SCB Change Password

[Aforek]

Hello, 

 

I am client of SCB and I want to change my password, but I am not used to what they call OTP ( One time password ) 

first, on the first page , I see " select mobile number to get OTP ", but it's impossible to write something here and, btw, what do they want I write ? 

And second, suppose I receive an OTP, what is the use of it , I want a permanent time password ; from the OTP I can change this temporary number  to put a new permanent number instead ? 

sorry to be stupid, but I am not smart all the time 

thanks 

[Thanyaburi Mac]

Visit a branch?

 

I changed my PW at my local SCB branch a few months back.

 

Mac

[Crossy]

The OTP is sent to your registered mobile by SMS, it is used to authenticate transactions made on line.

 

If you don't have a registered mobile number you cannot receive OTPs and I believe without an OTP you cannot change your main password.

 

EDIT The box "select mobile number to get OTP" has the last 3 digits of your mobile number, check it's the correct number and just go ahead with the prompts, you will receive a text with a number (the OTP) which you enter in to the website.

[KhunBENQ]

(Would) work for me as described by Crossy.

 

But now I see the confusion.

They call the OTP a "one time password".

You want to change your (permanent) password and get a message about a one time password

 

As the OTP is always just a bunch of number a label like "one time pin" would be less confusing?

[KhunBENQ]

Bangkok Bank is no better ("one time password")

My German banks use "TAN" (transaction number).

I use a "TAN generator" for that.

 

[Aforek]

23 hours ago, KhunBENQ said:

 

 

But now I see the confusion.

They call the OTP a "one time password".

You want to change your (permanent) password and get a message about a one time password

 

 

Right, and the digits they gave me  are  not mine;

anyway, I don't want an OTP,  just change my permanent password ;  better I go myself to my branch, as said Mac : change password normally is easy, but not with SCB 

Edited July 3, 2017 by Aforek

[Crossy]

1 hour ago, Aforek said:

Right, and the digits they gave me  are  not mine;

 

Don't forget your passport, and whilst you're at the branch correct your registered mobile number, an OTP is needed for many on-line transactions and you can't get it without your mobile.

 

 

[Aforek]

51 minutes ago, Crossy said:

 

Don't forget your passport, and whilst you're at the branch correct your registered mobile number, an OTP is needed for many on-line transactions and you can't get it without your mobile.

 

 

Yes, I just come back from my bank, everything is ok now, the girl was very helpful and did the job with her phone and mine,  and yes they had a wrong phone number, I don't know where it comes from 

thanks for your help 

[Aforek]

When I say " did the job ", I mean that she prepared the job, but of course, it's was me who typed my new password, not her ( two times, the second time to check if there was no mistake ), I came back to my home and tried with my computer, and it's ok 

[fletchsmile]

OTP = One Time Password. The whole point is it's supposed to be used once only.

 

OTP is a type of 2FA = Two Factor Authentication.

 

2FA is much more secure than just having a password. If only one level was used and someone got access to your password they could do whatever they want including emptying your account. So a second level of security is added. This is changed every time it is used and sent directly to you - usually via mobile phone or token. This way they are confirming with you (or at least your mobile phone which should be in your possession) that what is being done online is authentic according to your wishes. If they didn't change it every time you would again be vulnerable.

 

Imagine using internet banking on an unsecure network or internet cafe or someone hacks your computer or someone accesses your browser history or gets access to your password another way etc. With only 1 password you're stuffed. With a 2FA that is the same every time not much better. Hence the OTP changes every time. So even if someone gets your password and OTP used last time, they won't know next times OTP which is protecting you.

 

Cheers

Fletch :)

Edited July 4, 2017 by fletchsmile