The other day I went to 1stBank without my account number. They asked for my verbal password. Funny, I never set such a thing. They assured me I did and wrote it down on a slip of paper. It was my login password! They tried to convince me I had set it once and forgotten it, and that all their customers do. The problem is, it is not a word at all but a string of characters that is awkward to say. I would never say it out loud in front of other customers as it could allow anyone to use my online account to transfer funds. In fact the teller could just do that anonymously from the comfort of his home, if he realized what it was. He could do that for any number of accounts.
The other scary part of this is, online passwords are supposed to be encrypted using a one-way hash. If you forget a password, they are supposed to reset it to a random string, then you have to change it when you next log in. They are not supposed to have any way to recover a password. That way, disgruntled system administrators cannot get them. The fact that they created verbal passwords from their online passwords means they are not securing the online passwords. This is much worse than keeping credit card numbers in their database. 1stBank has $8 billion in deposits!
Micropython on the Air602
-
Lately I have been forgetting to close my garage door. Not fun to find it
open in the morning, and wondering if some of my tools might have walked
off. The...
4 years ago
No comments:
Post a Comment