Why I am leaving my current Bank - Bad Password Security

Posted At : September 14, 2008 9:33 PM | Posted By : Jason Dean
Related Categories: Security

So today I went to set up online Banking at TCF. I have been trying to set it up for a while, but I did not have my PIN number right, then when I got that straightened out I just never got around to it. Today, I needed to transfer some money, so...

So the TCF Online Banking asked me to set up my new account by asking for my SSN, my account Number, and my bank card PIN. This seemed pretty reasonable. Those are all things I should be trying to keep a secret. Seemed like pretty good security. After I got through that it asked me to verify my address, etc.

All was good until I tried to choose a password. I used a strong password. Some upper-alpha, some lower-alpha, some numbers and some special characters. It was 10 characters long total. This was a pretty solid password. Here is what I got.

Password too long?!?!?! WTF?? How can a 10 Character password be too long? This is a bank!

So I tried taking a character off, still too long. So the maximum password length ends up being 8. As a maximum!? 8 characters should be the minimum.

So I get it down to less than 8 characters just to get it working and I get:

OMG?! Double WTF!

So I look at the guideline. I must have a 4-8 character alpha numeric password. No special characters.

I got my horridly weak password set up and went in to try to change it. Of course, the same limitations. So then I wanted to see just how bad it was.

I tried to change my password to "m123" (No quotes). It let me.

This is ridiculous. I will be going to the bank tomorrow and closing my account. In the future look for a blog post from me about their stoopid anti-phishing safeguards.

SECURITY FAIL

Comments (3) | Print | Send | del.icio.us | Digg It! | Linking Blogs | 1276 Views
Comments
[Add Comment] [Subscribe to Comments]
Pete's Gravatar I admire your tenacity Jason. Most people would just put up with it when the alternative is closing your bank account and creating a new one with a new bank. Too many people (myself included) put up with bad service because they're too lazy to do something about it. Hell I won't even return a meal if it not up to scratch because I couldn't be bothered making an issue out of it. We need more people put their foot down when something's not right.

+1 for you!
# Posted By Pete | 9/14/08 10:15 PM
Jake Munson's Gravatar That is one of my biggest pet peaves. I have a strong password scheme that I invented that allows me to have an easily remembered unique long password for every website account. My scheme would not have worked on this site either. I don't blame you for changing banks, that's just ridiculous. They must have hired Peanut Joe IT Consulting to setup their site for them.
# Posted By Jake Munson | 9/15/08 1:25 PM
Josh's Gravatar I have a recommended do and a recommended don't for bank security. Hit me up on gtalk sometime. (My current position doesn't allow me discuss matters such as this publicly.)
# Posted By Josh | 9/17/08 8:37 PM
[Add Comment]
BlogCFC was created by Raymond Camden. This blog is running version 5.9.1. Contact Blog Owner