So today I went to set up online Banking at TCF. I have been trying to set it up for a while, but I did not have my PIN number right, then when I got that straightened out I just never got around to it. Today, I needed to transfer some money, so...
So the TCF Online Banking asked me to set up my new account by asking for my SSN, my account Number, and my bank card PIN. This seemed pretty reasonable. Those are all things I should be trying to keep a secret. Seemed like pretty good security. After I got through that it asked me to verify my address, etc.
All was good until I tried to choose a password. I used a strong password. Some upper-alpha, some lower-alpha, some numbers and some special characters. It was 10 characters long total. This was a pretty solid password. Here is what I got.
Password too long?!?!?! WTF?? How can a 10 Character password be too long? This is a bank!
So I tried taking a character off, still too long. So the maximum password length ends up being 8. As a maximum!? 8 characters should be the minimum.
So I get it down to less than 8 characters just to get it working and I get:
OMG?! Double WTF!
So I look at the guideline. I must have a 4-8 character alpha numeric password. No special characters.
I got my horridly weak password set up and went in to try to change it. Of course, the same limitations. So then I wanted to see just how bad it was.
I tried to change my password to "m123" (No quotes). It let me.
This is ridiculous. I will be going to the bank tomorrow and closing my account. In the future look for a blog post from me about their stoopid anti-phishing safeguards.