9/14/2023 0 Comments Bbt online banking password resetThe menu structure would be, you know, type “1” for this item, type “2.” I mean, it was very primitive. A black screen would come up with white letters on it, all uppercase. In fact, and this is what made me ask the question earlier, I remember it was almost a TTY the first time I started doing online banking. And so I think that probably it’s the same system it’s been all along. Leo: And I actually remember that I got started in online banking with Bank of America in 1984 or something with phone banking. You could imagine that trying to explain your password over the phone to somebody could be a problem, much more so than you typing in some strange concoction with shift keys and so forth on your keyboard. And so it’s like, okay, that makes some sense. What? Well, it’s that number sign, the thing, you know, I mean, so if passwords were really complex, it could be difficult for them to be used, the same password to be used, essentially repurposed through different venues with the same institution. Leo: I don’t think there’s a circumflex on my phone. Steve: Isn’t that a good point? I liked that because you could imagine trying to explain to somebody that you’ve got, you know, what a circumflex is or… Having separate passwords for the different channels would be beyond confusing to people. I believe this is one of those tradeoffs between security and usability that is necessary. As a result the password has to be limited to alphanumeric passwords with no case sensitivity. I know that for my bank the password used for online banking is shared with telephone banking. So I just wanted to pipe in on the topic of case insensitivity for Wells Fargo’s online banking log-in. Even though I work in IT and spend my days working with security and networking technology, I’ve found your insight and ability to explain complex topics very valuable. Been listening to Security Now! since Episode 1. It’s a point about case-insensitive banking passwords. Brent McLaren in Ajax, which is near Toronto in Ontario, Canada, brings up a very good point. Steve: Matter of fact, if you keep reading, we will come to the reason. Is it possible that some older computers or older… Leo: There’s got to be a reason they’re doing this. Which, again, it certainly does mitigate the problem of passwords being non-case sensitive. But given that they’ve got lockout provisions, and I imagine that our listeners may now be curious to poke at their – deliberately log in incorrectly and see what it takes, verify in fact that anyone trying to guess their passwords will be shut down very quickly and then have to go through the extra reauthenticating hoop-jumping in order to get their account reactivated. Steve: So Wells Fargo is sharing the doghouse with these other people. Just thought you might find that interesting. I found that Chase, Citibank, Vanguard, and my credit union all have non-case-sensitive passwords. After hearing about Wells Fargo on the Security Now! podcast, I decided to try out all of my GRC Perfect Password-derived passwords, all of them alphanumeric with upper and lower case. Jon Kuhn in Ann Arbor, Michigan has discovered that Wells Fargo is in bad company. Mostly due to legacy requirements or compatibility with disparate systems. Multiple listeners of Security Now! have written in saying that their bank also has poor password policies. Putting such restrictive limits on passwords seems to be very common.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |