Password security.
28 August 2008, 12:48 PM
#1
Scooby Regular
Thread Starter
Join Date: Aug 2001
Location: Warrington
Posts: 4,554
Likes: 0
Received 0 Likes
on
0 Posts
Password security.
Lloyds telephone banking employee chenges user's password.
BBC NEWS | England | Shropshire | Man's 'pants' password is changed
I wouldn't expect all the passwords to be 'written down' in a form that enabled someone to change it without checks.
The scope for an employee to find a seldom used account and then change the password for their own use seems large. The fact this change occurred is more of a story to me than the details of the specific change that occurred.
BBC NEWS | England | Shropshire | Man's 'pants' password is changed
I wouldn't expect all the passwords to be 'written down' in a form that enabled someone to change it without checks.
The scope for an employee to find a seldom used account and then change the password for their own use seems large. The fact this change occurred is more of a story to me than the details of the specific change that occurred.
28 August 2008, 12:59 PM
#2
Scooby Regular
iTrader: (1)
Join Date: Jul 2004
Location: There on the stair
Posts: 10,208
Likes: 0
Received 0 Likes
on
0 Posts
Did that actually say that he could not have a password of more than 6 characters?????
Good God. Why don't they just leave the damn account wide open... shocking security
Good God. Why don't they just leave the damn account wide open... shocking security
28 August 2008, 01:40 PM
#3
Scooby Regular
Join Date: Feb 2005
Location: Derbyshire
Posts: 12,304
Likes: 0
Received 0 Likes
on
0 Posts
There is no reason what-so-ever for an administrator to be able to read what a user's password is. Even when it's used as a phone challenge, they should only be asked to say what letters correspond to a couple of random positions in that password.
28 August 2008, 03:20 PM
#5
Scooby Regular
Join Date: Oct 2004
Location: essex, then chongqing, china and now essex again
Posts: 2,568
Received 0 Likes
on
0 Posts
one online password at a company i used to work for was 4n4153x but in characters rather than a mixture of numbers and characters! the theme was continued every time it changed...
28 August 2008, 03:38 PM
#6
Scooby Regular
Join Date: Sep 2001
Location: A powerslide near you
Posts: 10,261
Likes: 0
Received 0 Likes
on
0 Posts
I think the article is misleading a little (journo not done his research most likely).
With online banking, you get a password, this is encrpyted and only known buy you and the code.
You also get a security password. You are asked, when logging in (after entering normal password) to select 3 letters from the 2nd password. i.e. 2nd, 5th and 8th letters.
To log on, you need to know BOTH passwords. Possible that employee (aren't they mostly "temps" when these things happen
) may know one of the passwords but very unlikely able to find out both.
There's also possibly a security question/answer set-up too. i.e. mothers maiden name, pets name, place of birth, your own question etc. May be used in telephone banking, I don't know.
Anyway, these sort of ill researched stories are great for overreactions like this:
With online banking, you get a password, this is encrpyted and only known buy you and the code.
You also get a security password. You are asked, when logging in (after entering normal password) to select 3 letters from the 2nd password. i.e. 2nd, 5th and 8th letters.
To log on, you need to know BOTH passwords. Possible that employee (aren't they mostly "temps" when these things happen
) may know one of the passwords but very unlikely able to find out both.There's also possibly a security question/answer set-up too. i.e. mothers maiden name, pets name, place of birth, your own question etc. May be used in telephone banking, I don't know.
Anyway, these sort of ill researched stories are great for overreactions like this:
28 August 2008, 03:45 PM
#7
Scooby Regular
Join Date: Sep 2001
Location: A powerslide near you
Posts: 10,261
Likes: 0
Received 0 Likes
on
0 Posts
Also, I notice that the article is about telephone banking where you must provide security information (how else can the staff verify that it is you?)
Lloyds, validly say:
"In this case it was a business banking customer using a system where more than one person from a business can check their balance.
"In these cases an advisor can read the full password.
"But if such customers require more complex transactions, then full security procedures apply and advisors cannot read secure information."
i.e. nothing to see here, all a storm in a teacup. The only story is Lloyds being silly as the customer wants an equally silly password. Let him keep it is the simple solution although now we ALL know his password so he shouldn't really LOL
Lloyds, validly say:
"In this case it was a business banking customer using a system where more than one person from a business can check their balance.
"In these cases an advisor can read the full password.
"But if such customers require more complex transactions, then full security procedures apply and advisors cannot read secure information."
i.e. nothing to see here, all a storm in a teacup. The only story is Lloyds being silly as the customer wants an equally silly password. Let him keep it is the simple solution although now we ALL know his password so he shouldn't really LOL
Trending Topics
28 August 2008, 03:47 PM
#8
Scooby Regular
I think the article is misleading a little (journo not done his research most likely).
With online banking, you get a password, this is encrpyted and only known buy you and the code.
You also get a security password. You are asked, when logging in (after entering normal password) to select 3 letters from the 2nd password. i.e. 2nd, 5th and 8th letters.
To log on, you need to know BOTH passwords. Possible that employee (aren't they mostly "temps" when these things happen) may know one of the passwords but very unlikely able to find out both.
There's also possibly a security question/answer set-up too. i.e. mothers maiden name, pets name, place of birth, your own question etc. May be used in telephone banking, I don't know.
Anyway, these sort of ill researched stories are great for overreactions like this:
With online banking, you get a password, this is encrpyted and only known buy you and the code.
You also get a security password. You are asked, when logging in (after entering normal password) to select 3 letters from the 2nd password. i.e. 2nd, 5th and 8th letters.
To log on, you need to know BOTH passwords. Possible that employee (aren't they mostly "temps" when these things happen
) may know one of the passwords but very unlikely able to find out both.There's also possibly a security question/answer set-up too. i.e. mothers maiden name, pets name, place of birth, your own question etc. May be used in telephone banking, I don't know.
Anyway, these sort of ill researched stories are great for overreactions like this:
If you read it, it talks about a multiple user business account. The password will therefore be very low level security. It also goes on to state that the customer's biggest complaint was not any security breach, but the fact that he couldn't change it to something like "Barclays is better"
28 August 2008, 03:55 PM
#9
Scooby Regular
Join Date: Sep 2001
Location: A powerslide near you
Posts: 10,261
Likes: 0
Received 0 Likes
on
0 Posts
Yup, as per my 2nd post. 
However, people will always over-react without thinking (maybe they can't).
I think I might make sure I cross the high street before I pass Lloyds as security I hear is awful and I wouldn't want to be killed to death by a terrorist.
However, people will always over-react without thinking (maybe they can't
).I think I might make sure I cross the high street before I pass Lloyds as security I hear is awful and I wouldn't want to be killed to death by a terrorist.
28 August 2008, 04:33 PM
#10
Scooby Regular
Join Date: Dec 2006
Location: S.E London
Posts: 13,654
Likes: 0
Received 0 Likes
on
0 Posts
lol I dont remember saying I was shocked by the lack of security and the blatent breach, and i would move my account based on not feeling secure.
I would move it if my account got pissed about with, end of, regardless of security issues.
Have never had issues of any sort with my bank, and any supplier of any service that does mess about, I will usually change from
So not an over reaction but sticking to my guns and my principals
I would move it if my account got pissed about with, end of, regardless of security issues.
Have never had issues of any sort with my bank, and any supplier of any service that does mess about, I will usually change from
So not an over reaction but sticking to my guns and my principals
28 August 2008, 05:49 PM
#11
Scooby Regular
Join Date: Sep 2001
Location: A powerslide near you
Posts: 10,261
Likes: 0
Received 0 Likes
on
0 Posts
Fair do's.
I had someone pinching money from my account twice.
Both times, Lloyds sorted it out asap and refunded the stolen money very promptly. I know other banks are much more of a pain in this respect, accusing customers of giving away their cards/pins etc.....
I had someone pinching money from my account twice.
Both times, Lloyds sorted it out asap and refunded the stolen money very promptly. I know other banks are much more of a pain in this respect, accusing customers of giving away their cards/pins etc.....
28 August 2008, 07:17 PM
#12
Scooby Regular
Join Date: Dec 2006
Location: S.E London
Posts: 13,654
Likes: 0
Received 0 Likes
on
0 Posts
Thankfully I am yet to be the victim of theft from my account, glad yours was sorted problem free though.
Thread
Thread Starter
Forum
Replies
Last Post
JackClark
Computer & Technology Related
7
17 September 2015 04:23 PM
