tag:blogger.com,1999:blog-8353696605063426251.post2640824635007432784..comments2023-09-23T10:44:35.234+03:00Comments on Techy Title Here: NBK: Sticky-note SecurityMBHhttp://www.blogger.com/profile/07293824491909131393noreply@blogger.comBlogger12125tag:blogger.com,1999:blog-8353696605063426251.post-28676234313395979812009-02-14T18:14:00.000+03:002009-02-14T18:14:00.000+03:00Mahbob,I think the variety of pictures that NBK ha...<B>Mahbob</B>,<BR/>I think the variety of pictures that NBK has should contain at least one point of interest for every person out there.<BR/><BR/>I agree with you that selecting your own picture would make stick more in your memory, but also if you choose a cute kitten picture if you're a cat fan! Overloading the servers with uploaded images from users isn't needed.<BR/><BR/>Also, if you let users upload their own images, as a bank you'd need to manage/restrict types of images, resize them, and even worse: store them!<BR/><BR/>I'm glad that you compared it to Yahoo. It shows multiple ways of implementing such solutions.MBHhttps://www.blogger.com/profile/07293824491909131393noreply@blogger.comtag:blogger.com,1999:blog-8353696605063426251.post-56123741431767495282009-02-14T11:03:00.000+03:002009-02-14T11:03:00.000+03:00The picture part I don't like it . because they ar...The picture part I don't like it . because they are forcing me to choose from collection I don't like also all hackers knows what picture it can be so they can save all the picture and randomly bring one and because I'm the victim I don't remember what I don't like so I will accept it . so I think it is better to upload my own picture so I'm the only one who knows what picture otherwise it is sucks . you can see my review<BR/><BR/>http://dr-mahbob.com/blog/2009/02/03/wol-security-key-vs-yahoo-sign-in-seal/Mahbobhttps://www.blogger.com/profile/17098450849570641762noreply@blogger.comtag:blogger.com,1999:blog-8353696605063426251.post-64642628392319565742009-02-10T10:03:00.000+03:002009-02-10T10:03:00.000+03:00Nemo, I do NOT recommend that you save it in your ...<B>Nemo</B>, I do NOT recommend that you save it in your email AT ALL!<BR/><BR/>At anycase where your account is hacked, you will very much regret that!<BR/><BR/>The answers to the questions are NOT case sensitive.MBHhttps://www.blogger.com/profile/07293824491909131393noreply@blogger.comtag:blogger.com,1999:blog-8353696605063426251.post-21501925120177124462009-02-09T22:14:00.000+03:002009-02-09T22:14:00.000+03:00favorite movie: madri i thought it was tropic thun...favorite movie: madri i thought it was tropic thunder bs yemken i choose something else!<BR/><BR/>favorite country: i thought its kuwait bs 6ala3 wrong!! i still have no idea what country i would put instead! <BR/><BR/>are the answers case-sensitive??<BR/><BR/>once i call them to unlock my account i will write all the answers and save it in my email :pNemohttps://www.blogger.com/profile/17666114437067013393noreply@blogger.comtag:blogger.com,1999:blog-8353696605063426251.post-25981615021940649892009-02-08T13:25:00.000+03:002009-02-08T13:25:00.000+03:00All hail KFH :P @NBKThis measure sounds very impra...All hail KFH :P <BR/><BR/>@NBK<BR/>This measure sounds very impractical. The questions can easily be answered by relatives and friends. <BR/><BR/>@Favorite Movies<BR/>I would normally have different answers when I'm asked what's my favorite movie too, since I have several ones; depends on one's mood really. <BR/><BR/>@Favorite Countries<BR/>Laa 3ad qaweyya :DNosayba El-Sayedhttps://www.blogger.com/profile/02133521668776953404noreply@blogger.comtag:blogger.com,1999:blog-8353696605063426251.post-45172711417370823672009-02-07T09:39:00.000+03:002009-02-07T09:39:00.000+03:00Bashar, If you added/registered your PC, you don&#...<B>Bashar</B>, If you added/registered your PC, you don't get a random question out of the five.<BR/><BR/>Seriously? You're not willing to memorize your civil ID, but willing to memorize 5 different questions & their answers (assuming non-relative answers)??? :/<BR/><BR/>Who cares about general sites? This is specific to MY BANK! They should utilize what info they have instead of flooding their database with more info.<BR/><BR/>I think they just got this as a ready-made package and deployed it as is.MBHhttps://www.blogger.com/profile/07293824491909131393noreply@blogger.comtag:blogger.com,1999:blog-8353696605063426251.post-42914945629200622662009-02-07T05:37:00.000+03:002009-02-07T05:37:00.000+03:00MBH: Sorry, I just realized ur first comment is fo...MBH: Sorry, I just realized ur first comment is for me. I was blindly looking for Bashar: to know its for me :)<BR/><BR/>Civil ID: You have a point. General sites like Yahoo don't have this civil ID luxury. I think it's less convenient for some people though since they don't recall their civil ID, and may not have it. I'm guessing here they do remember the photo and phrase however :)Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8353696605063426251.post-50330153615478356732009-02-07T04:53:00.000+03:002009-02-07T04:53:00.000+03:00wait wait! I think I'm gonna cry here. Nemo: First...wait wait! I think I'm gonna cry here. <BR/><BR/>Nemo: First, how could you forget your favorite movie? Just curious :)<BR/><BR/>second, are they gonna ask these 5 questions everytime I login? I logged in just today and didn't get them. Is it because I added my PC, which I already have some doubts about!<BR/><BR/>Heck I really need the online for serious work :/ I cant tolerate any 1 day delaysAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-8353696605063426251.post-55163223583193563582009-02-06T21:03:00.000+03:002009-02-06T21:03:00.000+03:00Nemo, LOL!POINT PROVED!I have to admit that I wrot...<B>Nemo</B>, LOL!<BR/>POINT PROVED!<BR/><BR/>I have to admit that I wrote them down because I didn't want to go through the inconvenience of having to call when I need to access my account (usually I'm in a hurry and it's urgent)MBHhttps://www.blogger.com/profile/07293824491909131393noreply@blogger.comtag:blogger.com,1999:blog-8353696605063426251.post-10553090368463610692009-02-06T20:57:00.000+03:002009-02-06T20:57:00.000+03:00i didnt like it :S:S:SI did that few days ago .. a...i didnt like it :S:S:S<BR/><BR/>I did that few days ago .. and today i wanted to check my account<BR/><BR/>question 1: whats ur fav country?<BR/>i forgot<BR/><BR/>question 2: whats ur fav movie?<BR/>i forgot<BR/><BR/>question 1 again: forgot ...<BR/><BR/><BR/>account locked .. call 801801 <BR/>i didn't call (lazy)<BR/>i'll call when i need to :pNemohttps://www.blogger.com/profile/17666114437067013393noreply@blogger.comtag:blogger.com,1999:blog-8353696605063426251.post-65800852427438244242009-02-06T20:20:00.000+03:002009-02-06T20:20:00.000+03:00They already have my full name and civil ID, why n...They already have my full name and civil ID, why not use those?<BR/><BR/>Any phishing site won't have them!<BR/><BR/>As I mentioned, they request me to enter parts of my civil ID to confirm my identity when adding beneficiaries.MBHhttps://www.blogger.com/profile/07293824491909131393noreply@blogger.comtag:blogger.com,1999:blog-8353696605063426251.post-12649884007504058512009-02-06T20:11:00.000+03:002009-02-06T20:11:00.000+03:00Thanks for this detailed review. Whether it's ...Thanks for this detailed review. Whether it's good or bad, it will definitely create a large headache on clients and help desk. An extra step needed to be taken by all banks however after the increased fraud.<BR/><BR/>You point about questions: I have the absolute same concern. Right is too trivial, and fake will make me forget.<BR/><BR/>For the picture and phrase, I think its purpose is to fight malicious fake site, which try to capture same NBK look & feel with similar URL. Now lots of people might miss it, but the fake site will have difficulty knowing the picture and phrase for all or great number of cards. They have to do some work to get it. So if you happen to arrive at a fake site, and get a wrong picture of phrase, you can easily tell there is something wrong. They should explain this piece of information though further.<BR/><BR/>However, I think it's still easy for a fake site with little effort to fake a request with your submitted NBK card number, to get your photo and phrase from NBK, and then deliver it to you on their site. Is there a counter-measure here? I don't know.<BR/><BR/>Add a PC: Yeah, this made me curious also.Anonymousnoreply@blogger.com