What standard BOIs 2FA compatible with?

Thats me

I've noticed today BOI offers 2FA (two factor auth) device for using with banking services online. 

Question - does it implement HOTP (RFC 4226) or any other open standard? 
I would prefer installing opensource implementation of the OTP standard instead of using separate device. It would be nice to see an integration giuide with 3rd party OTP software somewhere in the BOI's online FAQ.



Thanks.

Bank of Ireland: Richard F

Hi Thats me,

Thanks for reaching out to us here today on Boards.ie.

In order to log in on 365, you would need a registered security device such as a mobile phone or Physical Security Key.

The authenticator and devices would need to share certain information that would not be possible with your own tokens.

We appreciate your interest in this and we'll certainly share your feedback with our development team.

Thanks,
Richard

Thats me

Hi Richard,
Thank you for getting back with update.

Bank of Ireland: Richard F wrote: »

In order to log in on 365, you would need a registered security device such as a mobile phone or Physical Security Key.

I'd prefer to use registered security device such as a mobile phone using standards-compliant opensource software, something like this.

Bank of Ireland: Richard F wrote: »

The authenticator and devices would need to share certain information that would not be possible with your own tokens.

Can you please describe in more details:

• Which information BOIs Physical Security Key will share
• How it will do it (dependency on the data channel?)
• How big it (device itself) is and how long its battery lasts?

Still not sure on which standards BOI have built their two-factor authorisation system.

Thanks again.

Bank of Ireland Reps

Thats me wrote: »

Hi Richard,
Thank you for getting back with update.

Bank of Ireland: Richard F wrote: »

In order to log in on 365, you would need a registered security device such as a mobile phone or Physical Security Key.

I'd prefer  to use registered security device such as a mobile phone using standards-compliant opensource software, something like this.

Bank of Ireland: Richard F wrote: »

The authenticator and devices would need to share certain information that would not be possible with your own tokens.

Can you please describe in more details:

• Which information BOIs Physical Security Key will share
• How it will do it (dependency on the data channel?)
• How big it (device itself) is and how long its battery lasts?
  
  

[*]

Still not sure on which standards BOI have built their two-factor authorisation system.

Thanks again.

Hi there, 

Thanks for checking back with us on this. 

To access the App or site, we have added two-factor authentication, more info here . 

The security device(s) you choose can be a smart phone and/or tablet. Once you have already registered a device, the Physical Security Key will not be available to you. 

Just in relation to the third party authenticator App, this cannot be used alongside our App. 

We have information here on the PSK. 

Hoping the above helps, 
Alison.

Thats me

Hi Alison,
Nice to meet you again.

Bank of Ireland Reps wrote: »

To access the App or site, we have added two-factor authentication, more info here . 

Yes, i've noticed and this is a very reason why i'm started this thread.

Bank of Ireland Reps wrote: »

The security device(s) you choose can be a smart phone and/or tablet. Once you have already registered a device, the Physical Security Key will not be available to you. 

Hmm, thanks for the additional information. TBH, i'm surprised with bank giving priority to the app not leaving a chance to use both 2FA methods in the same time. PSK seem to be reliable solution since it cannot be hacked by third party persons even if they manage to hack your phone.

Bank of Ireland Reps wrote: »

Just in relation to the third party authenticator App, this cannot be used alongside our App. 

I'm not going to use thirdparty app alongside with BOI App. Because installing BOI App is not the case for me.

Bank of Ireland Reps wrote: »

We have information here on the PSK. 

Sorry, i found no information on that page which could give any idea on:

• Which information BOIs Physical Security Key will share
• How it will do it (dependency on the data channel?)
• How big it (device itself) is and how long its battery lasts?
• Which standards PSK implements

Bank of Ireland Reps

Hi That's me

The below maybe helpful to you. 

It is a small handheld device, the life of battery will probably largely depend on how often you use although will not need to be changed very regularly. 

On how it's used, the previous link will explain this. If you scroll down to How to Set Up PSK it will give you direction. Adding in here  

Inline with PSD2 and SCA (Strong Customer Authentication) we use 2 factor authentication, this provides additional security for our customers banking online. For customers not using the App on any device, the PSK is now your 'security device' (1) . You will use this alongside your login details. (2) 

Hoping you find the above useful. 

Many thanks
Alison

Thats me

Huh.. OK, no positive answers.. as usual. I feel i managed to order PSK device - at least it does not require me running it all the time on my mobile with having access to my location and contacts as the app requiring...

Bank of Ireland: Richard F

We're glad to hear you got this ordered. If we can help with anything else, feel free to get back in touch.

Thanks,
Richard

Thats me

Bank of Ireland: Richard F wrote: »

We're glad to hear you got this ordered. If we can help with anything else, feel free to get back in touch.

Thanks,
Richard

It would be better if you would like to hear me happy with it. But i'm not happy. And the whole planet is not happy with this approach to send out millions of devices instead of just following standards.