All fine and good. I don't want that software running on my VPN, I want that running locally on something like a PiHole on my local network. I don't trust any VPN provider to do that. So I VPN back to my own home network when I'm connecting to coffee shop WiFi. Thing is, I'd rather trust one ISP than two, which is basically what you're using your VPN provider as. Netflix et al. have largely cracked down on that. You often need to roll your own VPN (eg buy a VPS in some not-blacklisted data center, or put a raspberry pi in some friend's house in the country you want to stream from and set up VPN server software on it) to get that to work. And it is quite limited, what your ISP can scrape when you browse with TLS. They'll see you went to Amazon, not what you looked at or bought. They'll see that you went to a bank website, but not know why, or what your balance is. And if you can't actually access your bank, yeah that's pretty onerous.
I don't think most of these folks want to setup their own VPN at home, and even that has some drawbacks. At the end of the day, it all comes down to trust, and where you feel you can place it.
Not to mention, when so many people don't use proper security, it's a lot easier just to go after those folks, than it is to go after someone who knows how to add another layer to the onion.
This. Taking the most basic precautions is better than what most people do. If you lock the door on your car, and your neighbor doesn't, you have a better chance of not having it broken into while your neighbor's Weird Al Yankovic cassettes are stolen. Hell, I use two factor authentication, with an authenticator rather than email, for most of my apps and websites. It may seem unimportant, but someone somewhere is interested, and I'd rather play it safe.
Back to my original thought, if they use two-factor for everybody that would seem a lot easier for all concerned. UA types would probably scream about it, but then there are idiots who screamed about mask requirements during covid...
Indeed. It would be beneficial, and it's something everyone who handles any kind of data should do. It would be so simple for them to setup a system that requires an authenticator (which is far more secure than text or email two factor). Even if they want to go the easiest, "hard to screw this up" route, text two factor would be light years ahead of what they have now, which is nothing. That's a level of either laziness or incompetence that no bank should be allowed to continue because it threatens every customer. Here's hoping that they at least don't put bank customer data in plain text format.
I think I'm guilty of dumbing down the bank's position to match my own level of (un)sophistication. They have been using two factor ID, but that makes my situation even weirder. In any case, the latest word is that they detected that I had been logging in on an iMac before suddenly switching to PC which triggered alarm bells. The problem with that is that it's bass-ackwards. While I've had an iPhone for years and an iPad for several months, I've never (that I can recall) logged in on my bank account from them, maybe once or twice from the iPad , but if their system is showing me as a long term Mac user, that's pretty friggin' bad. Or on the other hand, somebody has been working way too hard to (rather clumsily it would seem) to break into my account, which as I've told them repeatedly is one of the reasons I haven't blown my cork (yet). It's possible that as ham-handed as their response as been, it seems possible that they have saved me from a really nasty incident. Anyone care to guess whether they're just really bad at dealing with the public (y'know that customer service thing?) whilst actually getting at least some of their stuff right, or are they just a bunch of idiots?
Hopefully it ends up they protected you from something. It could also be your user agent in your browser misidentifying you as being on a Mac. I set my user agent to (usually) make me on Windows with Chrome, even though I'm on Linux with Firefox so that I am part of the broadest group of users surfing the internet. That said, I doubt very highly that you did such a thing with your browser's user agent, so I'm not sure what's going on.
Latest word from the District Manager I’m now bothering is that the account has been unlocked (again) but since I’m on the riad in North Platte,NE I ain’t about log on from here and I won’t be home until Sunday we’ll have to wait and see.
So I can now get into my account, but I have been told by my high ranking contact at the bank, that she is under the impression that using the VPN may cause it to lock up again. I asked her to follow up with the tech geeks and find out why if they use a VPN internally why it should be a problem for customers to use them externally. I also noted that I find it hard to believe I'm the only customer using a VPN, which raises the question of why I'm having problems. Either no one has complained or I'm really special. Before I take Steve's advice...*to be continued*
internal vpns are end-to-end. Yours is not. Employees load software that adds a layer of encryption to connect to the counterpart software on the bank's network. This software creates a virtual private network. When you do it it's to a third party in Provo who is sending your data out into the wild of the wasatch hinterlands internet.
goddammit where's the edit button?! ETA: your bank's network geeks may be savvy enough to detect that Provo isn't the origin. They frown on spoofing locations (main reason to pay for a VPN) because this could be someone in St Petersburg trying to appear if they were logging in from the States. The bank may be more clever than any of us and is doing you a favor (hackers in Russia aren't to be taken lightly). If you like the bank, other than your current connection issues (and they are yours) then bag the VPN. It's not helping you as russian agents have been seen in Provo sniffing around connections coming from your VPN provider. It only has the encryption the bank requires at that point (which will thwart the russians anyway, unless they really really want your account information in which case you're screwed).
Fair enough. That’s why I’ve approached it this way. I told them I realize that I might have been saved from a nasty problem. Where they’ve fallen behind is explaining their reasoning. Other people might have just pulled the plug on them. They need to have a procedure for helping people understand this stuff instead of just walling themselves away from the muggles who don’t have the knowledge to understand it and, possibly, costing themselves customers.
Like most banks, they expect you to accommodate them and not the other way around. Your VPN, if it's the same one you mentioned some time back, just recently added the ability to temporarily pause your VPN connection. I have to do this with one site in particular, but with my VPN, it's literally a big red button that I click, it disconnects, dropping me into the regular internet, I do my business, hit the red button to reconnect, and then go about my day. Some sites will absolutely be assholes about it, so this is a more than reasonable way by your VPN provider to get around it. It seems like this is one of them. You have a right to protect your data from the watching eyes and listening ears of your ISP and all of the third parties to which it sells your data.
I set my VPN up to always show in the top right hand corner, and a quick click gives me all of my options. I'm not old, but I am forgetful.
So to wrap it up, I got a call from the executive this morning and the Internet banking/security folks say looking me out is a "feature" (not a bug) of the system they use. I can live with the idea that it's up to me to pause the VPN while logging in lest I be locked out, although I told her I wish there was some way to get it unlocked through the "help" desk instead of having to escalate it. Her response was that I seem to be the only person who has had this problem. So, am I to infer that I'm the only customer they have using a VPN or that for some reason I'm "special"? I did say that I found it somewhat unlikely that I'm the only customer using a VPN and that it might be possible that they're losing customers who don't have the time or inclination that I have to follow up on any problems. In short, I'm wondering if they're losing customers who simply walk away without saying anything. In any case, I'm staying with them for the time being and just hoping that I remember to pause the VPN when appropriate, even though I don't have to do that with either my credit union account or brokerage account, both of which use two factor.
Probably the best decision for now. There are at least a billion VPN users around the world, and I am sure at least some of them use your bank, so it's likely just a CYOA statement, like when a PC manufacturer's tech support tells you that you're the only person who has had difficulty with their system. Most of the people who do basic tech support are given a script anyway, and they have to follow it, even if it's total bullshit. Just try to remember your pause button, and you'll do just fine.
