Handling Financial Web Site Tricks
Many financial websites are adding new “features” in an attempt to fight phishing scams and other criminal activities.
Below are several different tricks being used by these sites, and how 1Password can be used in each situation.
Many sites make you enter your user ID on one page, submit the form, then enter your password on a second page. After submitting this form you are then presented with another screen for the secure ID or some other piece of identifying information.
Several financial sites have started using this “feature.” 1Password can help by filling the form on each page for you, but you need to save multiple web forms to do this. For example:
- Bank Of America – Login Id
- Bank Of America – Password
- Bank Of America – Secure Id
You can then restore each of these in sequence. If you use the ⌘-\ keyboard shortcut and the Autosubmit feature, it works pretty well.
For more details, please see this tutorial.
iVerify provides several different layers of security. An image and optionally a phrase are displayed on the screen to confirm that you are at the right website (an anti-phishing technique). For instance, this is how T.Rowe Price uses iVerify.
iVerify shows you a set of random images; you have to select one and then continue. Sadly, 1Password cannot select the image for you. Everything about this page is random and there is no way for 1Password to remember the image for you. After making your selection and continuing, you may be given the option of selecting a challenge question or phrase. 1Password can fill this for you.
RSA Adaptive Authentication
RSA seems very similar to iVerify. Its main purpose appears to be anti-phishing:
We also check the computer(s) or device(s) that you are using to access the web site. Typically you will access the web site from one or two computers, such as your work and home machine. RSA Adaptive Authentication remembers your computer. Should you need to login from a different computer, such as an Internet cafe, we will take additional steps to verify your identity, such as ask you to provide the answer to one of your challenge questions we both know the answers to.
The way you can use 1Password here is to have it remember your user ID and password in a Login item. The answer to your challenge question can be saved in a second web form. For example:
- Valley Bank – Login
- Valley Bank – Challenge question