HSBC security device

HSBC Security Device This security device has been given to HSBC customers in the far east (at least Hong Kong and Malaysia) for a while now, at least a year, for more secure online banking. Yet, in a lunch time conversation with my colleagues when we so happened to chat about the different authentication methods used by the banks, none of them are aware of such security system. In fact, HSBC are already rolling out this in the UK, but only to business customers. I know because I’ve just opened a business account with them recently. The way you use this device is everytime you want to log in to your Internet bank account, you need a username, a password and a 6-digit number from the device, which you will get everytime you press the button on the device. That number is time-sensitive, as in it only lasts for a few seconds, after which you will be given a different number when the button is pressed. Presumably the sequence of numbers, which is unique to the device, need to match the same sequence stored in the HSBC authentication server in time. But how this device can be time synchronised to the server is rather intriguing. My initial guess was it must have a very stable clock that drift very little, hence allowing it to remain closely matched to the server’s clock for a long time. But after experimenting a few times, I have to say that this little device is not as sophisticated as I first thought. Although the numbers on the device keep changing every few seconds, it does not mean that the old number are no longer valid for logging in. I would say the number has a useful timeframe of about at least half a minute, althought I haven’t really stretch-test it :).To sum up, rather than relying on customers to change one set of their passwords every so often, this device changes for them periodically, which is certainly a step forward in terms of securing their login details. But I won’t say I’m overwhelmed by this gizmo.

One thought on “HSBC security device”

  1. Yeah, I agree with you! When I first got this gadget it amazes me so much so that I wonder how this gizmo could help protect the customers. Lots of questions poped in my mind…. could it be certain numbers are hiddened not for use by certain customers at certain intervals? and how could a remote device like this synchronise with a server out in Australia / India? and etc etc…… 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *