First Direct Generate Digital Secure Key
First Direct 'Secure Keys'
Activate your Digital Secure Key Follow the instructions on-screen to log on to the HSBC Mobile Banking app. Enter your username. Answer your memorable question and the requested characters from your password, select 'continue'. You will be prompted to activate your Digital Secure Key now. For secure access to the desktop website simply select 'Generate Security Code' on the App homescreen and enter your Digital Security Key password. The App will then generate a six digit log on security code which you can use to log on securely to the first direct Online Banking and access all the features. The Digital Secure Key is available on iPhone, iPad and Android phones running up-to-date software, as long as you have the HSBC UK Mobile Banking app. To upgrade to the Digital Secure Key, follow the instructions below. If you’re having any trouble upgrading from a physical Secure Key to a Digital Secure Key, call us on 03456 002 290.
You cannot use a Secure Key device and the Digital Secure Key at the same time. First you need to visit the Digital Secure Key page which can be found under Internet Banking Security Settings menu and then logon to Mobile Banking application. The application will direct you to activation. Dec 30, 2016 - Log into the first direct app on your old phone - Select settings, and click ‘Deactivate Digital Secure Key' - Hit ‘Deactivate now' - Download the first direct app again on your new phone (yay!) and follow the steps to activate your new digital secure key. My bank has recently sent me a Digipass/Secure Key, which looks like a tiny calculator. You press the green button to turn it on, type a PIN to unlock it, then press the green button again to generate a 6-digit code that you type when logging in. However, I don't actually understand how this device increases security. Do I have to use a Secure Key or Digital Secure Key every time I log on? No, first direct have listened to customer feedback and introduced a limited Online Banking service to allow you to access Online Banking without a Digital Secure Key or Secure Key. What is limited Online Banking service? Limited Online Banking service is a lighter service.
Oh man.. this is gonna be a rant - interested in opinions. imho this is crying out for a news story.
So.. First Direct have now changed the way you log on for internet banking.
old way:
- combination of answer to common question (low security, easily phished). i.e. what was the name of your school (oh - lets have a look of facebook, etc)
- entering 3 character of your password (pretty high security providing proper password naming rules applied)
new way:
- you MUST use a secure key (either physical one or one on your phone - which they call an 'electronic secure key as if the other one isn't electronic..)
- same answer to common quesiton required
- enter secure key code
thats it - you are now in and can steal all my money.
Now, whenever I have used secureID type keys before they are an additional level of security - I still need my regular password as well - e.g. VPN use for company, etc, etc.
First Direct Generate Digital Secure Key Card
Here, they have TAKEN AWAY the password !!!
so lose yer phone (or physyical key) and thief simply needs to guess (or easily find on the phone or social media) your answer to common question, and they are in.
WTF!!!
The only person this seems to protect is First Direct! - what ? you got all your money stolen ? Did you lose your phone (yes), did you tell us immediately (no.. I didnn't realise it was lost/stolen till next day). well that's not our problem is it - you've been careless, tough shit. Generate key from csr openssl.
What they CAN say, is that without the secure key its less likely someone can get into your account - but with proper password security this was unlikely anyway.
they are just covering their arse, and giving the end user a far less secure service that before.
So, for me, thats the end of internet banking. I can still do some stuff without a secure key and will just have to call them when I want to do other things.
First Direct Generate Digital Secure Key Code
this is typical of banks (the verified by visa shite is another example of 'implementing a system which adds FA extra security but covers the banks arse)