BofA and "safepass"
Craig
For some on-line banking functions, Bank of America requires a user to
register for "safepass" as an additional security measure. Safepass
does not work with Firefox (3.5.8 at least). The error message reads:
> Your internet browser does not support the advanced Flash features
> required to use SafePass.
>
> Please upgrade your browser. Download upgrades for:
> Netscape, Microsoft Internet Explorer, Apple Safari.
Pretty tough to do when you're running Linux.
I called into BofA's "online banking tech support" twice. They assert
that BofA does not support the use of Mozilla Firefox. At a certain
point, the rep didn't know the answer to a question and asked whether I
wanted to escalate this to the next support tier. I said sure and was
transferred...
...to a Microsoft support queue(!)
I called back in to BofA and, eventually was told that BofA will support
Mozilla Firefox beginning in July 2010. So, in short:
- BofA does not officially support Firefox but it can be used
successfully for many transactions
- SafePass cannot be used with Firefox at all
- SafePass appears to be a Microsoft product
- BofA claims Firefox will be supported by BofA and Safepass beginning
July 2010.
On a bigger note: Similar issues have cropped up for us when using b2b
sites, including California utilities such as PG&E and Verizon. It's
stuff like this that prevents us from standardizing on either Firefox or
Linux. Having said this, is anyone at Mozilla interested in collecting
these samples? Does Mozilla track these issues?
hope this helps,
-Craig
Tarkus
I've been banking with BOA and SafePass, using FF for years (no matter
what their site says). If you're having problems, make sure something
like NoScript is not getting in the way.
Craig
> On 3/15/2010 12:32 PM, Craig wrote:
>> Just an fyi;
>>
>> For some on-line banking functions, Bank of America requires a user to
>> register for "safepass" as an additional security measure. Safepass
>> does not work with Firefox (3.5.8 at least). The error message
>> hope this helps,
>
> I've been banking with BOA and SafePass, using FF for years (no matter
> what their site says). If you're having problems, make sure something
> like NoScript is not getting in the way.
Thanks for the reply.
Yea, I've been using FFx at BofA for years too, without problem. It's
only since we added on the SafePass "feature" that everything ground to
a halt. None of our browsers are running NoScript. Really, the only
extension we have installed that I can imagine causing a problem is
flashblock.
I just disabled flashblock and bofa still stops me from going any further.
-Craig
Tarkus
I know this doesn't help you, but again, I've had no problem using
SafePass with FF for years. Maybe try FF's Safe Mode. (There is a
shortcut in the Windows' Start menu, but I'm not sure about Linux.)
Craig
No worries, Tarkus. Keep the suggestions coming! For what it's worth,
this is FFx 3.5.8 and I just tried accessing the account through safe
mode (& turned off all add-ons). Same issue. I don't suppose you've
set your browser to spoof MSIE?
thanks again.
-Craig
Tarkus
No, I've never done anything special.
Let's make sure we're on the same page. On some sites when using my
debit or credit card, it brings up an extra dialog to verify my BOA
account. That IS what you're talking about, right? In RoboForm, I have
it labeled as SiteKey, so perhaps we're talking about two different things.
nobody
I believe you are. I have had the "sitekey" thing for some time on my
BOA account, but I haven't yet seen "safepass". I did look it up and it
appears to not be on my account...yet. It seems to be tied to the use
of "mobile devices" and I use none to access BOA.
http://www.bankofamerica.com/privacy/index.cfm?template=learn_about_safepass
Craig
Ah. No.
<http://www.bankofamerica.com/privacy/index.cfm?template=learn_about_safepass>
It comes in two formats, either as a standalone (credit-card sized)
device or as an embedded Flash applet. Both generate a numeric string
which is good for... what? 2 minutes or 5 minutes, something like
that. Although the documentation says that it's optional for use with
general on-line banking, once you have signed up for it, it ain't. At
least in my case.
thanks again,
-Craig
Craig
> It seems to be tied to the use of "mobile devices" and I use none to
> access BOA.
And other functions. We signed up for the ability to do international
wires on-line.
Tarkus
I apologize for wasting your time. I never heard of what you're talking
about, and just assumed you were talking about the SiteKey. It was only
when I looked at RoboForm that I discovered we might be talking about
two different things.
nobody
Well, thanks for pointing it out so I can avoid it, at least until they
start supporting Firefox.
Craig
> I apologize for wasting your time.
Not at all.
Our exchange prodded me to find other channels into Mozilla.
There's a bit more to the story than this incident. Apart from this,
our business comes across MSIE-only customer sites all too frequently.
And these are pretty big customers so, it's not like we can ask them to
"just use industry standard markup." At the same time, we want to
promote the use of valid markup. Although I had tried in the past, I'd
given up pinging around Mozilla Corp until this popped up so, in short,
thanks for the prod.
Fyi, the appropriate channel for these kinds of issues looks to be
<evang...@lists.mozilla.org>.
cya,
-Craig
Craig
<grin> Yea. My pleasure. </grin>
-Craig
The Real Bev
Ditto. I even resent not being able to feed in my password automatically :-(
--
Cheers, Bev
Far away in a strange land
Ron Hunter
Terry R.
Since Flash isn't running on the majority of cell phones, I'm surprised
this was even implemented yet.
Terry R.
--
Anti-spam measures are included in my email address.
Delete NOSPAM from the email address after clicking Reply.
Craig
> Since Flash isn't running on the majority of cell phones, I'm
> surprised this was even implemented yet.
>
Hi Terry;
Just to clarify... There is no use of a mobile browser. The
"originating" session takes place on a computer's browser.
1) The computer's browser runs the flash-based key generator
2) The end-user clicks on "generate pass key" (or whatever)
3) The mobile phone receives the numeric string via text
4) The end-user enters this number back into the flash-based key generator
Et voila, access to more on-line banking services.
-Craig
Terry R.
I looked at the "SafePass Mobile at a
Glance" and read, "Sign in to Online banking". Since I also do that on
my phone, they should specify that it's only done on workstations.
It wasn't your explanation that wasn't clear, but BofA's site.
David McRitchie
> On 3/15/2010 4:00 PM On a whim, Craig pounded out on the keyboard
>>
>> Although the documentation says that it's optional for use with
>> general on-line banking, once you have signed up for it, it ain't. At
Hi Craig,
The linked FAQ page perhaps provides additional information about turning
features on and off. Tell me if you find anything about having additional security
if your wallet is stolen and you don't know it.
<<If you choose to use SafePass, some online activities will be automatically protected while some can be optionally protected. Most
actions will only require that you use SafePass just a few times per month. You can select which actions you want to use SafePass on
by visiting the SafePass settings page.>>
Craig
David;
I can't comment on the "wallet stolen," I may have missed the reference
since I was only scanning the material.
The SafePass settings page helped solve one issue, thanks.
More interesting is that SafePass worked today(!)
The single difference on my side is that I updated from FFx 3.5.8 to
3.6. So, again, it looks like the solution to getting BofA's SafePass
to work is by updating from 3.5.x to 3.6.
Thanks to everyone who chimed in.
-Craig
Chuck in MI
itself. Upgrade your Flash player.
Also, the Flashblock plugin may be interfering with flash for this
site. Enter the BOA website under the Flashblock exception list.
--
LeechBlock support forum. Free registration.
http://www.phpbbplanet.com/thebuzz/
Craig
> Sounds like it is an issue with the Flash plugin, not Firefox itself.
> Upgrade your Flash player.
>
> Also, the Flashblock plugin may be interfering with flash for this
> site. Enter the BOA website under the Flashblock exception list.
>
Good ideas but I'd tried them. For 3.5.8 the problem still persisted.
FFx 3.6 works w/o problem, btw.
thx,
-Craig