Comments on: HSBC Direct Adds (More) Annoying Security Features

By: Eric Rasmusen

Eric Rasmusen — Fri, 19 Jun 2009 05:24:01 +0000

It’s even worse for me. HSBC says I can only use the Keypad, but the screen they give me just has the old place to type in the number– no keypad! So I’m locked out.

By: Independent George

Independent George — Wed, 13 Dec 2006 18:41:15 +0000

I think that all these extra security features actually wind up making accounts significantly less secure. When you have to keep track of a dozen or so different passwords, people inevitably wind up writing them all down on a post-it note kept cleverly hidden right next to the computer.

I try to keep it simple – I have five passwords, for different levels of security:

1. Nonsecure – Newspaper websites, dummy email addresses (to log into those aforementioned newspaper websites), etc.
2. Medium Security A – Personal email account, private documents, home computer
3. Medium Security B – Accounts at online retailers/utilities (anybody whose databases contain things like credit card/bank account numbers)
4. High Security – Accounts at financial institutions
5. High Security (rolling) – Accounts which require you to change passwords after a given period of time (most of my work accounts).

It’s a tradeoff between being able to remember the passwords without writing anything down, vs the potential havoc wreaked if a password is compromised. What drives me nuts is when different password requirements force me to re-synchronize my accounts.

By: Paul11710

Paul11710 — Wed, 13 Dec 2006 01:04:04 +0000

HSBC started to begin irritating me when they stoped supporting direct connect in Quicken, and I have no problem with security, but I just think this is over the top… I’m almost thinking of switching over to one of the other high APY banks and has a more convenient login and is more Quicken friendly. I can see why using the mouse to enter a password is good, but then what the heck is the point of that first password you have to enter… just to get to -> the password screen (part 2)! 3 Screens to see my account on a regular basis is just really pushing it in my mind

By: Catch a Gideon

Catch a Gideon — Tue, 12 Dec 2006 16:12:30 +0000

Bank of America started doing this about a year ago. I believe there is a law going into effect soon for online banking requiring the two step process.

What happens is the bank takes your userID and sends back a “site key.” Bank of America uses a picture. Only you and the bank should have this picture since it is not transmitted until then. If the correct picture is sent to your browser you can be reasonably sure it is really the bank site and not a phising site.

It can be a pain in the ass, especially if you use a program to automatically enter passwords to website; but it is actually much better security and necessary because of the increase in phising attacks in recent years.

By: Blaine Moore

Blaine Moore — Tue, 12 Dec 2006 14:32:45 +0000

Personally, I think that some people take web security too seriously. I do not understand why some random website that requires registration needs me to have a super secure password.

As for banks, I think that increased security is nice, but it should be customizable. I hate having to use those keyboards where you point and click. I worry more about people looking over my shoulder than key loggers, and it is a pain for somebody that uses the mouse as seldom as possible. Let me choose which features I want for my account!