My bank’s web site has been annoying me for a while now. The password field is a maximum of eight characters which, as anyone with half-a-brain knows, is really weak. So recently, they’ve tried to increase the security on their site. Not but extending the password field and requiring strong passwords, oh no. I’m sure some crusty old mainframe COBOL programmer told them that was too difficult.
Instead, they’ve implemented this challenge-response system of five trivia questions about your life. Stupid questions that can have ambiguous answers. Like, “What is the name of the street that you lived on when you were 10 years old?” Well, what if we moved when I was ten. Which street should I use? or”What was the name of your first pet?” Well, which ‘first’ pet? The goldfish? I don’t think it had a name. The turtle? I don’t remember. The cat? That was my sister’s and then my mother’s, so that doesn’t really count.
So I fill in my best guess answers to five dumb questions like this, and the next time I want to access my bank account, after typing in my weak 8 character password, I get one of these challenge questions. I can’t remember the answer I set up, so I get locked out.
*Sigh* Phone the bank. Ignore all the stupid number prompts and hit ‘0’ for an operator. Tell them the problem. Attempt to answer all kinds of questions about my account, in order to prove that I’m me. Most of the questions were of the kind I could answer if I could get at my damn account! Finally, the password gets reset to a temporary 5 character password. Really tight security there. And I’ll have to re-enter all the challenge-response questions again. But, the operator has a suggestion. Why don’t I print them out and keep them near the computer. What a good idea! Why don’t I write my password on a Post-It note and tack on my monitor, while I’m at it?
So, security experts in Canada, if you’re wondering why you can’t find a job, it’s because it’s been taken by an idiot at a major Canadian bank.