We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Security Passwords
Options
Comments
-
-
That's a question for the Post Office. I don't know why they limit their customers to a six digit password. Often it is down to older IT systems created in naive times.1) If a six digit login is "insecure" why do the Post Office use it as a system?
I have already pointed out that it is not possible to "crack" banking passwords because you normally get 3 attempts and then the account is locked out. When you are entering the whole password to log in, passwords of 3 or 4 characters would be entirely sufficient. No bank in this day and age should be using a system whereby you enter exactly the same login details every time, so this is largely irrelevant.2) I wasn't disputing that a longer password is more difficult to crack but as you pointed out, someone determined will probably get there in the end anyway.
The reason that a longer password offers enhanced security when entering specific characters using drop-down boxes is that even if somebody observes the password being entered (either visually or through malware running on the computer) they cannot log in as you unless the specific characters asked for on the login page have been observed previously. With a short, six character password, this becomes far more likely and you lose most of the benefit afforded by not entering the whole password. That is what makes shorter passwords significantly weaker in this situation.
I have already disagreed with your assertion that passwords longer than six characters cannot be remembered and I still disagree with you. However, for the sake of argument, if it were necessary to write something down, myself and several other people have already suggested to you, it should not be the password itself. It is possible to write down some notes that would allow you to remember the password without revealing it. Those notes could be kept in the same place you keep your cash and credit cards (which I assume you are able to keep securely).If you write the password down then it needs to be accessible and most people would put it in a position that they could access it easily - probably not somewhere relatively safe.
You seem to be confusing long with complex.There has to be a compromise between security and ease of use. Most institutions use a combination of access requirements anyway and so should be able to avoid complex passwords.
KcG2w1 is complex
am6u1anc3s is long
I know which I'd find harder to remember.
That isn't true. Having read the terms of many banks on this subject I've seen on at least one occasion (and unfortunately I can't remember which bank it was) a bank state that a keeping a written record of login credentials in a secure place was acceptable, as long as the details were not stored on a computer. In any case, I come back to the previous point that it isn't necessary to write the actual password down, just a written password hint.They always tell you not to write the password down. If they don't want you to write it down then it should be easily memorable and useable.0 -
I bet most people couldn't give the 7th and 9th letters of your longer "memorable" password without writing it down.
The 6 character one is slightly harder to remember but within a short space of time I would have no problem with it.
I know which One I would choose and I wouldn't need to write it down.0 -
I can. I might have to count with my fingers while doing so, but normally nobody is looking when I do something like that.I bet most people couldn't give the 7th and 9th letters of your longer "memorable" password without writing it down.
I think very few people would be unable to come up with specific letters from a word that they have memorised without writing it down. If you are saying that this is something you can't do, then clearly this will be a problem for you and I can understand where you are coming from, but I think you are very much in the minority.
But it is much weaker than the longer password, for the reasons that I have discussed at length above. You are free to choose whatever you want as a password within the constraints of your bank, but it is not fair to complain that passwords longer than 6 characters are not more secure. They are significantly more secure, and do not need to be less memorable.The 6 character one is slightly harder to remember but within a short space of time I would have no problem with it.
I know which One I would choose and I wouldn't need to write it down.0 -
I use a numerical one - actually my late grandmother's telephone number from 20 years ago. I use as many digits as necessary and simply count on my fingers to get the right ones if I have to enter 1st, 5th etc. If they need letters as well I just start with her initial.
I agree with the stupid securty questions. One financial site asked for a memorable place. Fair enough but it had to be between 8 and 12 letters. Mine didn't fit that criteria so I'd have to use another which I would definitely not remember. I gave up and went elsewhere.0 -
zzzzz bored now.0
-
Sorry Amanita, my comment wasn't directed at you.
I think your point about getting frustrated and moving elsewhere is a valid one as it is exactly what I am going to do. Institutions need to consider the effect of questions/passwords on their customers as well as their own security or customers may vote with their feet.0 -
Worth double checking the T&C of your bank account, most state if you write down the security details/provide to others you have no come back in the event of fraud.0
-
Worth double checking the T&C of your bank account, most state if you write down the security details/provide to others you have no come back in the event of fraud.
Extracted from Lloyds bank Classic a/c T&C's.........
Clause 4.3 subsection d
(d) do all you reasonably can to make sure no one finds out your Security Details, for example by not:
(i) choosing obvious passwords or codes (such as your date of birth) as part of your Security Details;
(ii) writing your Security Details on, or keeping them with your cards or banking documentation;
(iii) writing down your Security Details in a way that is recognisable; or
(iv) letting anyone listen in to your calls with us, or watch you entering or making use of your Security Details;
So they seem to accept that what work, banking, online shopping passwords, pins, memorable info, etc some sort of written note is ineviatble - even that is is within Keepass
Interestingly clause 4.4 requires all internet banking users to carry out regular virus checks.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.8K Banking & Borrowing
- 253K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.8K Work, Benefits & Business
- 598.7K Mortgages, Homes & Bills
- 176.8K Life & Family
- 257.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards