Should we use a separate device for online banking?

June 3rd, 2014 | Categories: The internet | Tags:

Here in the UK, this morning’s news is dominated by the Gameover Zeus virus and how it can hold you to ransom, empty your bank accounts and generally ruin your day!

The usual good advice on how to protect yourself from such attacks is doing the rounds but I wondered how effective one extra precaution might be: Only ever log into bank accounts etc using a dedicated device.

I’m seriously considering doing this since internet-capable devices are very cheap these days. While I’m at it, I’m thinking of taking the following extra precautions:

  • Install Linux on the dedicated device since it is not targeted by hackers as often as Windows-based devices are.
  • Create dedicated email addresses for each bank account. That way, if my normal email account were compromised, my bank accounts would still be safe.

Obviously, such a scheme would be less convenient than using whichever of my current devices I happen to be using but I’d rather that than be robbed of everything.

What do you think? Would such a scheme offer any additional protection?

 

  1. Ian Cottam
    June 3rd, 2014 at 08:58
    Reply | Quote | #1

    Some security people say always boot from a Linux CD (or USB stick) before accessing your bank.
    That then becomes a sort of portable dedicated device, if you have your laptop with you.

  2. Craig Stringham
    June 4th, 2014 at 01:54
    Reply | Quote | #2

    I like the USB stick idea. Instead of a live-CD, I think I’ll set up an install of arch linux on a USB that I can keep it up to date with security fixes… but I guess then you still need to be wary about someone sneaking a backdoor in updates.

  3. pmcs
    June 4th, 2014 at 04:04
    Reply | Quote | #3

    It might well offer extra protection but it clearly comes at some considerable extra overhead. Should you really need to spend extra money to access your account securely?

    Thankfully there is a far better solution: two-factor authentication. HSBC, for example, now supply their account holders with a little LCD keypad; this is used to generate a code that needs to be supplied in addition to your account details each time you want to access your account. I have no idea why this isn’t more commonly offered by other banks since it would nullify the effect of malware such as Gameover.

  4. Robert
    June 5th, 2014 at 01:18
    Reply | Quote | #4

    Another radical idea is admitting that internet security is a failed design and quitting on-line banking completely (as well as some other e-services).
    It became a terrible overhead reacting to all big time security threats, changing potentially compromised passwords, email addresses etc.

  5. womble
    June 25th, 2014 at 16:55
    Reply | Quote | #5

    I just don’t do online banking. Having had the misfortune of working on the software at the backend in the past, I don’t ever want to use it.