American Express Password Problem
I should say first that it wasn’t AMEX, who had the problem, but me, as I’d forgotten, what my login to their site was. I never write anything down or store it on the computer, so I had a problem, as the Mark One brain had forgotten it.
But their site is very professional in the way it dealt with someone like me.
Firstly, it asked me to enter my card details, and then it sent me a temporary password to login to the site.
This password was a six character alpha-numeric code, with the alpha characters in upper case.
On typing this in to the site with my customer ID, I was able to get in and change my password.
AMEX passwords are simple and must be a mixture of alpha and numeric characters, where case is irrelevant.
All very simple and as it’s AMEX, I suspect it’s a lot more secure than it looks in the first instance.
If all websites had such good security and simple passwords, on-line systems would be much more secure.
I Locked Myself Out For The First Time Since 1969
This morning the recyclers turned up, and in the rush to dispose of my green sacks, I managed to lock myself out, as the door slammed behind me.
Luckily, I had my coat on, so I wasn’t too cold and I also had my wallet in the pocket. But my phone was in the house, so I couldn’t call my son, who has spare keys.
Eventually, I borrowed a phone, but he was in a meeting, so I had to go to Walthamstow to get them from our builder.
The journey didn’t start well, as roadworks round the corner, meant I couldn’t find a 56 bus to get to Leyton for a bus to where my son lives and the builder is working. So I went the other way to get the Victoria line from Highbury and Islington.
it was bitterly cold and I was without my hat and gloves and then the train was delayed.
But eventually, I got the keys and was able to get back into the house.
The last time, I locked myself out was in 1969 and a very pregnant C and myself called the Police to get us in. They did with a well-aimed boot. I’ve since used the technique a couple of times.
They also said never call the Fire Brigade in this sort of emergency, as they love to use their axes.
Unbreakable Passwords
Passwords are one of the things that the Internet and computer systems often get wrong.
How many times, does your chosen password, which is of a type that has been acceptable on Site A, been unacceptable on Site B?
There are two things, I really hate.
The first is sites that generate your initial password as a string of characters, which need to be cut and pasted into the logon. I’ve even found sites, that don’t let you change the password. Is there a better way to piss off your clients? There are several shopping sites, I’ve used in the past that think they are being clever and secure. In fact, they’re being stupid and I’ve never used their sites a second time.
The other is passwords that insist you use the shift key for at least one character. As I have trouble with shift and generally span my right hand to type upper case characters, which is not a reliable process, any site that insists on that type of password is out. So I never use a credit card with Verified by Visa on-line. This would be helped if all sites were like Zopa and allowed you to show the password, as you type it in.
So could we come up with better passwords, we’d always remember, that are totally unbreakable?
Here’s a few ideas!
My first car was a 1946 Austin 8. I still remember the registration, which was three letters followed by three numbers. Not long enough for some sites and rightly so, but this would be totally unbreakable, as how many criminals, would know the registration of the first car you owned. If you were someone like me, getting towards the last few decades of your life, it could be a good password. You could even have the simple password hint of “First Car” If I wanted a secure password, who could break it, if I used the registration number of the first Porsche I owned! I doubt that even my son, would know that registration.
And then there are memorable phone numbers and addresses from childhood. I doubt, there are few people, who don’t know these from where they grew up. Certainly, I was told to memorise them, so that if I got lost, I could find my way home.
I can also remember the address and phone number of my father’s print works as 38-44 Station Road and Bowes Park 2165.
The great things about passwords like these, is that you can write them down or put them in something like Outlook as say First Car or First Married Address and nobody will know them, except perhaps your partner or child.
There is a password strength checker here on Microsoft’s web site. It rated bowespark2165 as a strong password. It’s also easy to type.
In my view passwords must be easily memorable, as suppose you want access to say your credit card account in an emergency and you have to do it by using the memorable data, you don’t want it to be something you can’t recall.
Ticketmaster Gives Captcha The Boot
I don’t like the Captcha technology on web sites, that define, whether I’m human or not. it’s all because I have a gammy left hand and can’t always be relied on to get it right.
So I was pleased to see that Ticketmaster has ditched the dreaded system for something better. It’s all here on the BBC.
Let’s now make all passwords and questions case insensitive, so that I can get them right first time.
Improving Banking Security
There is an article about the security level of chip and pin on the BBC’s web site. It got me thinking.
I am careful with my bank debit and credit cards and feel that with on-line banking, not enough is done to create a more flexible and much more secure system, by using the power of the servers to make things difficult for a criminal.
Logging In
I always log in from memory, rather than use the little machine that my bank gave me. As the customer number and passwords are not written down anywhere, even with the card and the machine, it would be difficult to log in to my account, unless they had co-operation from someone inside the bank.
There is a big flaw in the bank’s security, in the fact that all the machines are identical, which means criminals only have to get one to use this method of logging in, if they have a stolen debit card and the customer number. I needed a new one and just went into a branch and asked for one. They didn’t ask me any questions, before I got a new one.
I very much like the login system used by Zopa. It is very secure and very simple, and I would suspect most people would not need to write anything down to login first time. Something, you can’t say about many systems I’ve seen.
Restricting Cash Withdrawals
I have never understood why thee is nowhere in your on-line banking account, where you can set parameters about how and where you can draw money out through cash machines.
In a simple case, you might impose limits on the amount of money that could be withdrawn at any one time, or say in a week or month.
I would impose a limit of up to a hundred at any one time. If I needed more, I could always change the limit. You wouldn’t want to make it too complicated, as it would start to get onerous.
Better Bank Statements
When I look at my bank statement on-line, the cash withdrawals, just say how much I’ve withdrawn and the name of the bank. Some of the direct debits are well documented either.
it would be very easy to say give every cash point machine a unique reference, so when you checked the statement, you would quickly notice a transaction that was perhaps done with a cloned card.
The more information you gave customers, the more likely they would be to spot something that wasn’t correct.
An Emergency Pin Number
You hear stories about criminals threatening cash point users and getting them to draw money out. So why not have an emergency pin number, that smallows the card, perhaps gives out a few pounds and then says something like.
This machine as run out of money, please try another machine.
Whatever the system did would have to be carefully thought out, to avoid the criminal taking it out on the victim.
SMS Confirmation Of Bigger Transactions
I’ve never understood, why this couldn’t be done, as any message relating to a purchase you hadn’t made, would give you warning.
I’ve always felt that this would be very effective, even if only a few cards were setup this way. But would criminals take the chance of using a card that was, when it might start an immediate chase.
In some ways, what seems to be sad is that all on-line banking is so similar, when there are so many things that can be done to make the system much more secure for both the bank and its customers.
Banks are just so conservative and don’t innovate. Which is why they’re going to fail even more.
Frank Gardner On Risk Profiling
Frank Gardner has written an article about risk profiling software for the BBC web site. He writes it with respect to terrorism, but buried in the article is this piece.
He says South Korean Customs, which have bought the programme, report a 20% higher detection rate of illegal goods.
That is just good use of data mining software, to identify the source of illegality.
There are so many applications for this type of software, such as in healthcare, road safety, crime, product failures from televisions and vehicles to large projects, that generally all we will see is a much better lifestyle.
Only in a few areas will there be any cause for concern about human rights.
Booking At The BFI
I’ve just booked a film tonight at the BFI.
Their web site annoyed me, as it insisted on having a password with at least one capital letter and a number. I find the shift unreliable because of my gammy hand, so it usually takes several goes to make certain I’ve got it right.
All password entry should have a checkbox to display what you’ve actually typed.
Two websites I use regularly are Zopa and Nationwide. Neither relies on case being needed and Zopa allows you to check a box to show what has been typed. I would assume that neither have security problems as otherwise it would be all over the Internet.
The only site I use which insists on at least one capital is Betfair. But I seldom use it these days, as I always forget and have difficulty logging on.
Whitehall Says Give Social Networks False Details
This article on the BBC, which says that a Whitehall official has said we should all give fake details and an MP disagrees, shows how little the supposedly great and good know about the Internet.
What I would recommend to others I do not know? But I do have a consistent philosophy across the various sites I access. One thing I do, is to use a special e-mail address for the Internet groups to which I belong. This means that I can trace any spam and know possibly where the leak is.
I also rarely give my mobile phone number to anyone.
NatWorst Opens The Door To The Fraudsters
Natwest have brought in a system called Get Cash based on a mobile phone app. But according to this on the BBC’s web site, it’s all started to backfire.
It looks to me that the Get Cash app is just too easy a target for fraudsters and it appears to me as a humble programmer and system designer, that they used programmers and designers, who didn’t understand the criminal mind.
If my bank offers me a mobile phone app to do my banking or use a credit card, the answer is no, no a thousand times no!
Incidentally, the computer that does my banking, never leaves my house and sits behind a door with a powerful lock on it.
I usually only draw out cash from a small number of cash machines fairly close to my house or at the Angel.
The Anonymous Widower 