If you’re asking the question “How do I securely do my banking online?” you’re one of many. Banking is something we used to do upfront and in person (or so I’m told, before my time) but now that the web has allowed access to our accounts from any location we have to ask how to do something so sensitive in a secure manor. This article will be a short guide to secure online banking.
Normally I say that Chrome is a secure browser for the average user, but it’s a different kind of secure. its sandbox aims to do things more relevant to system infection but not web-based attacks. In terms of web security, preventing CSRF, XSS, and the like – the types of attacks most directly related to online banking – I think Firefox with NoScript takes the cake. NoScript is the only program that’s proven to prevent XSS in the most situations, it’s the only program with ClickJacking prevention that’s worth anything, protection against SVG keylogging, and so many other things, and for banking you want to isolate and restrict the website you’re interacting as much as possible.
There are a few other things you’ll want to do before setting up Firefox if you’re planning on banking online:
1) Make sure you are on a secure network. A secure network is one using WPA2 encryption with a strong 12 character password (or larger) that only you know (assuming wireless).
2) Make sure your system is completely up to date. Keeping intruders out starts with patching. The browser, operating system, and your plugins are key here.
3) If you’re using Linux Ubuntu enable AppArmor for Firefox (sudo aa-enforce /etc/apparmor.d/*firefox*) – other distros may use other LSM.
4) Windows users should follow my quick guide to securing Windows.
After that it’s a matter of installing two key extensions:
1) NoScript. In its default configuration it’s secure. [NoScript.com]
2) HTTPS-Everywhere. [HTTPS-Everywhere]
Only whitelist websites that you know you can trust or (for a higher level of security) keep a separate Firefox profile just for banking with its own whitelist of just banking websites.
Never do your online banking while also using another website in another tab/ window and if you use an antivirus, update it, and run a scan before you use the bank website.
If you follow these instructions you’re making an attackers job much more difficult.