Online banking security

[Chuckanut]

So how do people feel about using Touch-ID and Face-ID to logon to apps?

 

[Lsbcal]

So how do people feel about using Touch-ID and Face-ID to logon to apps?

Face-ID on the iPhone works superbly. Works nicely with LastPass too.

 

[tulak]

So how do people feel about using Touch-ID and Face-ID to logon to apps?

I feel great!

From a security standpoint, I think it’s secure enough. My one frustration has been that FaceID doesn’t work with masks and I have to use my passcode when i’m public. The next iOS release is going to support FaceID with masks using an Apple Watch. I’m looking forward to that update.

 

[sengsational]

It depends how they arrive at the salt value. The salt is designed to prevent a pre calculated rainbow table attack, which is basically what you are describing. If the salt is unknown to the attacker the hashes are secure.

True. I was going with "worst case scenario", where the bad guys get the salt when they steal the hashes. That's not a foregone conclusion, but you might imagine if they're rummaging around with database access, they might leave with salt as well as the hashes. It's much less useful for rainbow tables if the salt is different for each set of credentials, which I think is best practice. I'm not sure how wide that practice has become.

 

[Hermit]

Vanguard 2FA requires a text message. I am out of cell phone range while at home so they set my accounts up to not use 2FA. Hopefully, this is temporary. My cell company keeps saying they will have phone over internet any day now.

They also have an option to provide a physical security key that plugs into a USB port on your PC or laptop

https://investor.vanguard.com/security-center

Thanks. I don't recall them saying anything about a security key and this whole 2FA thing just was put in place on my account in December.

I ordered a security key ($24 with NFC) through Amazon and got it set up today. I called Vanguard and the rep didn't have a clue. I told him to search on "security key" and he found it. He told me they had just starting using them at the end of last year. I don't think that was accurate. Anyway, he could not help me, but I managed to get it working. I had to use my Google phone to get it set up, but should not need to use it further. I don't trust Google a whole lot when it comes to information security. I have not tried it for transferring money from Vanguard to my bank account, but I am hoping it will work fine.