So I go to log onto my bank’s website, and they inform me that I have to enter in a new password. Never mind the fact that I doubt that this is going to “improve” my security… if someone had obtained my password before, why can’t they just use the same method again?

Anyway, I enter in a password using a “hash” that I can remember that would be relatively hard to crack via common methods like a dictionary attach or using personal information (that is, it’s not a function of my street address for example). However, here’s what came back from the bank…

bq.. The new password must include at least 1 letter AND at least 1 number AND at least 1 character that is not a letter or a number.

p. What? Why don’t they just say something like, “Please create a password so cryptic that you will never remember it, so you will have to write it down, so that someone can easily find it.” Fark!

Long, non-memorable password make things _less_ secure, not more.

Personal security in general is just a joke. With just the flimsiest amount of someone’s personal information you can obtain access to just about anyone’s financial accounts. In addition, I’ve found that financial institutions don’t really take security seriously at all. For example, as part of a “security upgrade” a while back, I learned that I could have one of my financial institutions ask for a verbal password before any phone-based transaction could proceed. Sounded good to me. I called them up, set up a password with them, but found that upon calling back a few weeks later, I was able to proceed with a phone-based transaction without the prompt for the password. This was not unique; I tried something similar with my credit card company only to have a similar “security measure” disappear from their system too. Whatever.

Personal financial-institution security is an oxymoron… but at least no one will be able to crack my bank’s new password… including me.