Same for HDFC
-
Hey there! Welcome to TFC! View fewer ads on the website just by signing up on TF Community.
Serious Security Glitch in ICICI Bank's iMobile Alert
- Thread starter TechnoFino
- Start date
TBH, I personally find it very annoying when SBI asks OTP multiple times. Also, they have weird rule where the passwords expire after a certain time. At times when it's urgent, they won't even let you login into YONO app if your password has expired. This is infuriating as you'll have to first login to NB and then change password ( don't forget you'll have to enter OTP atleast 2-3 times in this process).
Multiple OTPs are annoying for sure. But banks should atleast provide 2FA option. Those who want can switch it on
MrJJ
TF Premier
I don't have anything bad with ICICI on the contrary I like their netbanking portal. I just don't like their security.
In HDFC you have to at least verify with OTP if you're logging in from a new device but there's no such check in ICICI.
Yeah, SBI goes to the extreme sometimes. But I can understand as they're a public bank and biggest one in the world, so they've added every security check possible in their system.
talkwithfino
TF Premier
I felt the same..... Cause, in terms of overall Security, I have found Icici to be ahead compared to other banks.
Not here to defend any bank; Hdfc Mobile app now uses the same method that Icici's iMobile does. That is, it requires access to your sim card and send a automated message from there. It then authenticates; and proceeds to ask your Netbanking Credentials.
Icici is also one of the very few banks which uses 256 bit AES encryption standard. Hdfc is eager to call themselves India's No 1 Bank; but they still use 128 bit encryption; ( idk about Kotak; but the RBI Ban speaks for themselves )
I personally don't like the debit card grid numbers they ask every time ( in icici ) while doing a transaction ( imps, neft, bill payment etc ) but I have not seen that security feature in any other Bank's DC.
It verifies your mobile number, via sim card and then asks for Net Banking or DC details. To be fair, that seems enough; I cannot think of any method to login to somebody else's account in iMobile pay without the sim.
It's very infuriating. I was thinking of making an FD in Sbi once; but the number of OTP's and passwords they asked since the beginning of login, I just gave it up and went to a diff Bank.
Edit
I have never got OTP's for logging in through Net Bankign in Hdfc. Otp's are sent ?????? 😶😶 You did/ Did anyone else did receive Otp
Last edited:
MrJJ
TF Premier
I was talking about Netbanking not mobile app.
I have got username and password of someone (somehow) now I can access their netbanking without any restriction.
YES, ICICI will allow you to log into net banking without 2FA …
You may ask why? because for the ease of use.
Then you may ask where is the security??
This is where it gets interesting…
If you need to do any transaction within net banking then it requires 2FA either thru OTP or Grid value in the DC…
This is how they achieve both ease of use and security…
If someone knows your username , then if someone tries with random passwords initially then your account gets blocked after 3 unsuccessful logins … this is another security feature at the initial level…
So overall, it’s not as bad as one think…
There will be a lot brainstorming happens before they design any security system and choose the right combination of security measures depending upon the method these choose…
You may ask why? because for the ease of use.
Then you may ask where is the security??
This is where it gets interesting…
If you need to do any transaction within net banking then it requires 2FA either thru OTP or Grid value in the DC…
This is how they achieve both ease of use and security…
If someone knows your username , then if someone tries with random passwords initially then your account gets blocked after 3 unsuccessful logins … this is another security feature at the initial level…
So overall, it’s not as bad as one think…
There will be a lot brainstorming happens before they design any security system and choose the right combination of security measures depending upon the method these choose…
MrJJ
TF Premier
In HDFC you need to verify with OTP if you are logging in from a new device.
Also now hdfc forcing to change password every six months. Even though it's just a step you go through twice a year, it's annoying when it suddenly pops up.
At least now they are giving alert 1 month earlier, so I know there's this ritual coming where I have make some combinations of letters numbers and special characters. And no cheating allowed as you can't copy from last 3 passwords you used.
On the other hand in Icici never have I ever changed my password since I started using it. Probably more than 10 years.
Last edited:
