Rampidbyter Rampid byter: A byte of my .Net developing life.

Today I finally wrote my bank about how pathetic their website has become. It used to require no less than three data entries to get into my on-line banking account. That’s grown to no less than five data entries to get into my account. One for the account, second for the PIN, third for a security question, fourth for the actual password, and fifth being either the passphrase or user selected image. I never realized how much of a pain this was because previous I kept this information saved in my firefox browser on my old desktop.

When I went to this new pc I tried entering the password more than three times that resulted in the deactivation of my access. To get access I had to call my branch, during business hours, and request that it be re-activated. In doing so I didn’t know the password, and they couldn’t tell me. So what they did was _ask me_ over the phone what I wanted the new password to be. They only verified I was who I said I was by giving the account, and my name. I could have been _anyone_, and they took the password I gave them, and told me that’d have it reset. Sure enough they changed the password to the password I told them to.

I’m appalled at this. All it would take is something to get my bank statement, call up my bank, say that I forgot my password, and whoever this was could reset my password. How terrible is that? Is that normal with banks? I can’t fathom it. So what I did was write an e-mail to my bank. I told them about my recently opened US Bank account and how I only had to enter two things. My user account name/account number and password. That was it. I told my current bank that I’m terribly disappointed with where the bank is going. I suggested just using triple DES encryption on all data flowing from the system, use a CAPTCHA, or something instead of what they’re doing. All they’re doing to me is causing me more frustration for something so stupid, and that I would be able to completely sidetrack this entire process by just calling the bank to tell them I need the password reset. I hope I don’t get the cops called on me for telling them the steps I’d use to subvert access to my account. I hope this doesn’t come back to bite me.