Originally Posted by
peekay4
Generally speaking if a new code is generated every 30 seconds, then at a minimum the system can tolerate clock synchronization errors of up to 2*30 seconds (< 1 minute).
If that secure code text is via SMS then it can't be considered secure and hopefully her bank will implement a more robust solution soon.
The mobile is registered to her on-line account, you can only get into the account (session) by securely logging in on-line using the keypad thingy that generates a 4 digit code and by also answering 2 questions that she alone knows the answer to. This is all done on her laptop - not her mobile phone.
I can't quite see what the weakness is? I am genuinely interested to know.