Increasing your banking security by using a dedicated browser (Preston Hunt)

Increasing your banking security by using a dedicated browser

I discuss the benefits of using separate browsers for banking and general surfing.

FeedbackBy Preston Hunt, 18 October 2009

I made a big switch last week in the interests of increasing my online banking security. And so far it's been working out pretty well.

It all started with a conversation I had last year with my friend M.E., who had just returned from the RSA Conference. One of the conference panelists suggested using a different browser for your banking. I blew it off at the time, but the idea has stayed with me. When we were on vacation in Europe last month (using many public Internet terminals), it occurred to me how easy it is to get attacked on the web, particularly with phishing and scripting attacks. It was at this time that I decided to try using one browser for my banking and a separate browser for everything else. (I realize that this doesn't help with security while on-the-road; for that, see my previous article on that subject, How to increase security of public Internet terminals.)

For my everyday browsing, I use Firefox. For banking, I decided to use Opera. Opera has some features which are really nice for use as a dedicated banking browser.

First is the "speed dial" feature which gives you a menu of nine web sites to choose from when you launch the browser. On my banking browser, I only use bookmarks to access my financial web sites. For example, rather than typing "chase.com", I would have a bookmark directly to the login page for Chase. This makes it much faster, but also provides valuable security benefits. The first is protection against entering a typo that is really an attacker's web site (for example, chasse.com). The second is that not all web sites use encryption (HTTPS) on their main page (check out tdameritrade.com for an example). They almost always do use an encrypted connection when you actually submit the form, but there is no indication to the user that this will happen. So in these cases, I intentionally fail the first login attempt and then bookmark the "try again" screen (which is always HTTPS).

Second, Opera has really nice automatic password features. There is a little key icon in the top menu bar. Once it's set up, all you have to do is click the key icon to log in when you are on the password page. This is especially handy if you have different passwords for each bank, which, of course, you should always do!

Switching over my mindset was much easier than I had expected. I now automatically start Opera whenever I want to get on a banking web site. The browser is free, the switch in mindset is easy, and the security benefits are palpable. I encourage you to do it too!