Quoted

“I thought it was actually quite a funny response. But what really incensed me was when I was told I could not change it back to ‘Lloyds is pants’ because they said it was not appropriate. I asked if it was ‘pants’ they didn’t like, and would ‘Lloyds is rubbish’ do? But they didn’t think so. So I tried ‘Barclays is better’ and that didn’t go down too well either. The rules seemed to change, and they told me it had to be one word, so I tried ‘censorship,’ but they didn’t like that, and then said it had to be no more than six letters long.”

Steve Jetley, of Shrewsbury, England, whose original password for his Lloyds bank account — “Lloyds is pants” — was changed by an employee to “No it’s not.” Said staffer has been sacked, Lloyds has apologized, and Jetley is not giving out his new password.

 
 

Share this Post



 
 
 
  • Mayson Lancaster

    Why is a bank employee able to see a customer’s password in the first place? Isn’t that a rather gross violation of elementary security?

  • Hank Cohen

    Exactly right. Passwords should be hashed when entered and only the hash value should be stored.

    Rather than a privacy policy I would like to read how these sites protect the security of passwords.

  • Hank Cohen

    I just read the original article. The Murkynews reporter omitted some vital informaqtion. This was a telephone banking password. Rather like asking for your mother’s maiden name. It was not an online banking password which, one would hope, would be encrypted so that even bank employees could not discover it. I’m not aware of any effective way to encrypt a telphone password but allowing the user to make up their own phrase seems like a reasonable start.

 
 
css.php