firecat: red panda looking happy (Default)
[personal profile] firecat
I have a mortgage and I pay it online. When I log into the account, this is what usually happens:

1. They demand that I change my password to something different from what it was before. So I do it. I believe that the strongest passwords include letters, numbers, and symbols. So I enter a password like that. Then they tell me I can't use any symbols. So I have to redo it to something less secure.

I have a program that stores all my passwords now, but before I had that, I had trouble remembering what password I was using for this site (because I constantly had to change it and couldn't use symbols) and I kept having to call them up and get them to reset the account.

2. They demand that I answer a "security question" that I previously set up.

3. When I confirm my payment, they demand that I enter the last 4 digits of my social security number.

This seems ridiculous, especially since a mortgage account ONLY INVOLVES MY GIVING THEM MONEY. I can see reasons for using multi-factor security to protect checking accounts and credit accounts, but I can't think of any reason for someone to hack into a mortgage account.

Date: 30 Jul 2011 09:19 pm (UTC)
zeborah: Irony means what we point to when we say: That's not ironic. (irony)
From: [personal profile] zeborah
Yeah, both my bank and my workplace refuse to allow symbols in the passwords, which is a blasted nuisance for me, because my standard password-creating algorithm (which creates passwords which are easy for me to remember but still unique to most sites) requires symbols. At the same time, one scientific database I use at work insists on including symbols. I tried arguing about it with both bank and work, but they fed me the "Symbols don't make nearly as large a difference to hackability as length of password does" line, which upon further research I discover to be true, but which isn't my point anyway.

The same research also uncovered that changing one's password at regular intervals makes *no bloody difference at all* and hasn't since something like the paleolithic era. You could attempt to argue this with your bank but I doubt they'd listen.

Date: 30 Jul 2011 10:13 pm (UTC)
evilawyer: young black-tailed prairie dog at SF Zoo (Default)
From: [personal profile] evilawyer
one scientific database I use at work insists on including symbols

Really? This goes to fortify my belief that science is truer (or at least more honest) than business. And less focused on trying to make us trust it than business (and government, and everthing else) is. "Change that password and make it long. We're only looking out for you when we tell you to do this." Looking out for me, and trying to lull me into the Orwellian era. Thanks, fellas. Glad I have that ooffee can I stuff money into.

Date: 31 Jul 2011 12:15 am (UTC)
zeborah: On the shoulders of giants: zebra on a giraffe (science)
From: [personal profile] zeborah
In this case it's because they're highly protective of their data - it's one of the few databases where the institution has to pay megabucks just for a single 'seat' (ie only one person at a time can use the database) - we can afford four seats, but this still of course makes students' eyebrows raise when I explain it. Oh and every single time you log in you have to agree to their terms and conditions. Every. Single. Time. And you have to register with your institutional email address to get access (most databases trust the institution to do the authenticating for them, using IP addresses / proxies / whatever; this one requires that and registration). So I'm not overly fond of their practices in this case, but I'm unfond in different ways than I'm unfond of bank practices.

Date: 31 Jul 2011 03:22 am (UTC)
evilawyer: young black-tailed prairie dog at SF Zoo (Default)
From: [personal profile] evilawyer
But their data is about the members of the public (institutional entities included). Just like the banks' coveted data. Which is fine --- a commodity is a commodity and there has been no privacy for decades at the least --- but I've been depressingly finding of late, a fact that many people don't realize or, worse, still, understand this fact. "I have Ad Block. I don't care about their ads" or "I only bank on on-line when it's absolutely necessary" of "I only do things on the website if I don't have time to get down to the administration office." I'm happy for whatever "protection" any institution affords me. It's just that I hate the thought that they want me to think that it's all an altruistic exercise designed to protect me and other consumers without any sort of benefit to the institution.

Date: 31 Jul 2011 12:57 am (UTC)
zeborah: Zebra with stripes falling off (stress and confusion)
From: [personal profile] zeborah
I just get annoyed because the only reason to specifically disallow them is because you're such a sucky coder that you don't know how to escape them properly. And if you're that sucky a programmer then you shouldn't be programming a bank's customer service interface.

Date: 1 Aug 2011 12:36 am (UTC)
amadi: A bouquet of dark purple roses (Default)
From: [personal profile] amadi
This is exactly what I'm thinking. I'm reminded of the trick, if you use GMail, you can do and whatever it is on the right side of the + is irrelevant toward getting the mail to you, but can be used to track if businesses or organizations are selling/sharing your email and also for labels. But countless places won't allow the + because their programmers couldn't be bothered to escape for any symbols in email addresses beyond . and @

My bank is one such place. It's frustrating. But they give otherwise good service so I stick with them in hopes that they'll eventually hire a better programmer.

Date: 30 Jul 2011 09:49 pm (UTC)
pameladean: (Default)
From: [personal profile] pameladean
I would bet that they just use the same security requirements, if they can be dignified with the name, for all online accounts. If they are an actual bank, they presumably have customers who might remove as well as provide money.


Date: 30 Jul 2011 10:08 pm (UTC)
evilawyer: young black-tailed prairie dog at SF Zoo (Default)
From: [personal profile] evilawyer
My theory: The whole corporate world --- banks, oil companies, governments, pretty much everyone but me --- wants me to have a false sense of security. To believe that they are looking out for me. So that I'll trust them. So they'll be able to hoodwink me on something else later. Plus have me confirm my SS number over and over again for their (and who knows who else's) future use. Nice try, guys. I write and mail checks. Which they then process electronically and get my money in seconds, but I still feel like I've shown them what I think of their "trust us" malarkey.

Maybe I could save a buck if I paid bills over the Internet. I don't care. What was it The Who said. "Won't be fooled again"?

Then again, I'm paranoid. Then again, it's pretty much worked so far.

Date: 31 Jul 2011 12:28 am (UTC)
jesse_the_k: Panda doll wearing black eye mask, hands up in the spotlight, dropping money bag on floor  (bandit panda)
From: [personal profile] jesse_the_k
What you just said is an exceptionally accurate summary of the institutional motivation as well as personal delusion. Hurrah!

Date: 31 Jul 2011 03:31 am (UTC)
evilawyer: (Cartoons: Boris Crisis)
From: [personal profile] evilawyer
It's good to be paranoid at times, I find.

Also --- Robber Panda icon! It's adorable!

Date: 31 Jul 2011 03:29 am (UTC)
evilawyer: young black-tailed prairie dog at SF Zoo (Default)
From: [personal profile] evilawyer
But having to take off my shoes and disclose my insulin syringes and remember bizarre password rules and input all of my private information to log in just makes me feel mad, not safe.

Or having an airport security checkpoint person look down my underwear, but I console myself with the thought (and hopefully it's not delusional) that they don't like it any more than I do.

As for my way being smarter ---- Maybe. At least from a personal rebellion standpoint. When I run into to customer service reps who've never heard of checks, however, I'm not ssoure. I still do it, though. Just one small, probably ultimately meaningless thing that makes me feel a little bit better about my individuality in the global gestalt.

Date: 31 Jul 2011 07:10 pm (UTC)
evilawyer: young black-tailed prairie dog at SF Zoo (Default)
From: [personal profile] evilawyer
Scary, no? If you don't give them a card number, they need to put you on hold for 20 minutes to figure out what to do, even if all that is is to find and give you the address to mail your payment.

Date: 31 Jul 2011 04:19 am (UTC)
loracs: (Default)
From: [personal profile] loracs
I do all my banking on-line, including paying our mortgage and I've never heard of anything so convoluted just so you can give them money. If someone wants to hack my mortgage account and pay it off . . . well that would be okay with me. ;-)

Date: 31 Jul 2011 11:34 am (UTC)
jae: (Default)
From: [personal profile] jae
I also have a mortgage and pay it online, but it gets automatically deducted from my account every month. Do U.S. banks not do that?


Date: 31 Jul 2011 06:10 pm (UTC)
wild_irises: (Default)
From: [personal profile] wild_irises
Juan Ladwig ([ profile] elisem's mammal)is a security geek, and a very smart one. He advised me some time ago to pay bills electronically from one account as opposed to through many accounts, so that's what I do. My online bank has some of the safeguards you're talking about (picture and passphrase as well as password), but nothing like the number of hoops. That would drive me crazy.

Date: 1 Aug 2011 07:54 am (UTC)
auntie_m: Steampunk Head Shot (Default)
From: [personal profile] auntie_m
Yeah, one of my banks, even though I check I am using my home computer, always asks me one of my security questions, every time I go there. Even though I allows cookies and everything. I have a program that has everything memorized, so I don't have to, but it is highly annoying to have to open up that section and so I can see the correct answer.
And since Big Harold hasn't bothered to learn anything about how to use the Family Accounts. I have the password for the accounting program and the password programs on a sticky by my computer. I figure if a thief has figured out how to get into the house, then having those passwords near the computer will be a pretty trivial find.

Date: 31 Jul 2011 12:40 am (UTC)
From: [identity profile]
I pay my mortgage through my credit union and there's only the password to the credit union to put in.

Date: 31 Jul 2011 04:31 pm (UTC)
From: [identity profile]
maybe they think that if someone hacks into your account that means they can move into your house.

these people are beyond stupid. i know i would benefit from online banking, but i really can't be bothered with the rigmarole. bad enough having to have passwords for all the other stuff i do online. if you knew some of my passwords you would be SO ASHAMED of me.

Date: 31 Jul 2011 06:12 pm (UTC)
From: [identity profile]
i just can't be bothered. i should. maybe one day...

it's like tidying the flat...

Date: 2 Aug 2011 07:37 am (UTC)
From: [identity profile]
My credit union makes me change my password every 90 days, and each password has to be exactly 8 characters long with at least one letter, one number, one symbol. It usually takes me multiple tries to remember what I last changed it to, and the 8 characters used to throw me because I don't usually think about length when trying to reconstruct what I probably would have used for a password with any particular site.

Date: 2 Aug 2011 06:34 pm (UTC)
jenk: Faye (Default)
From: [personal profile] jenk
I have been known to use 1sDumbPW for a site that requires exactly 8 characters, a mix of upper and lower case, and at least one numeral (but no symbols).

Most of my passwords have at least 15 digits.


firecat: red panda looking happy (Default)
firecat (attention machine in need of calibration)

March 2019

10111213 141516


Style Credit

Expand Cut Tags

No cut tags
Page generated 18 Mar 2019 08:11 pm
Powered by Dreamwidth Studios