RBS card for purchases

[Marc 0]

I recently got a RBS bank card reader so I could transfer money directly to my son's account if needed. He was recently away at Edinburgh for a few weeks and, suprise surprise ran short of funds. I was able to go into the bank and make a transfer immediately.

Then I thought, what if the bank had been closed? With the card reader I can now transfer money any time.

I may be behind the times, but do people use these readers to pay for online purchases like ebay and websites? Ive seen some ebay sellers using direct transfers. One way to cut down on paypal fees I suppose. All you need is their sort code and account number.

Paypal is slow and I like to pay for purchases immeadiately.

What are your thoughts or experiences?

[Hussulo 6]

I recently got a RBS bank card reader so I could transfer money directly to my son's account if needed. He was recently away at Edinburgh for a few weeks and, suprise surprise ran short of funds. I was able to go into the bank and make a transfer immediately.

Then I thought, what if the bank had been closed? With the card reader I can now transfer money any time.

I may be behind the times, but do people use these readers to pay for online purchases like ebay and websites? Ive seen some ebay sellers using direct transfers. One way to cut down on paypal fees I suppose. All you need is their sort code and account number.

Paypal is slow and I like to pay for purchases immeadiately.

What are your thoughts or experiences?

I have an RBS card reader but never used it yet. PayPal, ebay and other sales don't require it. The only thing I get asked for when sending payments on-line is 3 letters from my password. I've also transferred money to others including dealers on-line but I've just that through on-line banking.

[azda 979]

I recently got a RBS bank card reader so I could transfer money directly to my son's account if needed. He was recently away at Edinburgh for a few weeks and, suprise surprise ran short of funds. I was able to go into the bank and make a transfer immediately.

Then I thought, what if the bank had been closed? With the card reader I can now transfer money any time.

I may be behind the times, but do people use these readers to pay for online purchases like ebay and websites? Ive seen some ebay sellers using direct transfers. One way to cut down on paypal fees I suppose. All you need is their sort code and account number.

Paypal is slow and I like to pay for purchases immeadiately.

What are your thoughts or experiences?

Paypal is generally instant if you have funds in the PP account and paying for something, if on the other hand you want to withdraw funds from PP then it takes as much time to get to your accout as a direct debit does

[davidrj 194]

Paypal is generally instant if you have funds in the PP account and paying for something, if on the other hand you want to withdraw funds from PP then it takes as much time to get to your accout as a direct debit does

That's how the bankers always end up on top!

[Peckris 579]

The only thing I get asked for when sending payments on-line is 3 letters from my password.

OUCH! You've just told us that your passwords are all alphabetic. Hope you don't mind me saying so, but those are crackable pretty swiftly unless it is genuinely random garbage.

Golden rule (from my experience in software) :

• password should be long (11 characters or more is good)

• they should be mix of letters and numbers, and maybe even non-alphanumeric characters too

• they should not be used on all sites and everywhere you go

• they should be changed unless you're absolutely 100% confident they aren't crackable OR they are for blogs and other unimportant sites

I hope I haven't invited you to rearrange the following words into a well-known phrase or saying : "eggs" "don't" "grandmother" "teach" "suck" "your" "to".

[Gary 7]

Use it all the time. Easy, available 24/7 and have had no problems with it. Saves running to the bank everytime I want to transfer funds. All I need is the account number and sorting code for the recipiant. If the person I want to pay is the same bank as me then I find the money is transfered almost straight away.

I second Peckris, a pure alphabetic password should not be used.

Here are a few figures from a recent computer magazine article,

using brute force method, ie using a computer to go through every conceivable combination,

a six number password can be cracked in 9.7 sec

a six letter (lower case) password 50 mins

a six character, numbers and letters 53 hours

a six character, numbers, letters, symbols (®, Œ, «,›, Æ, ¿) 2 years

using smybols in passwords is a pain when typing but as you can see is the hardest to crack.

Another thing that I see all to often is people use that same password for all sites and they tend to use something thats easy to remember like birth dates etc, because its easy. I have cracked my mother in laws email, just for fun of course, because she used the name of her dog as a password, or my brother who uses the name of his wife, big no no. Dont do it!

Use a different password and user name for every site that you have to log into and use a complicated password. Write it down if you have to but store it away from your computer.

Bit of a rant there, sorry, but maybe got you thinking......

[Red Riley 2]

OUCH! You've just told us that your passwords are all alphabetic. Hope you don't mind me saying so, but those are crackable pretty swiftly unless it is genuinely random garbage.

Golden rule (from my experience in software) :

• password should be long (11 characters or more is good)

• they should be mix of letters and numbers, and maybe even non-alphanumeric characters too

• they should not be used on all sites and everywhere you go

• they should be changed unless you're absolutely 100% confident they aren't crackable OR they are for blogs and other unimportant sites

I hope I haven't invited you to rearrange the following words into a well-known phrase or saying : "eggs" "don't" "grandmother" "teach" "suck" "your" "to".

On the other hand, too many or long a password is a virtual guarantee that you will forget it/them as I know by bitter experience! I now use as short a password as possible for sites such as this one where it really doesn't matter, reserving the longer and more forgetable password for something important such as my bank account - still no guarantee I won't forget it though...

[1949threepence 3,367]

Use it all the time. Easy, available 24/7 and have had no problems with it. Saves running to the bank everytime I want to transfer funds. All I need is the account number and sorting code for the recipiant. If the person I want to pay is the same bank as me then I find the money is transfered almost straight away.

I second Peckris, a pure alphabetic password should not be used.

Here are a few figures from a recent computer magazine article,

using brute force method, ie using a computer to go through every conceivable combination,

a six number password can be cracked in 9.7 sec

a six letter (lower case) password 50 mins

a six character, numbers and letters 53 hours

a six character, numbers, letters, symbols (®, Œ, «,›, Æ, ¿) 2 years

using smybols in passwords is a pain when typing but as you can see is the hardest to crack.

Another thing that I see all to often is people use that same password for all sites and they tend to use something thats easy to remember like birth dates etc, because its easy. I have cracked my mother in laws email, just for fun of course, because she used the name of her dog as a password, or my brother who uses the name of his wife, big no no. Dont do it!

Use a different password and user name for every site that you have to log into and use a complicated password. Write it down if you have to but store it away from your computer.

Bit of a rant there, sorry, but maybe got you thinking......

Not at all a rant, rather a very interesting and thought provoking post.

[argentumandcoins 70]

You could try my wifes approach. She makes sure that I never have a brass tack in my bank account so it doesn't matter if someone hacks it or not

[Peckris 579]

a six number password can be cracked in 9.7 sec

a six letter (lower case) password 50 mins

a six character, numbers and letters 53 hours

a six character, numbers, letters, symbols (®, Œ, «,›, Æ, ¿) 2 years

And if you use any obscure WORD that' in a dictionary, a dictionary run against your password will crack it fairly quickly.

On the other hand, too many or long a password is a virtual guarantee that you will forget it/them as I know by bitter experience! I now use as short a password as possible for sites such as this one where it really doesn't matter, reserving the longer and more forgetable password for something important such as my bank account - still no guarantee I won't forget it though...

Ok, I'm now going to GIVE AWAY my (non) patented system that is foolproof (I believe).

1. Think up a pass phrase or long name that contains roughly half the letters of the alphabet (e.g. THE QUICK BROWN FOX ... but don't use that!!!) Commit this to memory and don't ever tell a soul or write it down.

2. Come up with something easy to remember, such as your name (e.g. "John Thompson")

3. Use the pass phrase, whose letters turn into numbers starting with 0 (T=0 H=1 E=2 Q=3 U=4 I=5 C=6 K=7 B=8 R=9 O=10 W=11 N=12 F=13 X=14 in the example I gave), to encipher your chosen password.

Under that system, "John Thompson" converts to "J10112@0110mps1012" (I've used @ to represent the space, but you can pick any character)

It sounds unwieldy, and is, the first few times you use it. The more you use it, the more you come to learn what the numbers are in your pass phrase and the process becomes instinctive. The great thing about it is, you can write down a password hint, e.g. "full name" and even someone who knows your name won't be able to crack what it converts to. And even knowing the length of your name won't help them, as some letters convert to two-digit numbers, so the length of the password won't be the same as the name.

So, for the cost of slightly time-consuming conversion, especially when you first start using it, you will be able to write down strong password hints, secure in the knowledge that someone who understands the hint still won't be able to crack your password.

And yes, I use this system. And no, you can't know what my pass phrase is!

[1949threepence 3,367]

a six number password can be cracked in 9.7 sec

a six letter (lower case) password 50 mins

a six character, numbers and letters 53 hours

a six character, numbers, letters, symbols (®, Œ, «,›, Æ, ¿) 2 years

And if you use any obscure WORD that' in a dictionary, a dictionary run against your password will crack it fairly quickly.

On the other hand, too many or long a password is a virtual guarantee that you will forget it/them as I know by bitter experience! I now use as short a password as possible for sites such as this one where it really doesn't matter, reserving the longer and more forgetable password for something important such as my bank account - still no guarantee I won't forget it though...

Ok, I'm now going to GIVE AWAY my (non) patented system that is foolproof (I believe).

1. Think up a pass phrase or long name that contains roughly half the letters of the alphabet (e.g. THE QUICK BROWN FOX ... but don't use that!!!) Commit this to memory and don't ever tell a soul or write it down.

2. Come up with something easy to remember, such as your name (e.g. "John Thompson")

3. Use the pass phrase, whose letters turn into numbers starting with 0 (T=0 H=1 E=2 Q=3 U=4 I=5 C=6 K=7 B=8 R=9 O=10 W=11 N=12 F=13 X=14 in the example I gave), to encipher your chosen password.

Under that system, "John Thompson" converts to "J10112@0110mps1012" (I've used @ to represent the space, but you can pick any character)

It sounds unwieldy, and is, the first few times you use it. The more you use it, the more you come to learn what the numbers are in your pass phrase and the process becomes instinctive. The great thing about it is, you can write down a password hint, e.g. "full name" and even someone who knows your name won't be able to crack what it converts to. And even knowing the length of your name won't help them, as some letters convert to two-digit numbers, so the length of the password won't be the same as the name.

So, for the cost of slightly time-consuming conversion, especially when you first start using it, you will be able to write down strong password hints, secure in the knowledge that someone who understands the hint still won't be able to crack your password.

And yes, I use this system. And no, you can't know what my pass phrase is!

I like it, Peck, and may well adopt it. Given that a combination system is obviously the most difficult to crack.

Your system would have kept Bletchley Park busy during WW2 ~ sort of like the Enigma variations (except no Elgar in evidence) ~ if you see what I mean

[RobJ 0]

Ok, I'm now going to GIVE AWAY my (non) patented system that is foolproof (I believe).

1. Think up a pass phrase or long name that contains roughly half the letters of the alphabet (e.g. THE QUICK BROWN FOX ... but don't use that!!!) Commit this to memory and don't ever tell a soul or write it down.

2. Come up with something easy to remember, such as your name (e.g. "John Thompson")

3. Use the pass phrase, whose letters turn into numbers starting with 0 (T=0 H=1 E=2 Q=3 U=4 I=5 C=6 K=7 B=8 R=9 O=10 W=11 N=12 F=13 X=14 in the example I gave), to encipher your chosen password.

Under that system, "John Thompson" converts to "J10112@0110mps1012" (I've used @ to represent the space, but you can pick any character)

It sounds unwieldy, and is, the first few times you use it. The more you use it, the more you come to learn what the numbers are in your pass phrase and the process becomes instinctive. The great thing about it is, you can write down a password hint, e.g. "full name" and even someone who knows your name won't be able to crack what it converts to. And even knowing the length of your name won't help them, as some letters convert to two-digit numbers, so the length of the password won't be the same as the name.

So, for the cost of slightly time-consuming conversion, especially when you first start using it, you will be able to write down strong password hints, secure in the knowledge that someone who understands the hint still won't be able to crack your password.

And yes, I use this system. And no, you can't know what my pass phrase is!

That is a very interesting way to create a secure password. Thanks for sharing it Peckris.

Some years ago I used to work as Second Level Technical Support for a large ISP. It never ceased to amaze me when dealing with the Public, and some Co-Workers for that matter, how simple and basic their Passwords were. For example 'Cat' 'Pizza' or '12345'

I did always encourage people to create a stronger password using letters and numbers as it was much safer than a simple word or number sequence.

I did develop my own method to create secure Passwords. It is actually quite similar to the one that Peckris devised and explained above in the way that it works.

Simply write down the letters of the Alphabet from A-Z. Then write the numbers from 1-26 beside each letter. A=1, B=2, C=3 etc.

Then choose a word to encode, this can be a name, a place, a TV show or whatever you want it to be as long as you can remember it.

For this example I will use PREDECIMAL

Then count the letters of the word to see if they add up to an Odd or Even number. In this example the word has 10 letters so it is an Even number.

Then to create your Password, because the word we have chosen is an even number, write each Odd letter as its letter and each Even letter as its relating number. (If your word is Odd then simply write each Odd letter as its related number and each Even letter as its letter.

So PREDECIMAL would be P=Odd R=Even E=Odd D=Even E=Odd C=Even I=Odd M=Even A=Odd L=Even

The Pasword for PREDECIMAL would be : p18e4e3i13a12

You can even make the first and last letters capital letters to make it harder to 'Crack.'

The Password would then be : P18e4e3i13A12

It does sound quite a long winded way to create a Password, but if you try it a few times you will see how it works and be able to pick it up and understand it easily.

I have found this to be a simple method to create a secure Password because as long as you can remember the word that you have chosen it is very easy to encode it or re-encode it if you forget the Password as you can simply run through the letters of the Alphabet and their related numbers in your head.

I do use this method myself to create Passwords and I have never personally had any problems with it. I do only use this type of Password for Forums and other such Websites. For Websites which are more sensitive I developed a similar method which also incoporates Prime Numbers and an adapted Fibonacci Sequence.

[Peckris 579]

Ok, I'm now going to GIVE AWAY my (non) patented system that is foolproof (I believe).

1. Think up a pass phrase or long name that contains roughly half the letters of the alphabet (e.g. THE QUICK BROWN FOX ... but don't use that!!!) Commit this to memory and don't ever tell a soul or write it down.

2. Come up with something easy to remember, such as your name (e.g. "John Thompson")

3. Use the pass phrase, whose letters turn into numbers starting with 0 (T=0 H=1 E=2 Q=3 U=4 I=5 C=6 K=7 B=8 R=9 O=10 W=11 N=12 F=13 X=14 in the example I gave), to encipher your chosen password.

Under that system, "John Thompson" converts to "J10112@0110mps1012" (I've used @ to represent the space, but you can pick any character)

It sounds unwieldy, and is, the first few times you use it. The more you use it, the more you come to learn what the numbers are in your pass phrase and the process becomes instinctive. The great thing about it is, you can write down a password hint, e.g. "full name" and even someone who knows your name won't be able to crack what it converts to. And even knowing the length of your name won't help them, as some letters convert to two-digit numbers, so the length of the password won't be the same as the name.

So, for the cost of slightly time-consuming conversion, especially when you first start using it, you will be able to write down strong password hints, secure in the knowledge that someone who understands the hint still won't be able to crack your password.

And yes, I use this system. And no, you can't know what my pass phrase is!

That is a very interesting way to create a secure password. Thanks for sharing it Peckris.

Some years ago I used to work as Second Level Technical Support for a large ISP. It never ceased to amaze me when dealing with the Public, and some Co-Workers for that matter, how simple and basic their Passwords were. For example 'Cat' 'Pizza' or '12345'

I did always encourage people to create a stronger password using letters and numbers as it was much safer than a simple word or number sequence.

I did develop my own method to create secure Passwords. It is actually quite similar to the one that Peckris devised and explained above in the way that it works.

Simply write down the letters of the Alphabet from A-Z. Then write the numbers from 1-26 beside each letter. A=1, B=2, C=3 etc.

Then choose a word to encode, this can be a name, a place, a TV show or whatever you want it to be as long as you can remember it.

For this example I will use PREDECIMAL

Then count the letters of the word to see if they add up to an Odd or Even number. In this example the word has 10 letters so it is an Even number.

Then to create your Password, because the word we have chosen is an even number, write each Odd letter as its letter and each Even letter as its relating number. (If your word is Odd then simply write each Odd letter as its related number and each Even letter as its letter.

So PREDECIMAL would be P=Odd R=Even E=Odd D=Even E=Odd C=Even I=Odd M=Even A=Odd L=Even

The Pasword for PREDECIMAL would be : p18e4e3i13a12

You can even make the first and last letters capital letters to make it harder to 'Crack.'

The Password would then be : P18e4e3i13A12

It does sound quite a long winded way to create a Password, but if you try it a few times you will see how it works and be able to pick it up and understand it easily.

I have found this to be a simple method to create a secure Password because as long as you can remember the word that you have chosen it is very easy to encode it or re-encode it if you forget the Password as you can simply run through the letters of the Alphabet and their related numbers in your head.

I do use this method myself to create Passwords and I have never personally had any problems with it. I do only use this type of Password for Forums and other such Websites. For Websites which are more sensitive I developed a similar method which also incoporates Prime Numbers and an adapted Fibonacci Sequence.

That's quite similar to my method, as you say Rob, and it does seem strong. It does have one slight flaw : the enciphering is less random as you use a code that is very common (A=1 etc), plus you convert every alternate letter, though which one you start with is not so predictable. One small addition might make it even stronger? Pick a non-alphameric character (!?"@£$%^&* etc) and add it before and after the first vowel that's not converted into a number. (Obviously it would be the same character each time, so you'd have to remember that!) This would help prevent 'reverse engineering' if someone found one of your passwords.

But we're obviously both giving some thought to this!

Edited December 19, 2010 by Peckris

[Peter 615]

I just use Peter123...safe as houses

[RobJ 0]

That's quite similar to my method, as you say Rob, and it does seem strong. It does have one slight flaw : the enciphering is less random as you use a code that is very common (A=1 etc), plus you convert every alternate letter, though which one you start with is not so predictable. One small addition might make it even stronger? Pick a non-alphameric character (!?"@£$%^&* etc) and add it before and after the first vowel that's not converted into a number. (Obviously it would be the same character each time, so you'd have to remember that!) This would help prevent 'reverse engineering' if someone found one of your passwords.

But we're obviously both giving some thought to this!

Sadly, as you correctly point out, the A=1, B=2, C=3, etc, Cipher is the flaw in this system. As it is possibly the most common, and perhaps well known, of all systems I would think.

I have experimented using the same basic concept but changing the Cipher. To be honest the results were better as it would be much harder for anyone to figure out, but the complexity of actually creating the Password in the first place was at least doubled.

I like the simplicity of it, as it is so easy to encode and decode, but that sadly is also its 'Achilles Heel.' lol

I do like that idea of adding a non Alpha-Numeric Character in the way that you suggested, I will sit and have a play with that idea. In fact I do something similar in that I exchange the Vowels themselves for them. This does of course add an element of randomisation to the overall system but has the downside of a simple transpositon which would show a pattern if looked at closely enough.

I sat with a pen and paper last night and devised a couple of new ideas for a basic yet secure way to create strong Passwords, but I will have to play with them a little longer to see how they develop.

If I am honest, I do only use that system for Forums and various other Websites. I have a modified system for E-Mail, etc. So if it were to be 'Cracked' then all I would lose is a few Forum accounts, which is no great loss to me.

They way that I think about it is that no 'Serious Hacker' would waste their time or effort in trying to 'Crack' a Forum Password as there would simply be no challenge in it for them. So as long as my Passwords are strong enough to keep the 'Average Joe' on their toes, then I do not worry at all.

[Peckris 579]

That's quite similar to my method, as you say Rob, and it does seem strong. It does have one slight flaw : the enciphering is less random as you use a code that is very common (A=1 etc), plus you convert every alternate letter, though which one you start with is not so predictable. One small addition might make it even stronger? Pick a non-alphameric character (!?"@£$%^&* etc) and add it before and after the first vowel that's not converted into a number. (Obviously it would be the same character each time, so you'd have to remember that!) This would help prevent 'reverse engineering' if someone found one of your passwords.

But we're obviously both giving some thought to this!

Sadly, as you correctly point out, the A=1, B=2, C=3, etc, Cipher is the flaw in this system. As it is possibly the most common, and perhaps well known, of all systems I would think.

I have experimented using the same basic concept but changing the Cipher. To be honest the results were better as it would be much harder for anyone to figure out, but the complexity of actually creating the Password in the first place was at least doubled.

I like the simplicity of it, as it is so easy to encode and decode, but that sadly is also its 'Achilles Heel.' lol

I do like that idea of adding a non Alpha-Numeric Character in the way that you suggested, I will sit and have a play with that idea. In fact I do something similar in that I exchange the Vowels themselves for them. This does of course add an element of randomisation to the overall system but has the downside of a simple transpositon which would show a pattern if looked at closely enough.

I sat with a pen and paper last night and devised a couple of new ideas for a basic yet secure way to create strong Passwords, but I will have to play with them a little longer to see how they develop.

If I am honest, I do only use that system for Forums and various other Websites. I have a modified system for E-Mail, etc. So if it were to be 'Cracked' then all I would lose is a few Forum accounts, which is no great loss to me.

They way that I think about it is that no 'Serious Hacker' would waste their time or effort in trying to 'Crack' a Forum Password as there would simply be no challenge in it for them. So as long as my Passwords are strong enough to keep the 'Average Joe' on their toes, then I do not worry at all.

True enough. All my sensitive (i.e. financial) data is encrypted, and behind a password that is 44 characters in length ... that should take a good few millennia to crack

[ski 1]

and of course a millenia is about a millisecond to a computer set up to generate passwords

[Peckris 579]

and of course a millenia is about a millisecond to a computer set up to generate passwords

Seriously.. NOT! Do you know how many possible permutations there are in a 44 character string that can be a mix of letters (upper / lower case), numerals, and non-alphameric characters? I have not done the maths, but I'm prepared to bet it's mind boggling. As for the computer generating passwords - don't forget each one generated would have to be applied to the file concerned, then the OS would have to 'accept' or 'reject' it - all of which takes time; multiply that by a vast number and 'millennia' isn't much of an exaggeration.