am 01.04.2019 22:36
Good evening,
I am worried about security of account in comdirect. In particular, I have a question regarding weird policy of having 6 digit PIN to access to my personal account via web. Is it possible somehow to change password to something more secure. I would prefer to have alpha-numeric password with special characters. But it seems like it is really impossible. If I'm wrong, could you please point me to the section how I can make my account more secure?
Thank you and Best Regards,
Denis
am 01.04.2019 22:39
This question has been asked here frequently, and there is absolutely no reason to worry. After three incorrect entries of the PIN, the account will be locked by the bank. More safety is not possible.
nmh
am 01.04.2019 22:49
As nmh said this is currently not possible, but it has been spoken about a multitude of times. As far as I'm informed in the future the PSD2 regulation also requires a randomly generated component (like a TAN) at login to the account, though I'm not 100% on this.
The current state however is that there is no way to change the password "rules". You do have the ability to change the PIN at any time though, even daily if you feel like it.
am 01.04.2019 22:53
That's very sad. I am finding your services very good. But security is obviously not in priority here 😞
01.04.2019 22:59 - bearbeitet 01.04.2019 23:02
01.04.2019 22:59 - bearbeitet 01.04.2019 23:02
It is as secure as it is required. Also, there are still 10k possible combinations with only 3 possible tries, so brute forcing is just not an option. Unless parts of the PIN are already known it is extremely unlikely that anyone can enter your account.
Also, even if it were the case, and someone could log into your account, there would still be no possibility to do anything since any relevant transaction requires a TAN to clear it.
Furthermore, even in the extremely unlikely event that anything would happen without your wrongdoing, there is still the insurance of the bank, see here:
https://www.comdirect.de/cms/sicherheit-sicherheitsversprechen.html
am 01.04.2019 23:11
Well, I know the odds. It's just very weird to see that the application, which must be the most protected one, has the weakest password requirements. And by the way, that means that anyone can block my (or anyone else's) account by just entering wrong password 3 times?
am 01.04.2019 23:13
But anyway thank you for your answers and fast replies.
am 01.04.2019 23:18
@dbrsn schrieb:And by the way, that means that anyone can block my (or anyone else's) account by just entering wrong password 3 times?
In principle, yes, but they need to know your access number for that.
am 01.04.2019 23:31
@dbrsn schrieb:It's just very weird to see that the application, which must be the most protected one, has the weakest password requirements.
Don't get me wrong, I completely get your concern, as it has come up a lot.
@dbrsn schrieb:And by the way, that means that anyone can block my (or anyone else's) account by just entering wrong password 3 times?
Technically yes, but as stated above, they would require your access number. Also in that case unlocking the account is as easy as giving the bank a call and confirm your personal data so they can unlock the account.