RetireJapan

Seasider4374 wrote: ↑Fri Oct 04, 2024 1:30 pm Thank you. That explains a lot, but still how do my fob, and Yucho servers communicate between each other (geographically domestically, and hopefully internationally too)?

The token does not communicate with Yucho. The text on this Yucho page confirms it:

トークンは通信を行わないため、悪意のある第三者がトークンに不正アクセスしてパスワードを盗むことはできません。

It's in the トークンの安全性 section. You'll need to press the green + button to see it.

Seasider4374 wrote: ↑Fri Oct 04, 2024 12:01 pm
Which online banking apps are easiest to use... Down here in the 47th, Yucho's online banking interface is head and shoulders above our high street Ryukyu, and Okinawa Banks' online offerings... I have Wise setup, but would like a much more user friendly "domestic" offering as well if possible. As a Rakuten Securites account holder would Rakuten Bank (points etc) be a logical/favoured option?

I use SONY and Aeon. Both are decent.
Rakuten Bank could be useful too. I don't use it, but Mrs Head set it up to link to her Securities account. I have played around with the interface a couple of times and it is fine. 'Money Bridge' links your bank and securities accounts nicely.

SMBC seems to be getting better too. Their app is simple and quite intuitive.
I have heard good things about the new Olive account, but my application to change to it seems to have fallen into a Sarlacc's mouth or something over there.

Tsumitate Wrestler wrote: ↑Fri Oct 04, 2024 2:14 pm The Yucho server has a list of all questions and answers.
The fob has a list of all questions and answers.
The fob will not show an answer, unless you enter the correct question.

Many thanks. I understand now.

More basic FOBs have a serial number and a clock, and they combine those numbers and run that thru a pseudo random number generator, and that produces the (6 digit) number that you then put in (in addition to your password). The server (bank/broker) you're logging into knows both what time it is and the serial number on your fob, and it does the same hocus pocus on its end. (I've read that one digit may be reserved for correcting clock skew, but am not sure.) The server matches the number it has produced with the one that you type in and, –> authentication.