Changing PINs of German bank card

classic Classic list List threaded Threaded
46 messages Options
123
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Changing PINs of German bank card

Guan Xin
This is probably a general question --

I have never seen a German bank that allows changing the PIN of a card.
So I wonder if it is because using a fixed (non-changeable) 4-digit PIN mailed in clear text really safer than using a 4 to 6 digit variable length PIN that never explicitly appears anywhere.

If German banks are right, then should I follow their method and store the PINs of my OpenPGP cards on a piece of paper?

Guan

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Changing PINs of German bank card

Ingo Klöcker
On Monday 10 July 2017 23:42:12 Guan Xin wrote:
> This is probably a general question --
>
> I have never seen a German bank that allows changing the PIN of a
> card. So I wonder if it is because using a fixed (non-changeable)
> 4-digit PIN mailed in clear text really safer than using a 4 to 6
> digit variable length PIN that never explicitly appears anywhere.

... and that would very often be either 1234[56] or the card owner's
date of birth as we all know. A random 4-digit PIN randomly chosen by
the bank is certainly safer than this.


> If German banks are right, then should I follow their method and store
> the PINs of my OpenPGP cards on a piece of paper?

German banks require you to destroy the PIN letter after memorizing the
PIN. You are not supposed to keep the letter. If you want to follow
their method then write your PIN on a piece of paper, memorize the PIN
and then burn or eat the piece of paper. ;-)


Regards,
Ingo


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Changing PINs of German bank card

Matthias Apitz
In reply to this post by Guan Xin
El día lunes, julio 10, 2017 a las 11:42:12p. m. +0800, Guan Xin escribió:

> This is probably a general question --
>
> I have never seen a German bank that allows changing the PIN of a card.
> So I wonder if it is because using a fixed (non-changeable) 4-digit PIN
> mailed in clear text really safer than using a 4 to 6 digit variable length
> PIN that never explicitly appears anywhere.

Nowadays some German banks allow changing the PIN in the Teller
Machines. I saw it today in an ATM of the Sparkasse. Amex allows (or
allowed) requesting a new personal PIN by fax.

        matthias
--
Matthias Apitz, ✉ [hidden email], ⌂ http://www.unixarea.de/  ☎ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
8. Mai 1945: Wer nicht feiert hat den Krieg verloren.
8 de mayo de 1945: Quien no festeja perdió la Guerra.
May 8, 1945: Who does not celebrate lost the War.

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Changing PINs of German bank card

gnupg-users.dirk
since german bankingcards / even girocard should comply to EMV Standard
a change of PIN via Issuer Script should be possible - if the issuer -
your bank - supports it.

FYI: You have to change the PIN in the Card for offline validation  and
the PIN stored in the issuers backed.

In e.g. switerland it is normal to change your PIN - which is most time
6 Digits long.

best regards

Dirk

On 10.07.2017 19:52, Matthias Apitz wrote:

> El día lunes, julio 10, 2017 a las 11:42:12p. m. +0800, Guan Xin escribió:
>
>> This is probably a general question --
>>
>> I have never seen a German bank that allows changing the PIN of a card.
>> So I wonder if it is because using a fixed (non-changeable) 4-digit PIN
>> mailed in clear text really safer than using a 4 to 6 digit variable length
>> PIN that never explicitly appears anywhere.
> Nowadays some German banks allow changing the PIN in the Teller
> Machines. I saw it today in an ATM of the Sparkasse. Amex allows (or
> allowed) requesting a new personal PIN by fax.
>
> matthias
>
>
> _______________________________________________
> Gnupg-users mailing list
> [hidden email]
> http://lists.gnupg.org/mailman/listinfo/gnupg-users



_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Changing PINs of German bank card

MFPA-5
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512



On Monday 10 July 2017 at 8:24:28 PM, in
<mid:[hidden email]>,
[hidden email] wrote:-


> In e.g. switerland it is normal to change your PIN -
> which is most time
> 6 Digits long.

In the UK bank card PINs are almost exclusively 4 digits long. The
bank allocates a PIN initially, but the customer can usually change it
as often as they like at an ATM that supports PIN changes.

- --
Best regards

MFPA                  <mailto:[hidden email]>

Hard work never killed anyone, but why take a risk?
-----BEGIN PGP SIGNATURE-----

iNUEARYKAH0WIQQzrO1O6RNO695qhQYXErxGGvd45AUCWWQQEV8UgAAAAAAuAChp
c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNB
Q0VENEVFOTEzNEVFQkRFNkE4NTA2MTcxMkJDNDYxQUY3NzhFNAAKCRAXErxGGvd4
5PYiAP9EsNwdiB/SIfTLFBdfUvZZoRXP45DGJS7pIbRFK/+hTAEAs3wPoT9uSXhV
cw1zh3xFCanohsHofRcWzoa5wB1pYAuJAZMEAQEKAH0WIQSzrn7KmoyLMCaloPVr
fHTOsx8l8AUCWWQQF18UgAAAAAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0QjNBRTdFQ0E5QThDOEIzMDI2QTVBMEY1NkI3
Qzc0Q0VCMzFGMjVGMAAKCRBrfHTOsx8l8LF2B/9B5cN54cApj+jdAge2m7M0VRXB
VQVbGSxnlCniGJnLAsN69KffCV9RkHsQtj0lYM6j1AbStJd2PJUh7ZFK2mMPhtOl
SNYaXgFJL/8nEqM84NKI1GdxOWhd5wiQ82zbpiqDV0R4GjGnswudjjVfIXjJanGx
3tf6SknBCCW2KSeg9rOqBJP9PKA2EpDbEx0Ol8Wacg0tH/zVlXUPnwqPb8ezYsNS
DyrSW+ndCNUNVEgFGpZpJXENe9MyP6D9RD0hSHfIY+J6BWQZ/UeM/21eDE9o50e9
dGA+a0SyDPbRx+A6CaGBvcfVZWbCcQgfyHEmL92ZQBGD/Fcnefn2WM1SAy7Z
=JVCv
-----END PGP SIGNATURE-----


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Changing PINs of German bank card

Guan Xin
In reply to this post by Ingo Klöcker
On Tue, Jul 11, 2017 at 1:38 AM, Ingo Klöcker <[hidden email]> wrote:

... and that would very often be either 1234[56] or the card owner's
date of birth as we all know. A random 4-digit PIN randomly chosen by
the bank is certainly safer than this.

Yes, that's true.
 
German banks require you to destroy the PIN letter after memorizing the
PIN. You are not supposed to keep the letter. If you want to follow
their method then write your PIN on a piece of paper, memorize the PIN
and then burn or eat the piece of paper. ;-)

Sometimes they circulate the permanent PIN for two weeks in German Post before delivery. Looks like I'm the last to read it.

Two  other advantages (correct me if I'm mistaken) of self-invented PINs are, I think,
1) One can prepare and remember the PIN in advance, so there is practically no need to write it down;
2) A PIN letter is only something I have, while my own PIN record is in addition something I know. i.e., it may not be obvious to someone else to be a PIN record / reminder.

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Changing PINs of German bank card

Guan Xin
In reply to this post by Matthias Apitz
On Tue, Jul 11, 2017 at 1:52 AM, Matthias Apitz <[hidden email]> wrote:

Nowadays some German banks allow changing the PIN in the Teller
Machines. I saw it today in an ATM of the Sparkasse. Amex allows (or
allowed) requesting a new personal PIN by fax.

Interesting ... Just closed my Sparkasse account since everyday every clerk of them has a different answer to exactly the same question and I'm unable follow them.

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Changing PINs of German bank card

Binarus
In reply to this post by Guan Xin
On 10.07.2017 17:42, Guan Xin wrote:
> This is probably a general question --
>
> I have never seen a German bank that allows changing the PIN of a card.

I am not sure if this is an intentional limitation of the cards (to
prevent users from choosing idiotic pins like 1234 or their birthday).

> So I wonder if it is because using a fixed (non-changeable) 4-digit PIN
> mailed in clear text really safer than using a 4 to 6 digit variable
> length PIN that never explicitly appears anywhere.

I recently had a talk with one of my banks because they didn't even
allow changing the web password (for access to online banking) to
something being longer than 5 alphanumeric digits (!!!).

Although (in my case) the subject of the talk was the web password, the
following applies to the card pin as well.

- Usually, you are receiving the card's pin by postal mail. It is
consensus here in Germany that postal mail is highly trustworthy and
that the so called "Briefgeheimnis" is obeyed very carefully. The legal
hurdles for opening a letter during transport are still very high.

- Additionally, you are usually receiving the pins in a special envelope
which (AFAIK) makes it very difficult to read the letter's content
without opening it, even by advanced means (X-ray and the like). In many
cases, the pin is even more secured (metal coating).

I (personally) consider receiving pins that way safe.

But the key point in the bank's argumentation was (applies to pins as
well as to my online banking access):

- If somebody tries to brute force the pin (or online banking password),
the access will be permanently denied if there are more than 3 failures
(the exact number may vary). That means that the length of the pin /
password is not as important as one might think, because it is
practically impossible to brute force a 4 digit pin with only 3 tries.

I know that the chance for guessing 4 digits within 3 tries is higher
than guessing 6 digits, but obviously, most banks are considering 4
digits safe enough.

Furthermore, if you are really hacked and lose money because of this,
the bank will compensate your loss provided that you did not behave like
an idiot (i.e. if you did not note the pin on a piece of paper, attached
that piece of paper to your card and then lost both of them). At least,
they did so in all cases I know about, despite of the fact that the
respective customer (of course) could not *prove* at a technical level
how the hacking worked. As long as the customer could demonstrate
credibly that he had not done any very silly mistake, the bank compensated.

Due to all reasons mentioned above, I (personally) think that you should
not be concerned by the length of the pin, the fact that you can't
change it, and the way you receive it.

> If German banks are right, then should I follow their method and store
> the PINs of my OpenPGP cards on a piece of paper?

Now, this is a completely different question which does not have to do
anything with the pin's length. The answer to this question completely
depends on your environment and your intentions. I will explain this by
two examples with contrary conclusions:

Example 1:

You always forget that pin of your EC card. Therefore, you write it down
to a piece of paper and put it into your wallet besides your EC card.

Well, as said above, this obviously would be the most silly thing you
could do. No bank will compensate you if you lose your wallet (with the
card and its pin) and if somebody then steals your money.

So you think about it and come to a better idea. You could store the pin
on your smart phone. This indeed is better - hopefully you won't lose
your smart phone and your banking card at the same time. But there is
still a small chance that you do.

You think again and finally have a good idea. You install a password
safe app on your smart phone which locally stores all pins and passwords
with strong encryption. You operate that app with great discipline: You
choose a long, weird master password which you must enter to open the
password safe where the pin is stored. You open the safe only when
needed, and you close it immediately when done, and you don't let the
app (or OS) cache the master password.

(Note: Of course, you MUST NOT write the master password on a piece of
paper and attach that paper to your smart phone ...)

So, in this example, carrying a piece of paper with you where the pin is
noted is a very bad idea, but carrying that pin with you on your smart
phone is a good idea provided that the pin is stored there in a heavily
encrypted password safe and provided that you operate that safe with
some discipline. You still have to memorize that safe's master password,
but this is a one time thing, and you then could store all other
passwords and pins in that safe.

Example 2:

On your desktop PC, you are using the internet excessively, and you are
afraid that some Trojan horse / keylogger will be able to get on your PC
(given the latest ransomware attacks, this obviously is a real threat
even when you are running an up-to-date virus protection).

In this case, using a password safe software won't protect you. The
Trojan horse / keylogger could be able to intercept all your keystrokes,
including your master password for the password safe. If you don't use a
password safe and just store the passwords in an unencrypted text file
(perhaps because you are the only person who physically has access to
the PC in question), a Trojan horse will be able to read all your
passwords even without intercepting keystrokes.

So, in this case, it obviously would be better to write down your
passwords on a sheet of paper provided you can store that paper in a
place where only you have access to (for example, some secret place in
your private apartment).

From these examples, it should be clear that there can't be a general
recommendation which fits all cases.

And there is one more very important thing most people don't think of:
What happens if you have an accident or if you die? Your heirs will have
all sorts of troubles if something happens to you and they can't access
your electronic accounts because they don't have the passwords.

So I tend to write down at least my master password on a sheet of paper,
put that in a sealed envelope and give it to a relative who I highly
trust. In case I die, they open the envelope, have the master password
for my password safe and can use that to open the access to all my
accounts. Alternatively, you could have some relative you trust memorize
your master password. But since he won't use it regularly (hopefully),
he probably will forget it after short time ...

Regards,

Binarus

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
NdK
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Changing PINs of German bank card

NdK
Il 11/07/2017 09:44, Binarus ha scritto:

> - If somebody tries to brute force the pin (or online banking password),
> the access will be permanently denied if there are more than 3 failures
> (the exact number may vary). That means that the length of the pin /
> password is not as important as one might think, because it is
> practically impossible to brute force a 4 digit pin with only 3 tries.
If you routinely use your card twice a day, they can make two or four
guesses each day: every correct PIN you insert resets the counter.
The probability to guess the correct code during the 5-years life of the
card is definitely non-negligible.

> And there is one more very important thing most people don't think of:
> What happens if you have an accident or if you die? Your heirs will have
> all sorts of troubles if something happens to you and they can't access
> your electronic accounts because they don't have the passwords.
Usually there are other, non-technical ways. For example they just go to
the bank with a death certificate.

> So I tend to write down at least my master password on a sheet of paper,
> put that in a sealed envelope and give it to a relative who I highly
> trust. In case I die, they open the envelope, have the master password
> for my password safe and can use that to open the access to all my
> accounts. Alternatively, you could have some relative you trust memorize
> your master password. But since he won't use it regularly (hopefully),
> he probably will forget it after short time ...
Better use shamir's secret sharing, or just use LCD-segments characters
printed on two acetate sheets that need to be combined to be read.
Obviously the two sheets are to be given to two different people, in
sealed envelopes...

BTW the method you use is the same that was used for our mainframe's
master password. :)

BYtE,
 Diego

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Changing PINs of German bank card

Matthias Mansfeld
In reply to this post by Binarus
On 11 Jul 2017 at 9:44, Binarus wrote:

> On 10.07.2017 17:42, Guan Xin wrote:
> > This is probably a general question --
> >
> > I have never seen a German bank that allows changing the PIN of a card.
>
> I am not sure if this is an intentional limitation of the cards (to
> prevent users from choosing idiotic pins like 1234 or their birthday).

[..]
At least Sparkasse and HypoVereinsbank and IIRC also Postbank allow
changing at the ATM terminal.

And a birthday isn't as idiotic as 1234 or 1111, as long you assume a
standard pickpocket doesn't know you personal data (OK, your ID-card
within the same wallet... maybe no good idea. Then not your own
birthday but from a person or your cat you can remember, or better
your wedding day, which normally would be forgotten always ;-)

> Now, this is a completely different question which does not have to do
> anything with the pin's length. The answer to this question completely
> depends on your environment and your intentions. I will explain this by
> two examples with contrary conclusions:
>
> Example 1:
>
[...]
>
> Example 2:
[..]

Example 3

MY use case would be: I have, let's say two bank accounts at
Sparkasse, one at Postbank, one at HypoVereinsbank (possible reason:
two bussines accounts and one private account and one from a
inherited account) and I can remember ONE good "random-like"
4-digit-PIN, but would mangle definitely four different PINs (been
there, done that...). Then I chose one and the same "good" PIN for
all four cards which I don't need to write down anywhere and
everything is OK.

Regards
Matthias
--
OpenPGP: http://www.mansfeld-elektronik.de/gnupgkey/mansfeld.asc
Fingerprint: 6563 057D E6B8 9105 1CE4 18D0 4056 1F54 8B59 40EF


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Changing PINs of German bank card

Julian H. Stacey-3
In reply to this post by Matthias Apitz
> > This is probably a general question --
> >=20
> > I have never seen a German bank that allows changing the PIN of a card.
> > So I wonder if it is because using a fixed (non-changeable) 4-digit PIN
> > mailed in clear text really safer than using a 4 to 6 digit variable leng=
> th
> > PIN that never explicitly appears anywhere.
>
> Nowadays some German banks allow changing the PIN in the Teller
> Machines. I saw it today in an ATM of the Sparkasse. Amex allows (or=20
> allowed) requesting a new personal PIN by fax.

Postbank.de did not provide it on ATM or by any other means a month back.
All UK cards I know of allow PIN change at the ATM.

Cheers,
Julian
--
Julian H. Stacey, Computer Consultant, BSD Linux Unix Systems Engineer
 Reply below, Prefix '> '. Plain text, No .doc, base64, HTML, quoted-printable.
 http://berklix.eu/brexit/#700k_stolen_votes

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Changing PINs of German bank card

Binarus
In reply to this post by NdK
On 11.07.2017 10:14, NdK wrote:
> Il 11/07/2017 09:44, Binarus ha scritto:
>
>> - If somebody tries to brute force the pin (or online banking password),
>> the access will be permanently denied if there are more than 3 failures
>> (the exact number may vary). That means that the length of the pin /
>> password is not as important as one might think, because it is
>> practically impossible to brute force a 4 digit pin with only 3 tries.

> If you routinely use your card twice a day, they can make two or four
> guesses each day: every correct PIN you insert resets the counter.

I am not completely sure if I got you right. Wouldn't that mean that I
have to lose my card, the bad person then makes two guesses, then I get
back my card and enter my correct pin, then I lose my card again, and
the same bad person finds it again and makes another two guesses, then I
get my card back again and so on?

This is practically impossible (unless I have missed something obvious).
How could the correct pin be entered and the counter be reset if I
didn't get the card back?

Or did you refer to an adversary who copied the card? In that case, he
still would have to know when I actually have entered the correct pin
(which would mean that he permanently had to observe me) to start his
next two tries.

Furthermore, people usually call their bank to make their card invalid
as soon as they notice they have lost it. This means that they usually
won't enter the correct pin again after having lost the card.

The only way to abuse the fail counter reset feature would be to steal
the card, to copy it and to return it to its owner, and to do this in a
way that the owner would not notice it. But again, the adversary would
then still have to observe the card owner to see when the counter is
reset and to start his next tries.

> The probability to guess the correct code during the 5-years life of the
> card is definitely non-negligible.>
>> And there is one more very important thing most people don't think of:
>> What happens if you have an accident or if you die? Your heirs will have
>> all sorts of troubles if something happens to you and they can't access
>> your electronic accounts because they don't have the passwords.

> Usually there are other, non-technical ways. For example they just go to
> the bank with a death certificate.

I already have seen cases where it was not that easy in Germany.
Usually, presenting a death certificate to the bank is not enough. I
have seen that the bank had to make sure that the people presenting the
death certificate actually were the legal heirs. That meant that those
people had to acquire all sorts of documents from all sorts of
authorities which has been very expensive (several hundreds of EUR), but
more important, was very unpleasant and time consuming, especially in
the situation they were.

AFAIK, there is only one thing you could do to avoid that hassle: The
testator and the heirs should make a contract of inheritance. Such a
contract must be made by a notary, so this will also have its cost, but
when you present such a contract to the bank (in addition to the death
certificate), you will have no problems.

But now, being a German citizen, try the same thing with eBay, Facebook,
LinkedIn, PayPal and so on ... no thanks.

>> So I tend to write down at least my master password on a sheet of paper,
>> put that in a sealed envelope and give it to a relative who I highly
>> trust. In case I die, they open the envelope, have the master password
>> for my password safe and can use that to open the access to all my
>> accounts. Alternatively, you could have some relative you trust memorize
>> your master password. But since he won't use it regularly (hopefully),
>> he probably will forget it after short time ...

> Better use shamir's secret sharing, or just use LCD-segments characters
> printed on two acetate sheets that need to be combined to be read.
> Obviously the two sheets are to be given to two different people, in
> sealed envelopes...

Nice ideas :-) My own security needs are not that high, though (hoping
that life won't punish me for that optimism).

> BTW the method you use is the same that was used for our mainframe's
> master password. :)

To add to it, if you mistrust your relatives, you could put the password
on paper into some sort of lock box and carry the key to that lock box
with you. But then what would happen if you lost that key?

Regards,

Binarus

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
NdK
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Changing PINs of German bank card

NdK
Il 11/07/2017 12:32, Binarus ha scritto:

>> If you routinely use your card twice a day, they can make two or four
>> guesses each day: every correct PIN you insert resets the counter.
> I am not completely sure if I got you right. Wouldn't that mean that I
> have to lose my card, the bad person then makes two guesses, then I get
> back my card and enter my correct pin, then I lose my card again, and
> the same bad person finds it again and makes another two guesses, then I
> get my card back again and so on?
Say that's your wife/son that takes the card when you're at home...
Low prob, but possible :)

>> Usually there are other, non-technical ways. For example they just go to
>> the bank with a death certificate.
> I already have seen cases where it was not that easy in Germany.
> Usually, presenting a death certificate to the bank is not enough. I
> have seen that the bank had to make sure that the people presenting the
> death certificate actually were the legal heirs. That meant that those
> people had to acquire all sorts of documents from all sorts of
> authorities which has been very expensive (several hundreds of EUR), but
> more important, was very unpleasant and time consuming, especially in
> the situation they were.
Been there...
Another reason to give the password before going with the documents
might be "a bit" illegal: just transfer the money to avoid paying taxes.

> But now, being a German citizen, try the same thing with eBay, Facebook,
> LinkedIn, PayPal and so on ... no thanks.
Why should heirs have access to social accounts? Paypal, otoh, is a bank
that have to follow the same rules of other banks...

> Nice ideas :-) My own security needs are not that high, though (hoping
> that life won't punish me for that optimism).
My concern with a singl "cleartext" pass would be a burglar that steals
it together with other valuables...

> To add to it, if you mistrust your relatives, you could put the password
> on paper into some sort of lock box and carry the key to that lock box
> with you. But then what would happen if you lost that key?
Given that mechanical keys are often easier to open whithout the key
than with it...

BYtE,
 Diego


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Changing PINs of German bank card

Jerry-146
In reply to this post by Binarus
On Tue, 11 Jul 2017 12:32:56 +0200, Binarus stated:

>On 11.07.2017 10:14, NdK wrote:
>> Il 11/07/2017 09:44, Binarus ha scritto:
>>  
>>> - If somebody tries to brute force the pin (or online banking
>>> password), the access will be permanently denied if there are more
>>> than 3 failures (the exact number may vary). That means that the
>>> length of the pin / password is not as important as one might
>>> think, because it is practically impossible to brute force a 4
>>> digit pin with only 3 tries.  
>
>> If you routinely use your card twice a day, they can make two or four
>> guesses each day: every correct PIN you insert resets the counter.  
>
>I am not completely sure if I got you right. Wouldn't that mean that I
>have to lose my card, the bad person then makes two guesses, then I get
>back my card and enter my correct pin, then I lose my card again, and
>the same bad person finds it again and makes another two guesses, then
>I get my card back again and so on?

If you continually lose your card that often, you have more problems
than just a lost/stolen card to deal with. I sincerely hope you are
never trusted with confidential information.

>This is practically impossible (unless I have missed something
>obvious). How could the correct pin be entered and the counter be
>reset if I didn't get the card back?

In theory, it couldn't.

>Or did you refer to an adversary who copied the card? In that case, he
>still would have to know when I actually have entered the correct pin
>(which would mean that he permanently had to observe me) to start his
>next two tries.
>
>Furthermore, people usually call their bank to make their card invalid
>as soon as they notice they have lost it. This means that they usually
>won't enter the correct pin again after having lost the card.

That is the general idea.

>The only way to abuse the fail counter reset feature would be to steal
>the card, to copy it and to return it to its owner, and to do this in a
>way that the owner would not notice it. But again, the adversary would
>then still have to observe the card owner to see when the counter is
>reset and to start his next tries.

I was told, although not confirmed, that cards with embedded chips
cannot be copied and still be usable. If anyone would like to comment
on that, it would be welcomed.

>> The probability to guess the correct code during the 5-years life of
>> the card is definitely non-negligible.>  
>>> And there is one more very important thing most people don't think
>>> of: What happens if you have an accident or if you die? Your heirs
>>> will have all sorts of troubles if something happens to you and
>>> they can't access your electronic accounts because they don't have
>>> the passwords.  
>
>> Usually there are other, non-technical ways. For example they just
>> go to the bank with a death certificate.  

I have actually seen that happen. The estate lawyer had to fill out
some paper work, but it was really no big deal. Basically, it is the
same procedure used to get access to a deceased safe deposit box.

>I already have seen cases where it was not that easy in Germany.
>Usually, presenting a death certificate to the bank is not enough. I
>have seen that the bank had to make sure that the people presenting the
>death certificate actually were the legal heirs. That meant that those
>people had to acquire all sorts of documents from all sorts of
>authorities which has been very expensive (several hundreds of EUR),
>but more important, was very unpleasant and time consuming, especially
>in the situation they were.

Good for them. They should make absolutely sure before releasing the
funds.

>AFAIK, there is only one thing you could do to avoid that hassle: The
>testator and the heirs should make a contract of inheritance. Such a
>contract must be made by a notary, so this will also have its cost, but
>when you present such a contract to the bank (in addition to the death
>certificate), you will have no problems.

The cost of a notary is a few dollars; therefore, negligible. Honestly,
I would hope that it would NOT be that easy.

>But now, being a German citizen, try the same thing with eBay,
>Facebook, LinkedIn, PayPal and so on ... no thanks.
>
>>> So I tend to write down at least my master password on a sheet of
>>> paper, put that in a sealed envelope and give it to a relative who
>>> I highly trust. In case I die, they open the envelope, have the
>>> master password for my password safe and can use that to open the
>>> access to all my accounts. Alternatively, you could have some
>>> relative you trust memorize your master password. But since he
>>> won't use it regularly (hopefully), he probably will forget it
>>> after short time ...  
>
>> Better use shamir's secret sharing, or just use LCD-segments
>> characters printed on two acetate sheets that need to be combined to
>> be read. Obviously the two sheets are to be given to two different
>> people, in sealed envelopes...  
>
>Nice ideas :-) My own security needs are not that high, though (hoping
>that life won't punish me for that optimism).
>
>> BTW the method you use is the same that was used for our mainframe's
>> master password. :)  
>
>To add to it, if you mistrust your relatives, you could put the
>password on paper into some sort of lock box and carry the key to that
>lock box with you. But then what would happen if you lost that key?

I have all of my important papers, including passwords to accounts that
have to be kept secure, in a bank safe deposit box. If I were to die,
it wouldn't matter who had the key if they were on the allowed users
list. My heirs would have to get a court order to have the box opened.
Not really a big deal. Usually things like this are written into the
will and happen all the time.

BTW, it isn't all the difficult to open a regular lock box. I have
drilled out a few in my time after losing the key. Having it a bank is
far more secure.

--
Jerry


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Changing PINs of German bank card

Binarus
In reply to this post by NdK
On 11.07.2017 14:32, NdK wrote:
> Il 11/07/2017 12:32, Binarus ha scritto:
>
>> But now, being a German citizen, try the same thing with eBay, Facebook,
>> LinkedIn, PayPal and so on ... no thanks.
> Why should heirs have access to social accounts? Paypal, otoh, is a bank
> that have to follow the same rules of other banks...

Interestingly enough, this subject is becoming more and more important.
I think I can remember that there are first tries in some countries (or
the EU?) to make respective laws. At least, I am sure that there already
were lawsuits where heirs have tried to get hold of accounts of somebody
who passed away (in the case I can remember, a facebook account has been
subject of the lawsuit, but I can't remember right now how it ended).

IMHO, there are many reasons why this should be possible, so I would
appreciate if there were such laws. I don't want this thread to become
too off-topic, so I won't elaborate on this in a fashion this complex
subject deserves, but just give one pragmatic example:

Let's suppose somebody offers something on eBay and then passes away.
Let's suppose that somebody else wins that auction and immediately pays
via PayPal. Now what?

There may be means to solve such situations, but they usually cost lots
of time, money or nerves, and this has been just a simple example. If we
think a while about it, we surely will find a constellation where it
would be quite catastrophic if an account holder's heirs couldn't get
hold of his accounts.

>> Nice ideas :-) My own security needs are not that high, though (hoping
>> that life won't punish me for that optimism).
> My concern with a singl "cleartext" pass would be a burglar that steals
> it together with other valuables...

You are right, burglary is a real threat. But if you have memorized your
master password and don't keep it on paper in your own apartment /
house, but just give it on paper to a relative, the burglar will have to
steal the paper from your relative and at the same time steal your PC
(or banking card) from you to make anything out of it.

Therefore, I have no problem with giving the password on paper to a
relative who lives some km away from me. I would never keep the password
on paper in the same room (or even building) as the PC or banking card,
though, and as soon as either the PC (or banking card) or the password
paper would be stolen, I would immediately change the password (and hand
the new one out on paper to my relative).

>> To add to it, if you mistrust your relatives, you could put the password
>> on paper into some sort of lock box and carry the key to that lock box
>> with you. But then what would happen if you lost that key?
> Given that mechanical keys are often easier to open whithout the key
> than with it...

Actually, I was thinking about a lock box in a bank or such things ...

Regards,

Binarus

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Changing PINs of German bank card

Binarus
In reply to this post by Matthias Mansfeld
On 11.07.2017 11:48, Matthias Mansfeld wrote:

> On 11 Jul 2017 at 9:44, Binarus wrote:
>
>> On 10.07.2017 17:42, Guan Xin wrote:
>>> This is probably a general question --
>>>
>>> I have never seen a German bank that allows changing the PIN of a card.
>>
>> I am not sure if this is an intentional limitation of the cards (to
>> prevent users from choosing idiotic pins like 1234 or their birthday).
>
> [..]
> At least Sparkasse and HypoVereinsbank and IIRC also Postbank allow
> changing at the ATM terminal.
>
> And a birthday isn't as idiotic as 1234 or 1111, as long you assume a
> standard pickpocket doesn't know you personal data (OK, your ID-card
> within the same wallet... maybe no good idea. Then not your own
> birthday but from a person or your cat you can remember, or better
> your wedding day, which normally would be forgotten always ;-)

You are right, but experience tells us (no, not us, but the banks) that
people won't think about it. I have no doubt that people like you and me
would choose a secure pin, but from a bank's point of view, most people
would choose pins like 1234 or their birthday.

It might be only a matter of time until there is the first case of a
bank refusing to compensate a customer because his pin was his birthday.

>> Now, this is a completely different question which does not have to do
>> anything with the pin's length. The answer to this question completely
>> depends on your environment and your intentions. I will explain this by
>> two examples with contrary conclusions:
>>
>> Example 1:
>>
> [...]
>>
>> Example 2:
> [..]
>
> Example 3
>
> MY use case would be: I have, let's say two bank accounts at
> Sparkasse, one at Postbank, one at HypoVereinsbank (possible reason:
> two bussines accounts and one private account and one from a
> inherited account) and I can remember ONE good "random-like"
> 4-digit-PIN, but would mangle definitely four different PINs (been
> there, done that...). Then I chose one and the same "good" PIN for
> all four cards which I don't need to write down anywhere and
> everything is OK.

This is a good point as long as we are discussing only banking card
pins. My examples were more general (an electronic password safe will
store all sorts of other secrets / web passwords). Since the OP had
asked about banking card pins, I eventually should have restricted my
answers to that.

On the other hand, I can image a bunch of cases where somebody would
like to take web passwords (and not only banking card pins) along when
going out (e.g. doing web based email in an internet cafe during
vacation). In such cases, I think there is no reason why the pins
shouldn't be stored in the password safe as well.

Thinking about your use case, I am not sure if I would try to make all
pins the same, given the fact that nowadays skimming is the main problem
(and not stealing and trying to brute-force). I am not sure if banks
will compensate if something very bad happens and all four of your
accounts get emptied when the respective cards have the same pin.
Probably most banks disallow this in their terms of service (AGBs).

After all, you don't use the same password for your eBay, Facebook and
Paypal account, do you (unfair question, because those accounts won't be
disabled after three wrong password entries, but nevertheless ...)?

Regards,

Binarus

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Changing PINs of German bank card

Peter Lebbing
In reply to this post by Binarus
On 11/07/17 12:32, Binarus wrote:
> I am not completely sure if I got you right. Wouldn't that mean that I
> have to lose my card, the bad person then makes two guesses, then I get
> back my card and enter my correct pin, then I lose my card again, and
> the same bad person finds it again and makes another two guesses, then I
> get my card back again and so on?

But you were discussing both card PINs as well as web passwords with low
entropy, right? You said earlier:

> - If somebody tries to brute force the pin (or online banking password),
> the access will be permanently denied if there are more than 3 failures
> (the exact number may vary).

I still don't think you could brute-force it with just two tries in
between your regular logins. However, this seems like a nice DoS if
someone dislikes you and is mean-spirited. They get a hold of your bank
account number, attempt to log in with the three password guesses "say",
"bye" and "now" and you need to phone up your bank, they need to send
you a new letter with a new password, etcetera. Or is there some other
secret or semi-secret, like a card number, that an attacker needs to
enter in order to decrement the failure counter?

This "three strikes and you're out" scheme is generally for two-factor
auth, not for regular web passwords. For a reason.

Cheers,

Peter.

--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (499 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Changing PINs of German bank card

Binarus
In reply to this post by Jerry-146
On 11.07.2017 14:38, Jerry wrote:

> On Tue, 11 Jul 2017 12:32:56 +0200, Binarus stated:
>
> [...]
>> I am not completely sure if I got you right. Wouldn't that mean that I
>> have to lose my card, the bad person then makes two guesses, then I get
>> back my card and enter my correct pin, then I lose my card again, and
>> the same bad person finds it again and makes another two guesses, then
>> I get my card back again and so on?
>
> If you continually lose your card that often, you have more problems
> than just a lost/stolen card to deal with. I sincerely hope you are
> never trusted with confidential information.
>

Not sure if you eventually have misunderstood me. I was just trying to
understand the previous speaker by asking him what exactly he was
meaning ...

>> The only way to abuse the fail counter reset feature would be to steal
>> the card, to copy it and to return it to its owner, and to do this in a
>> way that the owner would not notice it. But again, the adversary would
>> then still have to observe the card owner to see when the counter is
>> reset and to start his next tries.
>
> I was told, although not confirmed, that cards with embedded chips
> cannot be copied and still be usable. If anyone would like to comment
> on that, it would be welcomed.

No idea about the U.S., but talking about Germany: The main problem with
ATMs here is skimming (I am not sure if this wording is correct in the
U.S., so let me shortly explain: Skimming means that some adversary
manipulates an ATM in that he mounts an own user interface onto it,
perfectly imitating the original interface (mechanically - own
electronics, own keyboard), intercepting the data stream and the
keystrokes (pin), or mounts a pinhole camera to record people entering
their pins)).

AFAIK, at least until one or two years ago, the skimmers used to copy
the cards, but recently banks upgraded their ATMs and their customers'
cards so that they can't be copied any more. But for compatibility, the
ATMs still won't refuse old cards which can be copied.

But please don't take this as bare truth; I am really not sure.

>>> The probability to guess the correct code during the 5-years life of
>>> the card is definitely non-negligible.>  
>>>> And there is one more very important thing most people don't think
>>>> of: What happens if you have an accident or if you die? Your heirs
>>>> will have all sorts of troubles if something happens to you and
>>>> they can't access your electronic accounts because they don't have
>>>> the passwords.  
>>
>>> Usually there are other, non-technical ways. For example they just
>>> go to the bank with a death certificate.  
>
> I have actually seen that happen. The estate lawyer had to fill out
> some paper work, but it was really no big deal. Basically, it is the
> same procedure used to get access to a deceased safe deposit box.

No chance to have it that ease here in Germany ... at least with certain
banks.

>> I already have seen cases where it was not that easy in Germany.
>> Usually, presenting a death certificate to the bank is not enough. I
>> have seen that the bank had to make sure that the people presenting the
>> death certificate actually were the legal heirs. That meant that those
>> people had to acquire all sorts of documents from all sorts of
>> authorities which has been very expensive (several hundreds of EUR),
>> but more important, was very unpleasant and time consuming, especially
>> in the situation they were.
>
> Good for them. They should make absolutely sure before releasing the
> funds.

I agree.

>> AFAIK, there is only one thing you could do to avoid that hassle: The
>> testator and the heirs should make a contract of inheritance. Such a
>> contract must be made by a notary, so this will also have its cost, but
>> when you present such a contract to the bank (in addition to the death
>> certificate), you will have no problems.
>
> The cost of a notary is a few dollars; therefore, negligible. Honestly,
> I would hope that it would NOT be that easy.

Here in Germany, a notary even won't take his pencil without earning a
significant amount of money. As far as I can remember, the inheritance
contract did cost about 500 EUR (about US $560) many years ago, but that
was still a small amount of money compared to the hassle the heirs would
have had if they did not have that contract.

By the way, there is no competition in this field because the money a
notary charges for an action is defined by law. There is a detailed
catalogue which lists every action a notary could (may) do, even the
most exotic ones, and how much money he will get for that. Any notary is
prohibited by law from charging less; he will lose his approbation and
get into serious trouble if he does.

Is the situation in the U.S. similar?

> I have all of my important papers, including passwords to accounts that
> have to be kept secure, in a bank safe deposit box. If I were to die,
> it wouldn't matter who had the key if they were on the allowed users
> list. My heirs would have to get a court order to have the box opened.
> Not really a big deal. Usually things like this are written into the
> will and happen all the time.
>
> BTW, it isn't all the difficult to open a regular lock box. I have
> drilled out a few in my time after losing the key. Having it a bank is
> far more secure.

Yes, that's the reason why I have proposed that in my previous post ...

Regards,

Binarus


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Changing PINs of German bank card

MFPA-5
In reply to this post by Julian H. Stacey-3
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512



On Tuesday 11 July 2017 at 11:23:06 AM, in
<mid:[hidden email]>, Julian H.
Stacey wrote:-


> All UK cards I know of allow PIN change at the ATM.

Back in the 1980s I remember some that had no PIN change facility. And
at one time, NatWest only allowed a PIN change the first time the card
was used in one of their own ATMs.

- --
Best regards

MFPA                  <mailto:[hidden email]>

A woman's mind is cleaner than a man's: She changes it more often.
-----BEGIN PGP SIGNATURE-----

iNUEARYKAH0WIQQzrO1O6RNO695qhQYXErxGGvd45AUCWWUZsV8UgAAAAAAuAChp
c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNB
Q0VENEVFOTEzNEVFQkRFNkE4NTA2MTcxMkJDNDYxQUY3NzhFNAAKCRAXErxGGvd4
5Du6AQDlRkHz9Q6DHWfTdBcGaQeWHt5+WJm1pHYY1nC7lJAyiwD6AxjVP0zyAMlu
OjGQd6koHrRsqrPqQYvfL9pfiLI+SQuJAZMEAQEKAH0WIQSzrn7KmoyLMCaloPVr
fHTOsx8l8AUCWWUZxV8UgAAAAAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0QjNBRTdFQ0E5QThDOEIzMDI2QTVBMEY1NkI3
Qzc0Q0VCMzFGMjVGMAAKCRBrfHTOsx8l8JK8B/0TIofXyXDj+YKzJzC122GnsmwY
5in84fDv0e1OBjRnjnfou5+EVQjD2HMOC5EYdPd/sqVk/StVaJCSln4eaKcFwpkt
CkWgWqh7nB6gi7N++zOky0ju+dmV/TvUDGzcwo+eNpQ3RE+oWTrub3Ru/MqYYdNI
5pMWPPBrY9kAUM14lR7WjntrfUfrmMp1V7A4ha3i6Asgj0vXZ+KKMuOedl3777dd
NCT1WS83RhzOLOsutQcZmXl095zh2/foHy0c5e17fnt01HQR5LvBdwFC4eQAZTWw
ngDXdCntKdX2vw5J2l8k/UCAjW0JQk4MzY20cnh3TYXe0hDN2OJmg4Bt4wX8
=oqCv
-----END PGP SIGNATURE-----


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Changing PINs of German bank card

MFPA-5
In reply to this post by Binarus
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512



On Tuesday 11 July 2017 at 8:44:48 AM, in
<mid:[hidden email]>, Binarus wrote:-


> I am not sure if this is an intentional limitation of
> the cards (to
> prevent users from choosing idiotic pins like 1234 or
> their birthday).


Surely things like 1234 can be prevented by software.



- --
Best regards

MFPA                  <mailto:[hidden email]>

Change is inevitable except from a vending machine
-----BEGIN PGP SIGNATURE-----

iNUEARYKAH0WIQQzrO1O6RNO695qhQYXErxGGvd45AUCWWUbEV8UgAAAAAAuAChp
c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNB
Q0VENEVFOTEzNEVFQkRFNkE4NTA2MTcxMkJDNDYxQUY3NzhFNAAKCRAXErxGGvd4
5IqUAP9kGj8+HI9HZ64HHANDfjyg6g1bwSwwyp0yaArYioM95gD/eu+gvqI5zsnc
y2u1pnh07uR42LhQXV4GKv5liIfzswqJAZMEAQEKAH0WIQSzrn7KmoyLMCaloPVr
fHTOsx8l8AUCWWUbEV8UgAAAAAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0QjNBRTdFQ0E5QThDOEIzMDI2QTVBMEY1NkI3
Qzc0Q0VCMzFGMjVGMAAKCRBrfHTOsx8l8GiHCACz9RsSJ3Zn44MLi3SfEbD/n7yz
CWc55RaqMvSSp4Avpyxpbd/ITPkrVSspYdtAgUdq37YT3J+cDkcGGL6HBAhrTRJf
3oWSVZ1mBcLxzTsNEeurBpMROkembQRMOHeaMKf0iVT+Foe0UpHSDzm3bx7RAgav
k7EEB5A9QJVEEpdIcVPmVrU5uBbg5v3gNgszg1agi+KaXqs3i+E3n91Jtd4oRIdC
6LYarOZJdbhYOjAfG9ioAb1F+IeiB2xLviHDmzWAy+oT/Kw9QIWq/3S9BA+po2AE
eEXHydHVhgpqPbspA4MLX5Hkr8O8H2lj73uOrSKa8GkR2gyak3ehKA/rGomZ
=/Yyb
-----END PGP SIGNATURE-----


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
123
Loading...