Comments (scroll down to add your own):

1. Personally, I think that some people take web security too seriously. I do not understand why some random website that requires registration needs me to have a super secure password.

   As for banks, I think that increased security is nice, but it should be customizable. I hate having to use those keyboards where you point and click. I worry more about people looking over my shoulder than key loggers, and it is a pain for somebody that uses the mouse as seldom as possible. Let me choose which features I want for my account!

   Comment by Blaine Moore — Dec 12th 2006 @ 9:32 am

2. Bank of America started doing this about a year ago. I believe there is a law going into effect soon for online banking requiring the two step process.

   What happens is the bank takes your userID and sends back a “site key.” Bank of America uses a picture. Only you and the bank should have this picture since it is not transmitted until then. If the correct picture is sent to your browser you can be reasonably sure it is really the bank site and not a phising site.

   It can be a pain in the ass, especially if you use a program to automatically enter passwords to website; but it is actually much better security and necessary because of the increase in phising attacks in recent years.

   Read more at http://www.SuccessfulPersonalFinance.com

   Comment by Catch a Gideon — Dec 12th 2006 @ 11:12 am

3. HSBC started to begin irritating me when they stoped supporting direct connect in Quicken, and I have no problem with security, but I just think this is over the top… I’m almost thinking of switching over to one of the other high APY banks and has a more convenient login and is more Quicken friendly. I can see why using the mouse to enter a password is good, but then what the heck is the point of that first password you have to enter… just to get to -> the password screen (part 2)! 3 Screens to see my account on a regular basis is just really pushing it in my mind

   Comment by Paul11710 — Dec 12th 2006 @ 8:04 pm

4. I think that all these extra security features actually wind up making accounts significantly less secure. When you have to keep track of a dozen or so different passwords, people inevitably wind up writing them all down on a post-it note kept cleverly hidden right next to the computer.

   I try to keep it simple – I have five passwords, for different levels of security:

   1. Nonsecure – Newspaper websites, dummy email addresses (to log into those aforementioned newspaper websites), etc.
   2. Medium Security A – Personal email account, private documents, home computer
   3. Medium Security B – Accounts at online retailers/utilities (anybody whose databases contain things like credit card/bank account numbers)
   4. High Security – Accounts at financial institutions
   5. High Security (rolling) – Accounts which require you to change passwords after a given period of time (most of my work accounts).

   It’s a tradeoff between being able to remember the passwords without writing anything down, vs the potential havoc wreaked if a password is compromised. What drives me nuts is when different password requirements force me to re-synchronize my accounts.

   Comment by Independent George — Dec 13th 2006 @ 1:41 pm

5. It’s even worse for me. HSBC says I can only use the Keypad, but the screen they give me just has the old place to type in the number– no keypad! So I’m locked out.

   Comment by Eric Rasmusen — Jun 19th 2009 @ 1:24 am

Leave a comment