Log in

No account? Create an account
A spokesperson said: "On the majority of transactions advisors… - B. Henderson Asher's Moments of Mirth [entries|archive|friends|userinfo]
Listen in, listen Ian!

[ website | Flickr ]
[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

[Aug. 28th, 2008|09:35 pm]
Listen in, listen Ian!
A spokesperson said: "On the majority of transactions advisors cannot read customers' passwords.

"In this case it was a business banking customer using a system where more than one person from a business can check their balance.

"In these cases an advisor can read the full password."

Well, it's true that there wasn't a security lapse, just a fundamentally insecure system. Once a password has been entered onto a system, it should be totally impossible for anyone - anyone at all - to find out what it is from the system. That's unbelievably basic stuff.

[User Picture]From: vodka_fairy
2008-08-28 09:29 pm (UTC)
yeah but (as I have just noticed) it was Telephone Banking whereby the person on the end of the phone would NEED to know the password in order to serve the customer...?
(Reply) (Thread)
[User Picture]From: ruudboy
2008-08-28 09:33 pm (UTC)
HSBC telephone banking doesn't. I have to tell them my birthday, then I have a secret number that they ask me three digits from: - maybe the first, the third and the second from last. I never have to tell anyone the whole thing, and I assume there's no way anyone can find it out.
(Reply) (Parent) (Thread)
[User Picture]From: oldbloke
2008-08-29 07:14 am (UTC)
Consider the problems in securely encrypting a string or number when you need to be able to check N randomly selected pieces of it at any time. If you encrypted the whole thing, you have to decrypt to get at the bits you want to check. Otherwise you have to separately encrypt a whole bunch of single characters, which isn't easy to do securely.
Even rjk doesn't know a safe way of doing it (though I may have misread his contribution on misc)
And as SAm points out, with phone banking, if they ask you for, say, 3 and 7 today, then 2 and 6 next time, then... Slowly, the human collects all the bits (or enough of them) of your passphrase.

Edited at 2008-08-29 07:15 am (UTC)
(Reply) (Parent) (Thread)