Hacker News new | past | comments | ask | show | jobs | submit login

Around here every bank require 2fa for logon and then again for signing payments (although you can queue and batch sign a number at a time. )



Barclays in the UK does 2fa if you order it, otherwise this strange bit with just parts of the password.

They also have the most complicated 2fa I've seen. You get a pocket-calculator-like device where you need to insert your card (chip and pin type), then you enter your personal code, and then you do a challenge-response thing where you enter a code generated from the website into the device, and it responds with a number you have to type into the website.

They also have this anti-paste function that was triggered by me typing too fast.


> You get a pocket-calculator-like device where you need to insert your card (chip and pin type), then you enter your personal code, and then you do a challenge-response thing where you enter a code generated from the website into the device, and it responds with a number you have to type into the website.

Such a thing is rather common in The Netherlands, though it's often not a second factor but just the way you log in to online banking. It avoids having you remember yet another password, instead you just use the same card and PIN you need "offline".

Side note: At the end of 2014 Rabobank (one of the banks with such a system) replaced those devices (which they called "random readers") with "Rabo scanners", which have a built-in camera to automatically read an image from the website instead of having you manually enter a code.


> though it's often not a second factor but just the way you log in to online banking.

That's still 2FA though, isn't it? You're proving to the server that you have the card and the pin.


The Rabobank system when used for online shopping using the "rabo scanner" works by redirecting to their site. Then displays a color QR code that your scanner reads.

You insert card and enter PIN, then scan the QR code.

The device actually displays amount+account that you are transferring money to. Then asks you if that is correct.

If you enter "yes", it will give you a 8 digit code that you can enter in the website to confirm.

[0] https://www.rabobank.nl/images/how_does_the_rabo_scanner_wor...

[1] https://www.youtube.com/watch?v=f5FIxRsqFUA (work flow - in dutch, start at 20 sec, before that they show the old reader)


>> You get a pocket-calculator-like device > Such a thing is rather common in The Netherlands,

These devices are very common in Germany as well but I heard they are phased out and replaced with a solution using a mobile phone.

> have a built-in camera to automatically read an image from the website instead.

In Germany we have a variant that has five photo diodes along one edge. You hold it against a flickering pattern on your screen. This works reasonably well. In my experience it is about equally fast as typing, just a little less reliable.


That's because they are reusing a multi-purpose device. Nationwide uses the same calculator-like device to make you sign new withdrawals with your card in the machine.

You can also use it to login with Nationwide, but they also allow login with a password, which is far simpler (and you don't need to find your card to do so either)




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: