Rabodirect doesn't have password as such

ryankurte / doesmybank

A review of NZ Banking Security (and features)

MIT License

7 stars 7 forks source link

Rabodirect doesn't have password as such #11

Open rbywater opened 6 years ago

rbywater commented 6 years ago

I'm not sure if this is what footnote 4 refers to or not but Rabodirect doesn't have any direct password/pin that is entered in the webpage. Instead the pin number is used to unlock the token which is used. (i.e. the Vasco token is actually the only auth mechanism used)

ryankurte commented 6 years ago

Oh really? So there's no password step, just pin unlock for the token?

36wish commented 5 years ago

Yes. You use a 5 digit pin to unlock the token, which then generates an 8 digit code you enter into the website.

Each time you transfer money out of the account, the website will display a 8 digit code. You enter that code, plus your 5 digit pin, into the token. The token then generates a 8 digit code that you type back into the website.