You cant wind it up, nobody has blamed it on brexit yet!!!

I bet there is a link somewhere out there

I could never manage my 50+ bank accounts without a mobile phone - I should check my disaster recovery plan…

Is that for all providers Jane? - maybe a different provider may have better coverage. Does that mean people in your Gite don’t get a signal - or it’s a different place?

Given the rate of change, improvement in security despite improvement in hacking techniques over the last ten years, you’d have to show your working there!

Before I start talking about FOOD and completely divert the thread
I will admit that the only reason I got a mobile was so that I could phone whoever… if the car broke down…
Drove our daughter mad that I hardly ever had it switched-on… nowadays I have to be contactable, so it’s always ON and not too far from my side… but it’s just a basic model and does just what I want it to do… only costs about 5€ a month… never had to pay for extras… 'nuff said.

Not kidding anyone, @Stella, you’ve got Domino’s Pizza on speed dial

It doesn’t have speed dial… but I have a lot of names in the address-book and once I’ve found the right name, if I hit “call” it does just that ! can’t fault it…

I’m in my mid fifties and my “powers” are perfectly sound. My concern would be breaking down, having an accident or getting lost. In these cases I want my phone to call for help if necessary.
Izzy x

…but incredibly useful if it is within reach…I was lying on the verge, covered in blood, dazed, having had a bad bike fall a couple of years ago. Having my phone on me, in a remote part of the countryside was a godsend (there was even a signal!), and - once contacted - my lovely wife sped to the scene to scrape me up. Without a mobile, goodness knows how long I’d have laid there.

PS I’m in my late 50s…

Similar problem for me. I have a mobile phone and use it for double authentication to see accounts etc, but when I travel outside of Europe (which I sometimes do for extended periods) I usually leave my phone in France and during all the time I’m away I cannot access accounts - I don’t like that at all.

Despite being a nerd I think there are a lot of downsides to smart phones. As a retiree with time on my hands I like playing with the tech and everything we have is connected. For example I can ask Alexa to turn on the aircon or heating in the car before we go out - not sure it’ll work in practice, but I can certainly ask her and she’ll have a go Everything is on my phone (and iPad). That in itself is risky. Mobile banking is probably the riskiest of the lot, which is why I’m keen on facial recognition rather than one time codes or passwords. We bank with HSBC and they scored very well in the attached review by Which magazine.

Which banks have the best online and app security?

Banks should deliver the very highest standards in cybersecurity but we’ve found some providers are being left behind.

With help from a team of independent security experts at Red Maple Technologies, we looked for potential holes in the defences of 13 current account providers, to rate their online and mobile banking security.

Hacking into a bank account is no mean feat. Although millions of us bank online, just 29,102 cases of remote banking fraud were recorded in the first six months of last year, which includes victims tricked into handing over login details.

However, our investigation found several banks missing basic online and app protections. Read on to see which banks excelled and which caused us concerns.

Get a firmer grip on your finances with the expert tips in our Money newsletter – it’s free weekly.

How did we test banks’ defences?

Although all banks and building societies have behind-the-scenes systems that we couldn’t test, we assessed their online and mobile banking security across four key categories: login; encryption; account management; and navigation and logout.

Banks were marked down for not adequately blocking weak passwords and falling back on SMS-based security, which is vulnerable to Sim-swap attacks. Nationwide, NatWest, Santander, The Co-operative Bank and TSB all dropped points in this year’s analysis for using SMS to verify customers at login.

We delved into the software used by banks and tested if they have best-practice security headers that help keep your web browser secure and block threats such as clickjacking.

We looked at whether bank websites and apps support outdated versions of Transport Layer Security (TLS) or use weak ciphers. And we searched for website domains or subdomains that shouldn’t be accessible on the internet or that use outdated software, as this can potentially allow attackers to exploit unsolved security issues.

• For a full breakdown of the scores, read our guide How safe is online banking?

Top-rated banks

Starling: Online 82%, App 80%

Starling came out top for online banking, although its (also high-scoring) mobile app is key to security ⁠– it’s used to authorise online logins and provides instant alerts of any sensitive activity.

Account changes can only be made from a device that has been through stringent checks and requires a ‘selfie video’ that matches your existing identification videos and documents, although we would prefer Starling to send notifications when email addresses and phone numbers are changed.

You can ‘untrust’ devices via Starling’s app at any time. The bank told us it uses industry-standard methods to detect rooted (ie more vulnerable) devices, but we were able to bypass these protections in our test.

We also think the passcode should be longer, as it’s only four digits, whereas many banks require at least six. And while Starling does check for common passwords, it didn’t stop us using a pattern or sequence of numbers.

Starling is also a Which? Recommended Provider of current accounts.

HSBC: Online 80%, App 82%

Our top scorer for online banking security last year, HSBC has performed excellently again this year.

Unlike its subsidiary, First Direct, HSBC has ditched weak security questions for recovering login data, and you no longer need a password to log in to the website. Instead, you have a username and an OTP generated via the Secure Key device on the HSBC app.

HSBC supports the latest encryption standards for both its app and website although, like First Direct, it’s missing the content security policy header. Red Maple also highlighted an insecure HSBC Student website and two web applications that shouldn’t be exposed online.

Bottom-rated banks

TSB: Online 66%, App 57%

We had several concerns when it came to TSB. It still asks basic security questions, such as ‘name your favourite food’, to recover login details.

TSB also failed to block insecure passwords and only requires six characters – banks should encourage longer phrases.

Red Maple found a potentially vulnerable subdomain (the bank said this will be removed in 2023) and two outdated web applications. TSB told us it uses industry-standard software to detect analysis tools, but its app didn’t exit – a requirement to get a top score – when we used ours.

It also lost points for using SMS-based security, not sending alerts when sensitive account changes were made and including phone numbers in new-payee notifications.

TSB is also reviewing alerts and password complexity as part of its digital strategy. Following our research, it removed phone numbers from all SMS alerts, except for one which is due to be removed this month.

A spokesperson for TSB, said: ‘We continue to invest in our online and mobile services – and work with globally-leading tech firms to deliver both security and accessibility to our customers. TSB also tracks well across the industry on fraud prevention and we are the only bank that protects its customers with a guarantee to return their money should they ever fall victim to fraud.’

Virgin Money: Online 52%, App 54%

Virgin Money got the lowest scores for online and app banking.

Red Maple found six outdated web applications (the bank noted minor vulnerabilities on three and said these will be corrected), an exposed IP address – which is under review – and a subdomain using a outdated version of TLS (we were told this should be addressed in early 2023).

The app didn’t appear to detect our analysis tool or a rooted phone, although the bank said it uses internal controls to protect customers.

We want it to block insecure passwords and remove phone numbers in notifications; Virgin Money said both are an ‘agreed position that balances security with customer experience’.

Unusually, there were no security checks to pay someone new, change an email address or edit the details of a payee, though it does send notifications for changes to personal details and passwords.

A spokesperson for Virgin Money said: ‘The safety and security of our banking services is our top priority, and we are continually monitoring, assessing and improving our security controls. A number of the points raised in this research relate to decisions we’ve taken to enhance the digital user experience while ensuring our robust, multi-layered controls remain in place to protect customers’ accounts.’

I may be simplifying this, and if I am someone will tell me, but isn’t 1FA the only alternative to 2FA? That is, no second device being involved, so no extra layer of security? Would a keypad doofer like I used to have to use with my government laptop be any more secure than a cellphone?

In principle, a physical object that you possess is more difficult to intercept than something being sent over the ether so a device could be seen as being more secure.

The above is incorporated in the HSBC app, so no need to carry the doofer (which I always forgot) that HSBC gave me. Plus there was a UK doofer and French doofer. I was doofered out.