Lastly, physical security is key. i.e. don’t lose it. Apple has the MobileMe appliccation and there are tons of stories of people recovering and even assisting police catch the thieves of their iPhones. My Xperia locks automatically after 10m of idle and deletes all the data after 3 wrong attempts.

Thanks for the comments. I’ll just have to wait for the details of the application before trying it out. I am interested in using it. It would be very convenient. I just want to check it out before I do.

I imagine that there will be other similar type of apps coming out in the near future for various purposes. Here’s hoping that security best practices are built into their designs.

Thanks,

Frank

It would be _really_ stupid to store it in plaintext. Another method would be to use something like a one-way hash (e.g. MD5) and store & transmit that string instead of the actual password. (How most online forums, content management systems, etc. store their information in their databases: each time a user logs in, the submitted password is sent through the hash and the resulting string [which can't be decrypted back to plaintext] is compared to the one stored on the server.)

“…Other vulnerabilities include a possible disclosure of information issue that could allow a person with physical access to a locked device to bypass the lock screen and gain access to a user’s data…”

If the userid/password are stored on the iPhone, it is possible that someone could hack the iphone and extract that information. Recently, a vulnerability has been reported (and patched) where information could be extracted from a locked iphone. The iphone needs to be physically accessed though. So losing your iphone would could put it into the hands of someone capable of hacking into it. To mitigate this risk, any userid/passwords stored on an iphone should be encrypted locally as well.

Hopefully CIBC has implemented the application correctly so that it does not store any userid/password locally or if it does store it locally, it is not stored in plain text.

In a regular browser, you’ll see “https://” instead of “http://” indicating that it is “S”ecure.

CIBC, like all other banks, guarantees online security. You will not be held liable for unauthorized access to your online account (granted you haven’t given out your password, etc.)

Online banking guarantees:
CIBC: http://www.cibc.com/ca/legal/online-banking-guarantee.html
BMO: http://www4.bmo.com/bmo/portal/cda/popup_template/0,2284,35649_38681369,00.html
TD: http://www.td.com/privacyandsecurity/guarantee.jsp
Royal: http://www.rbcroyalbank.com/online/rbcguarantee.html
Scotia: http://www.scotiabank.com/guarantee
VanCity: https://www.vancity.com/ContactUs/WaystoBank/OnlineBanking/

A word of warning however, I am using this app behind my own router/firewall and so I am not to concerned about safety and security. Using any financial wireless app. in the wild however has risks associated with it.

Hang on to your two cents tight, the bankers are lurching…!

As regard to Phil’s comment. From personal experience I can only say since the banks have become more automated making it easier for people to do banking on our terms and not theirs I haven’t seen a decrease in staff at our local bank (Scotiabank). In fact, it seems just the opposite as more paperwork is generated and staff are required to keep on top of it.

Just my two cents worth……..