Lloyds telephone banking employee chenges user's password.

BBC NEWS | England | Shropshire | Man's 'pants' password is changed

I wouldn't expect all the passwords to be 'written down' in a form that enabled someone to change it without checks.

The scope for an employee to find a seldom used account and then change the password for their own use seems large. The fact this change occurred is more of a story to me than the details of the specific change that occurred.

 

Did that actually say that he could not have a password of more than 6 characters?????

Good God. Why don't they just leave the damn account wide open... shocking security

 

There is no reason what-so-ever for an administrator to be able to read what a user's password is. Even when it's used as a phone challenge, they should only be asked to say what letters correspond to a couple of random positions in that password.

 

Thats absolutly shocking, if I banked with them I would be considering changing accounts NOW !

 

one online password at a company i used to work for was 4n4153x but in characters rather than a mixture of numbers and characters! the theme was continued every time it changed...

 

I think the article is misleading a little (journo not done his research most likely).

With online banking, you get a password, this is encrpyted and only known buy you and the code.
You also get a security password. You are asked, when logging in (after entering normal password) to select 3 letters from the 2nd password. i.e. 2nd, 5th and 8th letters.

To log on, you need to know BOTH passwords. Possible that employee (aren't they mostly "temps" when these things happen ) may know one of the passwords but very unlikely able to find out both.

There's also possibly a security question/answer set-up too. i.e. mothers maiden name, pets name, place of birth, your own question etc. May be used in telephone banking, I don't know.

Anyway, these sort of ill researched stories are great for overreactions like this:

 

Also, I notice that the article is about telephone banking where you must provide security information (how else can the staff verify that it is you?)

Lloyds, validly say:
"In this case it was a business banking customer using a system where more than one person from a business can check their balance.

"In these cases an advisor can read the full password.

"But if such customers require more complex transactions, then full security procedures apply and advisors cannot read secure information."

i.e. nothing to see here, all a storm in a teacup. The only story is Lloyds being silly as the customer wants an equally silly password. Let him keep it is the simple solution although now we ALL know his password so he shouldn't really LOL

 

If you read it, it talks about a multiple user business account. The password will therefore be very low level security. It also goes on to state that the customer's biggest complaint was not any security breach, but the fact that he couldn't change it to something like "Barclays is better"

 

Yup, as per my 2nd post.

However, people will always over-react without thinking (maybe they can't ).

I think I might make sure I cross the high street before I pass Lloyds as security I hear is awful and I wouldn't want to be killed to death by a terrorist.

 

lol I dont remember saying I was shocked by the lack of security and the blatent breach, and i would move my account based on not feeling secure.

I would move it if my account got pissed about with, end of, regardless of security issues.
Have never had issues of any sort with my bank, and any supplier of any service that does mess about, I will usually change from

So not an over reaction but sticking to my guns and my principals

 

Fair do's.

I had someone pinching money from my account twice.

Both times, Lloyds sorted it out asap and refunded the stolen money very promptly. I know other banks are much more of a pain in this respect, accusing customers of giving away their cards/pins etc.....

 

Fair play mate, I guess any large company out there has a large loyal happy following, to be the size they are. But im one that believes if a company messes me about, regardless of how many years I have been with them, im off.

Thankfully I am yet to be the victim of theft from my account, glad yours was sorted problem free though.