) by jacks+smirking+reven · · Score: 4, Informative

    You can enable it once you have created an account: https://www.google.com/landing/2step/

    I've been using it for years now with the Android app and it's been terrific. You can also just use it via SMS. Other software vendors can even leverage Google's app for their own products (One example I know is Guild Wars 2 can use Google's app for 2 factor on your game account)

  3. Re:bank I use ... allows (weak passwords) by MXPS · · Score: 3, Informative

    Google Authenticator, it's been around for a while now.

    https://support.google.com/accounts/answer/1066447?hl=en/

  4. Can't believe how US banks are retarded by Anonymous Coward · · Score: 0, Informative

    I've been doing 2 factor authentication with my Swiss bank for free for at least 12 years, I think 15 actually. And they massively overhauled the system ~8 years ago by freely upgrading each bank card with one that incorporates a crypto chip, to operate with a freely distributed card reader (like a small calculator) that computes a one-time password from a random number on the website (after initial user/password authentication with https) then I report that OTP into the bank website to get logged in. So it's hardware security since the one-time password is protected by the chip of my bank card, and the PIN code.

    If you don't believe me, click this english language link:
    https://www.postfinance.ch/help/desktop/en/efin/allgemein/login.html?WT.ac=_techshortcut_efinancehelploginen

  5. They do things differently in the UK by shilly · · Score: 4, Informative

    From a British perspective, this all seems.... odd. Barclays and First Direct both use one-time time-limited two-factor authentication with the codes sent to special devices, and have done for quite a while, and the other components of their security are thoughtfully designed as well. They feel pretty secure to me -- not foolproof, but definitely good enough.