You would think that your bank would make sure their website is secure so that no one can steal your login info, right? Well, if your bank or credit card company is American Express, Bank of America, Chase, Discover, First Equity, MBNA, Providian, Wachovia, or Washington Mutual, then think again. (Banks that are not so careless with your account security include Advanta, CapitalOne, Citibank, and Peoples.) this information may be outdated as sites update security on a regular basis when flaws or holes are found.
It's easy to tell whether your connection to your bank is secure: the address bar will start with https:// instead of http://. (Note the "s".) When you're on a page with https://, all information is scrambled in both directions, so if someone is eavesdropping on your connection, all they get is scrambled data. If your page is plain http://, your login data is vulnerable.
What's worse, the banks with the insecure logins incorrectly tell you that their logins are in fact secure! They invariably show padlock icons with reassuring words like "Secure Area", and often those icons are linked to pages that give you some B.S. about how the page is actually secure even though it's not an https:// page because your login data is encrypted as soon as you hit the Submit button to send it to the bank. But they're dead wrong about your login info being secure. They're not only giving you an insecure login, they're lying about it.
In a minute I'll give you the technical details as to why they're wrong (if you're interested), but more importantly you're probably wondering, "Okay, so what do I do about this?" First, consider changing banks. Any bank which plays fast and loose with your account security -- and then lies to you about it -- doesn't deserve your business.
If you don't want to go that route, than a less drastic course of action is to find the secure login page on your bank's website. For most bank websites it's easy: Just type in the wrong username and password, and then you'll be taken to an error page which is properly secure, which you can verify from the https://. If that doesn't work then click around the bank's website and try to find another login page. Often you can click the padlock next to the login button which will take you to the bank's B.S. explanation about how the login is supposedly secure, but right under that they may provide a link to a real, secure login page. Finally, you can try just typing in the "s" when you're first loading the website, like https://www.bankname.com. That doesn't work with most of them, and I didn't try them all, but I found it does work with Discover Card and Wachovia.
Here's the technical explanation for those who want it: Your bank wants to put the login form right on their home page so that customers don't have to bother clicking over to a separate login page. That means the home page should be secure. But secure pages have a downside: they're slow. Your bank's computer has to scramble the web page before it sends it to you, and your computer has to unscramble the page when it receives it. Banks don't want their home page to be slow!
So the banks had two choices: they could either keep the home page fast by making it insecure and having customers click over to a separate, secure login page in order to log in, or they could put the login form on the home page and make it secure, in which case the home page was slow. Banks didn't like either of these options, so they dreamed up what they thought was a good workaround, except they're wrong.
When you click a Submit button on a web page, your login data is sent to some web address, and it can be either an http:// or an https:// address. The banks thought, "Aha! We'll put the login form on a plain, insecure page, but the Submit button will send the login data to our https:// address, so the user's login data will be scrambled and no one will be able to intercept it. That way we'll be able to have a fast-loading home page and the login will still be secure."
Here's why that doesn't work: A hacker listening in on the conversation can intercept the bank's home page as it's sent to your computer. The hacker changes the code of the page so that the Submit button will send the login form to https://www.HackerWebsite.com instead of to https://www.BankName.com. When the page loads in your computer it doesn't look any different than normal. You type in your username and password and click Submit, and your login info is sent straight into the hands of the hacker. The hacker then sends the same login info to your bank so that you successfully log into your bank's website, and you're none the wiser. But later the hacker can go log into your bank account himself.
Yeah, it's unlikely this will happen, but definitely not impossible. And there's no excuse for the banks not to provide a secure login. In fact, it's simple for them to do so -- they just don't want to.
The banks' method of security is like having a house with two doors and locking only one of them.Netcraft and Microsoft for almost a year now, but most banks aren't listening. As is often the case, it's up to consumers to look after their own interests.
However your average computer user, much like a car owner - uses the machine, but that doesn't mean you need to be a mechanic - any more than you need to be a computer tech to own and use a computer. Not all people know about this kind of info. and what to do... That's where Back to Basics Computers Comes in - we can take care of your security needs address your concerns and ensure that your online shopping and or banking is truly secure.
Ask us about our system security check and remember - we can setup your home or office network to be encrypted and secure. Just give us a call and our great secretary Anne will set up your appointment, in house or on site. As Benjaman Franklin said: "An ounce of prevention is worth a pound of cure." Apparently this is as true as ever, even in the technology age that is now in the begining of the 21st Century!Based on an Article on www.websitehelpers.com
