Danske Bank; Wake up and Smell the Internet
Thursday, August 26, 2010 at 8:12AM Why is it that my Danish Bank, Danske Bank, is so difficult to log in to?
My UK banks, Lloyds TSB and Santander, can both be used on any browser (or at least Chrome, Firefox and IE), and although I need two different codes, both a mix of numbers and letters, logging on is as easy as pie; enter your codes, click the button, Bob's your uncle and Fanny's your aunt - you're in.
So far, my experience with Danske Bank, could not be further from this.
I started out with having to download Internet Explorer, as I had received, for some reason, an option called a 'e-Safekey' which meant that I could only log in through that browser. I hate IE, it gave my computer a lot of problems, so after complaining on Twitter, I was thrilled to see Danske Bank tweeting me, and telling me that I could use any browser! So I opened a tab in Firefox, but still....no log on. Eventually I was told that to log on in other browsers, I'd have to use their other log in option, an 'ActivCard'. OK.....
So I orderd one of those.
Have you seen that? It's exactly like a mini-calculator that I have to carry with me ALL the time if I want to log on using any other browser other than IE. I have to enter my code, the mini-calculator then gives me a one-time code which I then have to enter, and then finally I'm in.
Seriously, Danske Bank. It's 2010. Why on EARTH do I have to actually carry something around with me to access my ONLINE banking? It's absolutely absurd!
I just can not understand it, and it drives me mad.
Why can't I just use the same codes in differen browsers? Give me a good and just reason why, and I'll shut up, but until then; sort it the f*ck out.
ARGH!
Reader Comments (4)
Hi Laura,
Unfortunately, there’s no short answer to your question.
First of all you're right: As the internet evolves, everyone wants to be mobile – across devices, browsers, etc. But at the same time we must protect you as a customer against newly developed attack types – also seen in the wild in UK. Protection sets some natural restrictions to mobility, which we are trying to amend as best as we can.
Our "traditional" security is ActiveX-based (good only for Microsoft IE, sorry) using locally stored keyfiles. For mobility and security reasons this is over time being replaced with our new Java Applet, which runs on almost any newer device and browser – using a 2-factor identity solution. In Denmark this is going towards "NemID" using a papercard with printed codes. Does that sound digital? Not really, but actually it provides great security and quiet neat convenience. You can carry it in your credit-card slots.
In other countries our solution for 2-factor is ActivCard. We agree that this is a little more clumsy to carry, and we are researching other options. However, for the time being we're targetting NemID and will take up other things on our roadmap later.
Judging from your text, you might be thinking "use my cell phone, why don't you?" or something similar. Again, it's being explored, but we need a generic security solution that sustains the same level, whether you use eBanking on a PC or mobile banking on a cell phone.
If the cell phone is also your security device, your solution will be a 1-factor instead of a 2-factor solution and therefore less secure.
So as things stand....in Denmark you will be able to use NemID, which is fairly easy, but you need to carry something, however "light”. If you have Danske Bank in UK, you will need ActivCard, which you also need to carry.
So with a little patience, things will move in the right mobile direction. Please note, that the various restrictions above are not specific to our bank.
All banks must eventually make the choice of either deliver software and identity hardware generic across devices, or give you a much larger and more complicated security device in your hand. The only other option is to be insecure by choice, and we do not believe in this solution in the long run.
Kind regards,
Ebbe Skak Larsen
Chief Security Architect
Danske Bank
Hello Ebbe
Thanks very much for your comment. I must say that I am so pleased to see that someone from Danske Bank found this, and got back to me. Kudos on that :)
Thanks also for your detailed response. I am in Denmark, and have looked in to a NemID, but you're right, it still requires carrying something around, but that isn't a problem really. I mean, if I wanted to log in from a computer away from home and so forth - then yes, that's great security. But what really frustrates me is at my own home when I'm (I can't believe I'm writing this - makes me sounds incredibly lazy!) sitting on the sofa, but have to get up and find my card in order to log on. It just seems to be a step back in ease of access and progress. I have no idea what security systems my UK banks use, whether they are better or worse than the Java Applet, or if their security system is available in Denmark, and while I do appreciate and fully understand your concern for security (rather too much than too little) I will still hold on for the day when I can just enter a code or two from the comfort of my sofa without having to use any paper or plastic, and log on :)
Thanks again for your reply.
Lara
The two-factor authentication for online banking is more and more common. It's widespread in use here in Norway, where we have an industry standard called "BankID". It requires a little code-generator (not as big as your calculator). It's a inconvenience, but it's the only way to improve the security of online banking. Most banks in Norway also supports SMS-based authentication, meaning that you can get a one-time code instead of using the code-generator.
That means we have the combination of our: customer ID/social security number + generated code + personal password.
So Lara, you're not going to get it any easier in the future. It used to be simpler, Skandiabanken for instance allowed you to install an SSL-certificate which was then one of the 3 parts for authentication, but they quit that solution and we're stuck with BankID or SMS.
PS: BankID require Java :-(
Hello SondreB
Thanks for your comment. One of my UK banks has actually started using SMS-based authentication too. So now it's two codes, and a one-time code via SMS. This is totally fine by me as usually your mobile is either on you, or at arm's reach.
I don't mind having to have my mobile on me at all times, as let's face it, who doesn't! But the idea of a seperate card/calculator things just leaves me dumbstruck. I know it can fit in your wallet, but people don't always have their wallet on them.
I hope that Danske Bank do find a way to use SMS authentication. I think it would make a lot of people happy! :)