Chase Online Access Rant

spacejamz · Jun 13, 2007

Now you need to activate each PC with Chase that you use to view your account data online.

If the PC has not been activated with Chase, they will send you an activation code either via email or phone that you need to enter before you can access your account.

I am all for creating safer, more secure online procedures, but this is a PITA...

wonder if other companies do this or start...

for my BOFA account, you have to create a 10 digit ID and then verify an image before you can log in. My credit union and vanguard (401k stuff), you have to enter your user id on the 1st page and then your password on a 2nd page when logging in...does this really make anything safer???

johnjohn320 · Jun 13, 2007

Yeah, the multiple computer thing is a pain in the ass. I can't check my account while at the workplace, simply because I'd have to get a verification code for any computer there I might use.

George P Burdell · Jun 13, 2007

Agreed :|

jhayx7 · Jun 13, 2007

I had to fill out a bunch of authenticheck questions with my bank and now if I use a computer that it does not recognize as "normal" it will ask me one of those questions. I have no image verification business with my bank.

SoulAssassin · Jun 13, 2007

Yeah, I called them up the other to bitch about it and see if I could opt out but they said there's no way to get out of it. Very friggin annoying.

Saga · Jun 13, 2007

I closed my HSBC savings account after they required 3 different passwords, one of which was a keypad based system where I had to use a java keyboard to click the password with my mouse. Wouldn't have been so bad if they didn't require capitals, numbers, and symbols, which all required clicking alt or shift keys with the mouse thus making the entire retarded process take even longer.

markgm · Jun 13, 2007

The best thing you can do is take your business elsewhere.

SoulAssassin · Jun 13, 2007

Originally posted by: markgm
The best thing you can do is take your business elsewhere.

I would but the ~50k in available credit they've given me is a hard thing to pass up.

Homerboy · Jun 13, 2007

The Chase thing is not THAT big of a deal.
Actually its a pretty nice security measure.
When I t first hit me I bitched (in my head) too.
Then I stopped and though about it and it makes sense.
It's a one time thing and how many PCs are you actually accessing your account from?

spacejamz · Jun 13, 2007

Originally posted by: Homerboy
The Chase thing is not THAT big of a deal.
Actually its a pretty nice security measure.
When I t first hit me I bitched (in my head) too.
Then I stopped and though about it and it makes sense.
It's a one time thing and how many PCs are you actually accessing your account from?

if you clear out cookies, do you have to reactivate it?

Gunslinger08 · Jun 13, 2007

You know what I don't get about the image verification thing (where you choose a personal image)? If someone knows your username (either by knowing you or by brute forcing the site until they get a list of usernames), they already have the image you chose. This provides no security whatsoever.

spidey07 · Jun 13, 2007

Originally posted by: joshsquall
You know what I don't get about the image verification thing (where you choose a personal image)? If someone knows your username (either by knowing you or by brute forcing the site until they get a list of usernames), they already have the image you chose. This provides no security whatsoever.

We've been over this already. They do NOT know what image you have chosen and the computer/browser will have to validate itself by answering some security questions before the image is shown and you are allowed access.

All of this is a GOOD thing, it keeps people from accessing or phishing your account.

SoulAssassin · Jun 13, 2007

Originally posted by: Homerboy
The Chase thing is not THAT big of a deal.
Actually its a pretty nice security measure.
When I t first hit me I bitched (in my head) too.
Then I stopped and though about it and it makes sense.
It's a one time thing and how many PCs are you actually accessing your account from?

I have one pc in the house, 3 laptops plus a computer at work. That's 5 machines I could use on a regular basis. I -think- it only remembers 3 machines so once I use that 4 machine I have to register it and then it forgets the oldest so then next time I use it I have to re-register, then rinse and repeat.

spacejamz · Jun 13, 2007

Originally posted by: joshsquall
You know what I don't get about the image verification thing (where you choose a personal image)? If someone knows your username (either by knowing you or by brute forcing the site until they get a list of usernames), they already have the image you chose. This provides no security whatsoever.

and not really sure what security entering the user id on page 1 and then your password on page 2 provides either... won't a hacker just add a <ENTER> commmand or something between the user id and password?

Gunslinger08 · Jun 13, 2007

Originally posted by: spidey07

Originally posted by: joshsquall
You know what I don't get about the image verification thing (where you choose a personal image)? If someone knows your username (either by knowing you or by brute forcing the site until they get a list of usernames), they already have the image you chose. This provides no security whatsoever.

Click to expand...

We've been over this already. They do NOT know what image you have chosen and the computer/browser will have to validate itself by answering some security questions before the image is shown and you are allowed access.

All of this is a GOOD thing, it keeps people from accessing or phishing your account.

Well, my bank account and a few other personal accounts don't ask any questions before the image is displayed. If you know my username, you know my picture.

manlymatt83 · Jun 13, 2007

Originally posted by: George P Burdell
Agreed :|

jagec · Jun 13, 2007

Chase isn't that big a deal, yeesh...

My complaint about Chase is the opposite: They don't allow you to use special characters in your passwords, and only two numbers. Which means that all of my super-secure passwords are worthless. Don't they care about security?

Originally posted by: joshsquall
You know what I don't get about the image verification thing (where you choose a personal image)? If someone knows your username (either by knowing you or by brute forcing the site until they get a list of usernames), they already have the image you chose. This provides no security whatsoever.

I think the reason for it is so that if someone clicks a phishing link in an email, their server won't have your image, and as such you'll know it's not the real McCoy.

I suppose they could program it in to fetch the image from the Chase site once you input your username on their site, but they their server would have to answer the security questions, and it would take a suspiciously long time even if it were possible.

manlymatt83 · Jun 13, 2007

The answer to all of my security questions for any bank account i have is "2000". Go ahead, someone try to steal my account. I don't care. It doesn't make things ANY safer.

akshatp · Jun 14, 2007

Originally posted by: joshsquall
You know what I don't get about the image verification thing (where you choose a personal image)? If someone knows your username (either by knowing you or by brute forcing the site until they get a list of usernames), they already have the image you chose. This provides no security whatsoever.

The point of the image verification is for YOU to know that you are on the B of A site, and not a phishing website... If you were on a phishing website, you would presumably not get an image, or get the wrong one, and you wouldnt enter your password/pin. Thus saving your ass from handing out your login information.

Agentbolt · Jun 14, 2007

The Chase thing is goddamn annoying. I use a different computer at work pretty much every day so checking my account there is more of a PITA than it is usually worth.

Extra security is fine, but for those of us who simply want to be able to check our damn account briefly without giving a DNA sample and a retinal scan, we should have that option if we're willing to take the small additional risk. Hell, no one's gonna break into my bank account, half the time if they stole it from me they're just going to end up with -44 dollars anyway.

Zugzwang152 · Jun 14, 2007

Originally posted by: jagec
Chase isn't that big a deal, yeesh...

My complaint about Chase is the opposite: They don't allow you to use special characters in your passwords, and only two numbers. Which means that all of my super-secure passwords are worthless. Don't they care about security?

Originally posted by: joshsquall
You know what I don't get about the image verification thing (where you choose a personal image)? If someone knows your username (either by knowing you or by brute forcing the site until they get a list of usernames), they already have the image you chose. This provides no security whatsoever.

Click to expand...

I think the reason for it is so that if someone clicks a phishing link in an email, their server won't have your image, and as such you'll know it's not the real McCoy.

I suppose they could program it in to fetch the image from the Chase site once you input your username on their site, but they their server would have to answer the security questions, and it would take a suspiciously long time even if it were possible.

It's not the image that's the security feature. Notice you can browse the full list of available pictures. THe security feature is the combination of the image you chose and the secret phrase that you chose for that picture. Only the true Chase website will know what phrase you picked.

Chase Online Access Rant

Lifer

Diamond Member

Lifer

Platinum Member

Diamond Member

Banned

Diamond Member

Diamond Member

Lifer

Lifer

Lifer

No Lifer

Diamond Member

Lifer

Lifer

Lifer

Lifer

Lifer

Diamond Member

Diamond Member

Lifer