Habib Bank AG Zurich Habib Bank AG Zurich
Branch timings: 8am - 3pm

HBZ Authenticator is an additional layer of security for bank's electronic banking portal - HBZweb. It uses a two-factor authentication security based on Time-Based One-Time Password (TOTP) to access account information.

Basically, authenticator is a program that locally runs on a Smartphone, and generates a 6-digit authentication code randomly to verify customer identity. It prevents unauthorized access to the account - even in the case of compromised password.

HBZ Authenticator is an integral part of the HBZ Mobile App. and runs on a registered Smartphone only. To get HBZ Authenticator, please download HBZ App from Apple Store or Google Play.

Salient Features of HBZ Authenticator are as follows:

  • No need to carry Secure Key or additional gadget, as HBZ Authenticator works on client’s Smartphone.
  • It works on TOTP algorithm (global standard and used by most international and local banks)
  • Single mobile phone can be used for multiple entities/usernames to generate Authenticator code. Each entity will have its own username with the Bank with appropriate profile (maker or checker)
  • No need for connectivity to either Wi-Fi or Mobile network to generate code, as HBZ Authenticator works offline once registered.
  • Multiple mobile phones can be registered for a single user to obtain code.

Refer to the following links to learn more about HBZ Authenticator:

In order to further enhance security while logging onto HBZweb a "challenge" code has been introduced. A dynamically generated 5-digit challenge embedded in a graphic background is displayed whenever the HBZweb login screen appears on a user's browser. In addition to the Login ID, password and the optional secure key, the use has to enter the challenge digits displayed in the specified field. This feature enhances security as the challenge image is only visible to human eyes and given it refreshes every time the login screen appears, it prevents automated processes from guessing HBZweb passwords.

Welcome to the world of secure convenience with HBZsecure Key. Apart from 128 bit security, the highest level of security on the web today, to commercial and proprietary firewalls and User Name and Password protection, the Bank has developed an unique HBZSecure Key that works in combination with existing HBZweb banking User Names, Passwords and Challenge Mechanisms.

HBZsecure Key is a security key, which is provided as a CD. Each CD is specially configured for the customer account with a Very Long Variable Password (VLVP). Once a client has this proprietary "Key", they can access their accounts and make real time transfers, access other services, etc. from any computer that has Internet access.

To apply for a HBZsecure Key, login to your HBZweb account and select "Request for HBZSecure Key".

An authentication process called HBZotp (One Time Password) for its HBZsecure Key users was introduced in order to further enhance security for HBZweb transactions such as HBZcms, HBZwps, etc.

Every HBZweb subscriber currently using a HBZsecure Key must register either their mobile number or email ID. Upon logging-in with the HBZsecure Key, a "one time password" (HBZotp) is sent via SMS, email or both depending upon the subscription selection, for each session log-in. This OTP will has to be entered before accessing services such as HBZcms, HBZwps, etc. Each SMS or email will contain an OTP as well as a reference number for the individual session and will also be displayed on the screen. This will allow the user to match the OTP with the correct session. Each OTP will be valid for 5 minutes only.

HBZotp has become mandatory effective from April 15, 2012. Customers are requested to subscribe to this service before the deadline for uninterrupted access to services. To apply, download the application form by selecting "Download Request Form" from the option selection menu once you, have logged into your HBZweb account.

For customers who want to add an additional level of security, a revolutionary feature called "HBZcram: challenge-response-authentication-mechanism" has been provided as an option. HBZcram is a unique security feature that uses a combination of the web and a JAVA™ enabled mobile phone to generate an authentication code. HBZcram is a free program which runs on any Java™ enabled mobile / smart device. Please log on to HBZweb and go to the My Profile section to learn more and download HBZcram.

  • Enabled at user's end
  • Runs on any Java™ enabled mobile or smart device
  • Free for all HBZweb users
  • Carry your security on your phone

To find out more:

  • Terms and Conditions apply.
View All

>> TOP << >> TOP <<
Copyright © Habib Bank AG Zurich.
Data Privacy Notice Cookies Notice Security Advisory Website Terms & Conditions