With the HUGE number of people whose identity is stolen each year, many websites have improved their security features. Some require passwords with a particular composition of letters, numbers, and symbols. Others ask a question at every login, or require the user to identify a picture as their own.
I think security measures are nice and all, but what about the user’s say in their security settings? Some of my online bill pay sites are getting ridiculous. One, for example, requires me to answer questions before logging in or in the case of a forgotten password. Unfortunately, you are only given 8 questions to choose from and you must pick three. This is where my problem starts.
My birth city is a three-letter word, so it is not acceptable as an answer as the site only allows 4 letter words. Apparently, three letter words would compromise the security of the site. This makes my birth city a security threat! The other questions, as I recall, are these:
What is your mother’s maiden name?
What street did your grandmother grow up on?
What was the name of your first pet?
What is your favorite color?
What is your favorite movie?
What was the name of your high school sweetheart?
What color was your first car?
I have a problem with not being able to make my own question. You see, I don’t have a lot of contact with my biological family. I haven’t talked to my parents in years. I know my mother’s maiden name, but I don’t know the street that my grandmother grew up on. I don’t have a favorite color, movie, or a high school sweetheart. My first car was red and my first pet had a three-letter name, but once again, three letter answers do not meet the 4 letter minimum. So what do I do? I try to make up answers that meet the requirements. I make up a crazy password that I have to write down to remember, which compromises the security of my account much more than being born in a three-letter city does. In addition, I have to write down the answer to all the questions except the mother’s name one because I made them all up.
A few months later, this account asks me to choose a new password because I’ve had the old one for too long and because they’ve upgraded their security services. The password has to consist of:
Two numbers in the middle of the word, not at the front or end, plus at least one capital letter
The numbers should not be found in any of your identifying information.
The word cannot be your password.
The password must be at least 8 characters long, but less than 12 characters long.
To top all of this off, the online account does not even show any account numbers, nor will it allow one to change his or her address, email, or phone number online. Does anyone else feel that the customer should have a say in the amount of security features that are enabled on online accounts? Shouldn’t I be able to sign a waiver saying that if someone logs in and pays my bill for me (gasp!) then I will be held responsible?
What do you think?
As always, please rate my blog even if you didn’t like it. I love to hear your feedback!
Ah yes. This must be why and how phisher can profit. The crazy passwords and so many passcodes create alot of people forgetting their info esspecially when they have to make it up. I have seen one of my accounts somewere that it allows me to make up my own question.
As you know our banks and such do the best they can. WHen you lock yourself out they may or may not send you an e-mail depending on your settings. If you get an e-mail saying you have been locked out BECAREFUL! (click 'security alert' below for more info)
Anyway. This is a good blog. Goodluck remembering your infinite passwords.
~T
Security Alert
All truths are ea
Thanks, I'll need it! I've resorted to keeping a book with them all written down. Some of my sites allow hints or questions that we choose, but not very many. Most of them are the same dumb standardized questions, and I know at least 2-3 of them won't accept 3 letter answers. I would be more understanding if it weren't for the color question. Red cars aren't exactly rare.
Click here to read about new ways to save money and the environment that you have never heard!
It sounds like a complete pain in the ass, especially the needing four letters when you have so many answers to their questions that only have three letters. I would make up complete gibberish for the answers and just keep using the same gibberish in the same order for all of you accounts. If it isn't a word, people are less likely to be able to hack into your accounts. Plus by using the same gibberish in the same order regardless of the question being asked, you'll never have to really worry about the questions at all. It may be a good way to keep your accounts safe and not have to worry about which questions they want you to choose from.
That's a good idea. For now, I've just been writing the questions, passwords, everything down. Most of the sites that are so picky about this are bill pay sites, so the absolute worst thing anyone can do would be to pay the bill for me on most of them. Even when paying the bill, some of them still ask for the password or security question again!
I might have to go change some of mine to gibberish (i love that word!). I wonder if I can use the same nonsense on every question.
Click here to read about new ways to save money and the environment that you have never heard!
To uderstand why these sites do this, you must first understand how identity thieves work. They don't care about what site it is that's storing your info, it's the info itself they're going after. Your name, address, phone number, social security number, a credit card number. The sad part is, they only go after websites because they're giant targets with lots of names.
It's actually far easier to steal identities, especially a particular one, by doing a little dumpster diving, which is actually how most ID thefts occur.
I am treated as evil by people who claim that they are being oppressed because they are not allowed to force me to practice what they do. ~D. Dale Gulledge
I understand how identity thieves work. I think that it is my responsibility to protect my information, not someone else's. I think that I should have the right to choose what security features are activated on my online accounts. My biggest problem is that the account I mentioned here does not give ANY information whatsoever on the site. The only thing you can do is pay your bill, and the name of the bank account isn't even shown. You actually have to give your bank account a nickname. The site only gives your first name at login, not your last. As I mentioned before, the worst thing that could happen is someone logging in and paying the bill for me.
I agree that identity theft happens, but I just don't think that these extra specific precautions are really doing anything to prevent it. If anything, they're increasing the chance of it happening because I'm having to write down all the information in case I lose it. A few security questions that I get to make up could be just as effective.
Click here to read about new ways to save money and the environment that you have never heard!
Wow, how annoying. I guess security is getting more and more difficult to maintain on the internet nowadays, but frankly, if I can't remember a password it doesn't do me any good at all. I agree with you about the dangers of writing it down; it's even worse if you try to keep them on your computer (in a word document or something). Then I'd be worried about someone hacking my computer and getting them.
The way I see it, though, if someone wanted to get into your account bad enough, there's enough ways that they could. The security measures seem to be more to foil "casual hackers" that just try to guess someone's password without putting in a whole lot of work.
-------------------------
Honest disagreement is often a good sign of progress. --Mahatma Gandhi
My Blog: http://www.progressiveu.org/blog/kablock
My PhotoBlog: http://takingpictures.wordpress.com
I agree, it probably is just to keep the noob identity thieves out, but there are other, more user friendly measures that could do the same thing. I try to keep only the "low security" ones on my computer. These are for coupon sites, blogging, etc., and most of the info I entered isn't 100% correct, either. I have a separate identity for these, since they seem to like to sell info to advertisers.
Click here to read about new ways to save money and the environment that you have never heard!
I used to work for ACS and they taught us how to come up with passwords. A mix of letters numbers and etc. like Ivy said things that aren't a word. My passwords are words, but they are random and all my passwords for everything is different. I can still remember all of them. It does suck security wise to have so much crap to go through, but my parents had their identity stolen and it is hell. I guess better safe than sorry.
http://www.progressiveu.org/032913-lupus-uncureable-wait-what
Love comments? I do too!
Mine are pretty strange. They're words, capital letters, and numbers in order to satisfy the password requirements for most sites. I can remember the frequently used ones, but some of the less common ones are hard. I have over 20 online accounts just for bills, and each of them have different user names and security questions. I'm not the type to remember all of those combinations.
Having your identity stolen would suck! I would kinda like to be famous, because stealing my identity would be harder (that would be the only reason! Ilike my privacy. ). I'm sure that if I called a credit card company claiming to be Britney Spears they would quickly realize I was a fraud.
Click here to read about new ways to save money and the environment that you have never heard!
We had people calling our phone off the hook every hour. Some person stole our credit cards and racked up nearly 100,000 dollars. They called my mom and asked her about the 500 dollar coat she "ordered" and size 13 shoes. No one wears size 13 in our family and my mom won't buy that. They kept harassing us it sucked soo bad.
http://www.progressiveu.org/032913-lupus-uncureable-wait-what
Love comments? I do too!