Submission + - A Step Backwards in Online Banking Security
Gates82 writes: I have recently been frustrated by "added security" questions on banking and credit card websites. It seems that all of these institutions are heading towards a regular login and a second (3rd or 4th) security question to be used as a second authentication or as verification to reset your primary password. These questions seem a step backwards in security; now all that it is required to reset my password on these sites is to know my user ID and then answer a simple question (ie. place of birth, date of birth, pets names, etc) with most of the answers being quite publicly available. Personally, I normally bash on the keyboard and click continue not caring what the answer is; assuming that it will be more difficult to crack then guessing fluffy as a pet name. But to make matters more unbearable I attempted to login to a credit card website and was greeted with a second login and it was requesting an answer to one of these (hit-head-on-keyboard) questions. It took two calls to get logged in and I am now forced to use a password for each security question in place of the real answer.
This process seems like a way for companies to deal with joe blow who forgets his password every month when he goes to make a payment. But how insecure is this for the rest of us who are comfortable with our password making/remembering capabilities?
This process seems like a way for companies to deal with joe blow who forgets his password every month when he goes to make a payment. But how insecure is this for the rest of us who are comfortable with our password making/remembering capabilities?