A British Bank Bans a Man's Password
Mr Jetley said he first realised his security password had been changed when a call centre staff member told him his code word did not match with the one on the computer.
“I thought it was actually quite a funny response,” he said.
“But what really incensed me was when I was told I could not change it back to ‘Lloyds is pants’ because they said it was not appropriate.
[…]
“The rules seemed to change, and they told me it had to be one word, so I tried ‘censorship’, but they didn’t like that, and then said it had to be no more than six letters long.”
Lloyd’s claims that they fired the employee responsible for this, but what I want to know is how the employee got a copy of the man’s password in the first place. Why isn’t it stored only in encrypted form on the bank’s computers?
How secure can the bank’s computer systems be if employees are allowed to look at and change customer passwords at whim?
Paul Renault • August 29, 2008 10:52 AM
Besides: if the bank’s employees can set a password, what’s to stop them it from setting to, say, “drain my bank account”, so that they can get um, 10%, off of whatever the bad guys get?
However, good on the bank for allowing password with more than four characters… But just barely.
(oh yeah, “First Post!”)