dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
4831
share rss forum feed


Blogger
Jedi Poster
Premium
join:2012-10-18
Reviews:
·Champion Broadba..
reply to fkd

Re: Bank of America Passcode Requirements

If you have issues like you describe I suggest for the future you consider as one possible solution is to get a password manager, like Lastpass to name just one of the several good choices.
--
The signal is usually drowned out by the noise.

Expand your moderator at work


fkd

@175.157.142.x
reply to Blogger

Re: Bank of America Passcode Requirements

said by Blogger:

If you have issues like you describe I suggest for the future you consider as one possible solution is to get a password manager, like Lastpass to name just one of the several good choices.

Yea.. I agree on having a central password manager. I used to use Password manager that came with Firefox. It worked just fine. But moved to Chromium a while back. Alas, Chromium's password manager is just not even worth mentioning.

I'm not using/going to use LastPass for one reason. It's closed source!
Expand your moderator at work


fkd

@203.143.18.x
reply to therube

Re: Bank of America Passcode Requirements

said by therube:

> never answered if they have a branch there

I did look that up when the thread first came about, There are a total of 13 local banks and 6 international banks that are operations in Sri Lanka.

Well, no, Sri Lanka does not have any branches of BofA nor a single BofA ATM. It seems the bank 'were' in Sri Lanka few decades ago based on some Google searches! The irony!

This has become an interesting place rather than a desperate attempt to seek answers for my half dead memory.

>> assuming you may be on travel
> Certainly a good possibility.

Before questioning, did any of the "paranoid" security professionals knew foreign nationals (wrt. USA) can open accounts with BofA? (I can not comment about others banks though). And the account holders don't have to reside in USA (specially when asking questions!! )?

Anyway, based on the BofA FAQ link @CylonRed provided, acct holder must have a SSN to reset?? God bless if a foreigner forgot her passcode!! I guess at least some paranoid people will understand why I don't want to start "forget password" process without a background check! //running to write down my password on a piece of paper//

Was I trolling before? Nope. How about now? May be.


Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..
reply to fkd

BOA currently does not maintain a direct banking presence in the Indian Ocean region of the world. So I doubt you're going to dig out of such a hole easily, unless you can find some documentation referencing how to contact BOA directly, either on your log-in page or in your possession. In that case, you'll need an account number, address, and possibly other verification/contact information relevant to specific account ownership. If you've been using Bank of America "for awhile", you should have some kind of paper or eMail trail from establishing the account, various transactions or summaries, tax information/reports, etc. that contain some BOA addresses, eMail addresses, or phone contact numbers. That's where you need to start. Unfortunately, the two BOA online 'contact' websites of which I'm aware auto-redirect via sniffing my IP to a US-based state lookup page. You might have better success trying either one from outside the US and hopefully they'll give you a starting point-of-contact:
»www.bankofamerica.com/contactus/contactus.go
www1.bankofamerica.com/contact/

Alternatively, if you in fact know of how foreign nationals can now open a BOA account, pursue that path and explain there what your situation is with your current account.

As far as giving you hints about BOA's password construction, it would be foolish of anyone here to do that given the uncertainty of who you really are and your possible intent. There are simply too many hackers continually trying to crack into online accounts for anyone with security experience to run that risk.
--
“The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money.” A. de Tocqueville


fkd

@111.223.190.x
reply to therube

A previous reply to this thread didn't get through the review process. But I think I have to mention these things.

1. No, Sri Lanka don't have a BofA branch nor ATMs from it.

2. You don't need to be travelling to ask the original question

3. And, FWIW, it was a valid question for me. And, I'm not expecting answer for that anymore.

4. Foreign nationals (wrt. USA) can open accounts with BofA too, you know?

5. @Cthen - I know there is a "reset passcode" button in the sign in page. Give me some credit, mate!

6. It seems it's quite impossible for foreign nationals (wrt. USA) with no branches of the bank in the country to reset password... Because, as per the FAQ in BofA, you must need SSN. »www.bankofamerica.com/onlinebank···_sp=#q10

You may consider the last point as a statement or a question!



fkd

@111.223.151.x
reply to Blackbird

@Blackbird thanks for the two links provided. But mine also goes to a page asking US state which is not a problem for me.

I understand if you don't want to provide what are the restrictions when creating a passcode, but is it such a big deal? Yea, anyone may think it would bring a hacker a step closer to cracking an account. But does it really? You may be thinking "may be it's 'safer' if I don't tell that kind of thing!!". I'm not a security professional. May be this would help in a brute-force attack on hashed passwords, but, will a hacker capable of stealing hashed passwords really need to ask around about the passcode requirements? I'm yet to hear a proper reason.

To say about opening bank accounts with BofA by foreigners, it's pretty simple. Though it seems references in the web are pretty low. I'm pretty sure we can't open an account remotely from another country given the Know Your Customer rules banks adopt. So, you got to go to a branch to open an account. There, you should mainly provide the passport, have a valid USA address, and reason for travelling to USA. Then, you can have a debit card ( given the account type you choose provides it). This provides an ideal way to keep money safe during the stay. This can be used outside USA too.



Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..

1 edit

said by fkd :

... I understand if you don't want to provide what are the restrictions when creating a passcode, but is it such a big deal? Yea, anyone may think it would bring a hacker a step closer to cracking an account. But does it really? You may be thinking "may be it's 'safer' if I don't tell that kind of thing!!".... but, will a hacker capable of stealing hashed passwords really need to ask around about the passcode requirements? I'm yet to hear a proper reason.

To say about opening bank accounts with BofA by foreigners, it's pretty simple. Though it seems references in the web are pretty low. I'm pretty sure we can't open an account remotely from another country given the Know Your Customer rules banks adopt. So, you got to go to a branch to open an account. There, you should mainly provide the passport, have a valid USA address, and reason for travelling to USA. Then, you can have a debit card ( given the account type you choose provides it). This provides an ideal way to keep money safe during the stay. This can be used outside USA too.

It depends on the hacker. Not all hackers are created equal, nor are their tools... some are just starting out to test their bytes and their software tools may not be the best... so they'll look for anything folks will hand them to tilt the cracking process a little further in their favor. One of the time-honored ways of getting something handed to them is to go to forums and ask, a lot of folks being inherently helpful sorts. And yes, the more known about how passwords are constructed, the easier it becomes to crack them - at least for hacker newbies with simpler tools.

You're posting in a forum of security-focused individuals... many of them know all this, and they're sceptical of anonymous or new-member postings that ask for password-construction tips about an existing target - regardless of the reasons offered. As you've observed, there are all manner of ID elements and/or in-person appearance required to open a new account... why would you believe the process would be a whole lot simpler to obtain access to an existing, already-funded account? What remains a mystery is why you appear to have no records from setting up your account, creating its password, or accessing it over time. Those records would contain information about contacting BOA from overseas with regard to the account. According to your own words:
quote:
It seems the bank 'were' in Sri Lanka few decades ago based on some Google searches!
Based on some Google searches? All you've echoed back to folks here so far is public information you obtained by searching online. How did you open your account if not in person, where are your records if you did, where is your information and confirmations regarding your transactions from the account, and why shouldn't all this peculiarity and lack of information make folks in this forum suspicious of your story?
--
“The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money.” A. de Tocqueville


fkd

@203.143.18.x

said by Blackbird:

You're posting in a forum of security-focused individuals... many of them know all this, and they're sceptical of anonymous or new-member postings that ask for password-construction tips about an existing target - regardless of the reasons offered. As you've observed, there are all manner of ID elements and/or in-person appearance required to open a new account... why would you believe the process would be a whole lot simpler to obtain access to an existing, already-funded account? What remains a mystery is why you appear to have no records from setting up your account, creating its password, or accessing it over time. Those records would contain information about contacting BOA from overseas with regard to the account. According to your own words:

quote:
It seems the bank 'were' in Sri Lanka few decades ago based on some Google searches!
Based on some Google searches? All you've echoed back to folks here so far is public information you obtained by searching online. How did you open your account if not in person, where are your records if you did, where is your information and confirmations regarding your transactions from the account, and why shouldn't all this peculiarity and lack of information make folks in this forum suspicious of your story?

I know there is no branches of BofA because the bank officer I worked when opening the account told me. But I found that there were a branch here few years ago. Sorry my comment doesn't clearly say that!

I opened my bank account when I was in US. So, all my references, and mail records point to things that consider account holder is a US resident (or more specifically, the acct holder should have a SSN). That certainly wasn't the case when opening an account. We can of course sort things out when we go to US again, but until then?
I implicitly said I created this account in US in previous comments. Read "It seems it's quite impossible for foreign nationals (wrt. USA) with no branches of the bank in the country to reset password..." and
the para starting with "...opening bank accounts with BofA by foreigners..."

Forgive me for my stupid question. But, does this forum has security measures that makes registered 'new' members more trustful than anon users? Some guy already posted my ip details.

PS: I don't have a need to contact them anymore, but I would have if I needed because I had enough time these days.


Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..

said by fkd :

... I know there is no branches of BofA because the bank officer I worked when opening the account told me. But I found that there were a branch here few years ago. Sorry my comment doesn't clearly say that!

I opened my bank account when I was in US. So, all my references, and mail records point to things that consider account holder is a US resident (or more specifically, the acct holder should have a SSN). That certainly wasn't the case when opening an account. We can of course sort things out when we go to US again, but until then? I implicitly said I created this account in US in previous comments. Read "It seems it's quite impossible for foreign nationals (wrt. USA) with no branches of the bank in the country to reset password..." and the para starting with "...opening bank accounts with BofA by foreigners..."

Forgive me for my stupid question. But, does this forum has security measures that makes registered 'new' members more trustful than anon users? Some guy already posted my ip details.

PS: I don't have a need to contact them anymore, but I would have if I needed because I had enough time these days.

Had you shared all that at the very outset, perhaps the reactions here would have been more... uhmm, "user friendly"? In any case, I doubt that you would have gotten much information about password structure regardless, since your story would be impossible for those here to verify, thus impossible to distinguish from some script-kiddie out fishing for cracking info.

With regard to this security forum (and probably most others), anonymous and new-member posts are viewed with a measure of scepticism since anyone can post or sign up with no real verification trail (other than IP and an eMail address). If one is a longer-term member, that at least provides a measure of stability and a mild assurance the user is not as likely to be a spur-of-the-moment kiddie, out to hack some target that's just caught his interest.

As far as somebody publishing your IP info here, that info is public record and accessible by anyone via a simple 'whois' check on the web, and the IP itself appears below all anonymous posting icons on every forum post. And, while even an IP can be (and often is) spoofed by a hacker, it did make the poster's point that something was suspicious about your post, given that you were asking for password info on the Bank of America from an IP well outside the US.

At this point, my advice to you would have been to send a certified/registered letter to BOA headquarters, explaining your account information and asking for contact information. But, as you've noted, "I don't have a need to contact them anymore," so the only remaining question in my mind might be why you ran this thread in the first place...?
--
“The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money.” A. de Tocqueville
Expand your moderator at work