General Betting
There is currently 1 person viewing this thread.
03 Nov 09
18:31
Joined:
Date Joined:
10 Jan 02
After watching Watchdog this week and seeing hackers logging in to email accounts in wifi hotspots it was clearly just as easy for them to hack into your Betfair account.
Banks have added security so that you are asked for different digits of your password or pin number and Ing Direct whom I have an account with have gone a step further where a numbered keypad appears on your screen which you click on rather than enter the numbers via normal keystrokes. Should Betfair do something similar?
Banks have added security so that you are asked for different digits of your password or pin number and Ing Direct whom I have an account with have gone a step further where a numbered keypad appears on your screen which you click on rather than enter the numbers via normal keystrokes. Should Betfair do something similar?
sort by:
Show
per page
Replies: 42
|
By:
Warnings for courtsiders and snipers being sent out in the morning :0
|
|
By:
They should definitely provide an on-screen keyboard as an option for signing in, if you so desire to activate it in, say, the 'My security' menu. The security-conscious can have it; the 'speed and ease' users can continue to log in as usual.
|
|
By:
No, if people are using un encrypted wi-fi to access sensitive websites that is their problem, not Betfairs.
99.99% Of hacked accounts can be attributed ignorance of security on the account holders part, in my opinion. Most of the people who had their accounts hacked on email logged into spoof sites - their fault. |
|
By:
Definitely. It's something I requested a long time ago. Everyone should have the option to select enhanced login security.
|
|
By:
a long time ago i set my betfair account security settings so it could only be accessed from the UK.
Recently when reviewing my online security i realised this was no longer active on my account. I've no idea why and my best guess was some kind of upgrade related issue. If you have set country access up yourself in the past and not checked it recently I suggest you do. |
|
By:
It's clearly a growing problem and it's in Betfair's interest (like it's in the bank's interest) to prevent fraud. With the banks, as a customer, you are protected and your funds reimbursed in the event of fraud. As far as I know there is no such policy with Betfair, so for me personally I'm much more concerned with security on here.
|
|
By:
Makes fekk all difference to me - anything they find they can keep lol
|
|
By:
bf trader,
i just checked country restriction status and it does look like they have changed the page where you can choose this it no longer even makes sense to me how the page works, it's gibberish now |
|
By:
yes
|
|
By:
I checked with Firefox + Firebug: username and password are sent over ssl. I think it's enough.
|
|
By:
Yes Clydebank. I used an internet cafe. After they switched to Firefox, my login password was found by another user. This was used two days later 100 miles away to take £5,000 from my account by transferring that sum into exchange games and losing that on one hand of poker. Naturally, once Betfair told me they weren't liable, I went to the police for redress. It went nowhere. Obviously, Betfair knew who "won" my money, but never volunteered that info to the police (to be fair, the police would barely have known to do with the info anyway).
I appreciate that Betfair must indemnify themselves against two people conspiring in the way I have described above but all the circumstantial evidence over time showed that I was the ripped off party. It didn't help that Betfair handled my case through an investigator based in Malta. |
|
By:
sethmorley, you are badly mistaken. Sure, your username & password are sent encrypted, but from then on the rest of it is unencrypted. This means that anyone can eavesdrop on you betting and could easily steal your logged-in session, placing bets on your behalf.
You'd be mad to use Betfair over wifi in a public place. Betfair *should* run the whole of their website encrypted and protected, but they won't because they'd have to buy some more computers to handle the extra work. And it's only our money and accounts that are at risk, not theirs. |
|
By:
Very interesting united busquits.
Im so paranoid i always close down my computer before leaving the house , just incase a burgler came in and logged onto my account and blew my cash Last year i went on holiday and was also too paranoid to log onto bank accounts or betfair from a cybercafe. Looks like that paranoia was in fact good sense |
|
By:
*Looks like that paranoia was in fact good sense
Typical reaction from a delusional schizophrenic ;) |
|
By:
I have a Bank Of Scotland account for my business.
They use a authentication system that changes my password.....every 60 seconds. http://www.net-ctrl.co.uk/articles/14/1/RSA-SecureID-Two-Factor-Authentication-For-Business/Page1.html?gclid=CPbjyYb9750CFU0A4wodGnYrLQ Betfair could easily integrate this into their system for accounts above "X" amount. |
|
By:
lippy ,
but how would they have got uniteds account password details from the internet cafe ? |
|
By:
key logger.
|
|
By:
Last time I went into an internet cafe (a long time ago mind) there were at least 10 login details to gmail / yahoo / other sites saved with passwords, which I could have used
Which brings my back to my original point - don't use un secure / public places to log into sensitive sites. I would never log into any sensitive site using a internet cafe. I even have a separate email account for use in such paces, because if they can read your email they can get your passwords (easier). Easy to say after the event but it's pretty naive thinking an internet cafe is going to be secure. I'm not paranoid either it is just sensible. |
|
By:
Re the key loggers: That's exacly why most banks ask for selected character from a secondary password - normally in the form of a dropdown list. That way the user does not actually press any keys.
Betfair should definitely consider implementing something like this. I wouldn't take too much development effort either. |
|
By:
What is more worrying is that it is possible to log in to someone elses account even if they use secure encryption from their own home PC.
|
|
By:
so it begs the question i guess , how safe is this site if you only use it from home using your own pc ?
|
|
By:
is that so hazel ? ...
|
|
By:
yes it is possible coach
|
|
By:
Lippy - why the hell would a burgular break into your house, turn on your pc, then place bets on your account, that even if they won, he couldn't do anything with? He could only withdrawal the money back to your bank account?
|
|
By:
Hazel ,sorry i meant is it poss for someone to access your account even if youve never set foot inside an interent cafe ?
I had someone use my credit card details the other week ,but atleast there i take the card out of the house for it to be scanned i guess |
|
By:
Yes it is. Your pc could be hacked/virused with a key logger ?
|
|
By:
I wouldn't even log into my bank using the family PC.
Despite being told over and over and over and over, other users click on things they shouldn't click on and download / install "free" stuff. |
|
By:
Coach the answer is yes it is possible
|
|
By:
i would add that no key logger is neccessary
|
|
By:
cheers hopeless and hazel :)
|
|
By:
Betfair could identify your main PC with a cookie or whatever and then have something to generate extra random one-use passwords which you could print out. If you used a PC which doesn't have the cookie then it would ask for one of the extra passwords.
So even if someone used a key logger in an internet cafe, they couldn't get into your account. |
|
By:
In my case the £5,000 was transferred to the Australian Wallet first, that sum being the limit on my Aussi account, for some reason. I've never played on the games site but I understand there is no security at all between these accounts.
|
|
By:
In principle it is possible to get your password using an antenna from outside the house, unless you have a MIL-STD network installed. If you have large sums, it's worth investing in the military hardware, I should think.
If you use an API-based product, your network traffic is fully encrypted. All large players should use this exclusively. |
|
By:
It's also worth making the best use possible of the limited security features BF provide, eg loss-limits.
|
|
By:
Moon Light it is still possible for someone to log in to your account even if your use API
|
|
By:
some of the bf security features don't work at the moment, country restriction log in for example is not functioning properly at the moment
i emailed bf and got a one line response a bit like this: "omg, how thick are you - you just click this" followed up by me sending them screenshot showing them there was nothing to click on eventually followed by someone else at bf telling me it really doesn't work, and i was right |
|
By:
Combination of API, military-grade PC and adequate anti-burglar protection should give a degree of security.
I suspect, Hazel, that you are referring to a hazard I'm not aware of. Could you explain, please? |
|
By:
Moon Light it would be irresponsible of me to go into detail, but just as the 5 second delay could have been beaten then trust me it is possible to beat betfair's login security.
|
|
By:
oh you big tease
|