Online Banking failure

For fuck’s sake.

Last week I managed to mess up while logging into my Natwest online banking. For some reason the system forgot who I was and wouldn’t let me in, instead suggesting I re-register. So I did, choosing a new password and suchlike.

Because I’d just re-registered they needed to send me an activation code through the mail to unlock all the extras that the online banking can do. Fair enough, the letter arrived yesterday.

Today I try to log in and … it doesn’t know who I am again! I’m fairly sure I got my password correct, but either there’s a big cockup with my account or I didn’t.

I will now have to re-re-register and await yet another stupid authorisation code. This time I will take the highly insecure action of writing my password down on a bit of paper and keeping it safe. Online banking – you have failed. You’re asking for too many codes and bits of password and sequences of numbers to veryfy that I am me. You gave me a two-factor authentication device that I have to use when making bank transfers. Why not use that?

Produce a challenge code that I have to key into my authorisation machine, and then provide my response as another code? If my card’s PIN is secure enough for withdrawing cash, and physically having the card is secure enough for buying things online, then the system should be good enough for online banking, no?

Or just ask for random parts of my personal details each time, it’s what you ask when I forget my password… why bother with making me remember something extra that I have to write down because I am too overloaded to fit it in my brain?

Website Updates Galore!

For some bizarre reason I woke up at half seven. Even more bizarre is that its now half eleven. Where did those four hours go? All I’ve done is fiddle with my website a bit.

WordPress has been upgraded to the latest version, and I think I’ve managed to make the OpenID stuff work again. It seems to like my LiveJournal ID and my Flickr one. It positively hates the OpenID I created myself using phpMyID but it probably doesn’t make sense for me to log into my own site using my own… site 😉 My own OpenID worked with Blogger, so it’ll do.

For some reason the Subscribe to Comments plugin isn’t working either. It’s hard testing this stuff, browser caches and cookies tend to get in the way. I spent ten minutes debugging this stuff only to find my proxy had cached the site and wasn’t really serving the updated content.

Connecting to a Windows domain on another subnet

I’m running VMWare Fusion on my Macbook. In it is an instance of Windows XP. I have a Samba server on my network that is configured to be a domain controller. If I connect my Macbook to the wired network, VMWare Fusion will create a bridged network device and the XP instance gets its own IP address from my DHCP server.

Irritatingly, if I use the Airport wireless connection, the VMWare bridging doesn’t work. I get a message saying /dev/vmnet0 doesn’t exist. After a bit of reading and asking it seems this is because Airport cards don’t support promiscous mode, which is needed for VMWare’s bridging device.

So since the Windows instance then has to use NAT, it gets given an IP address for a tiny private network living in my Mac, which is totally unreachable from the outside world. Also it means any broadcast messages to discover network services won’t go out onto my real network. The main one being Windows saying “hello, is there a domain controller out there?”.

Took me ages to work out that putting the Samba server’s IP address into the WINS part of the XP instance’s network config solved that problem. I can now do a domain logon over a VMWare NAT connection that is using the Airport card in my Mac.

I still haven’t solved the issue where I need the domain controller to be reachable in order to log in at all. Since this is a laptop it’s a bit of a failure if I can’t log into it with the usual profile when not plugged into my network. I don’t want two profiles as this will cause a right mess of duplicate settings, and me having to configure everything twice. I also don’t want to point the local user’s profile at the cached copy of the network user’s local profile. Somehow my work laptop is configured to allow me to log into the domain, even when the PDC isn’t there.