IMS_Blog

Having managed to get online banking I remembered the thing which annoyed me from all those years ago. If you read that post you’ll notice I mentioned the “memorable information”. The screenshot shows what the bank does with this. The login process picks 3 random characters from the “information” and asked you to enter them using drop down boxes. Gaahhhh. As I mentioned the “memorable information” is essentially a secondary password (you can’t have spaces for instance). I already have a carefully crafted pretty secure password used for nothing but this sign in process, thank you. The thing about passwords is that once you’ve learned them they become pretty quick to type in. They offer security (when used properly and respected) without getting in the way. Making me suddenly have to stop and think about which character comes where in a second password is just silly. And the entry method is silly. And this “security” is silly (the letters/numbers chosen at this point aren’t obfuscated and there is no distinction between lower and upper case, no way to have a character which isn’t a number or letter). In fact this is entirely pointless. If I already know the first password then I’m going to know this too—I can think of no realistic circumstances where that is not going to be the case. I wish they’d just drop it so that what should be a less than ten second process doesn’t take more than 30 as I sit trying to work things out.