Password Managers, 2FA and Login security

in #website6 years ago

I use a password manager, Lastpass if you must know, and I find it very useful,
I must get round to paying for it when I have the funds sometime as it does save me a lot of time.

Occaisionally though, a website will tell me my password is wrong, I tend not to think this is
Not due to Lastpass but to the website concerned.

I've had this problem with sites like verified by visa, who seem to think that the way to increase security
is to have another password, which is stupid.

What happens if you force debit and credit card customers to use yet another password before
they can finalise a purchase.
This is simply another inconvenience, so what they'll do, is either create a simple password, or even
the same password, and or keep it in the same location as their first password.
So, if one password is compromised, then they will both be compromised.

If Verified by Visa (VbV) wanted to increase security they could have used 2FA, OK, still an inconvenience
but it's genuinely 2 Factor security.
Having two passwords is likely not, because the user will likely either use the same password, or store
it in the same place as their 1st password.

I emailed VbV and told them I thought that forcing 2 passwords on customers was ill thought out and quite frankly
idiotic, they genuinely wanted to increase security, using 2FA would have been just as inconvenient but much safer.

They didn't like that as their reply said my email had been classed as Spam.

In a further development, this time with another Bank (Barclays) I tried logging in.
I'd been told that there was a problem with my Paypal payments, but had accidentally deleted
the original email, plus I wanted to cancel two small regular payments.

For some reason there was a password problem, I tried resetting my password
5 times before eventually trying to contact Barclays.

Great I though, a human will look in to my problems,

Nope,
Barclays, along with many companies now seem to think they can Predict every
problem their customers can ever have and returned an automated response, directing me to their
online FAQ.

There is no option that deals with 'can you look at my account to see why I might be having payment problems'

So yet again, I've had to send another email, asking a human to see if there are any problems with my account.

It shouldn't take over an hour to try to log in, or reset a password,
they CAN'T predict every eventuality, and I don't want to be involved
in a game of ping pong with their automated we can think of every
possible eventuality FAQ's.

Oh yes, one other problem, when trying to reset my password, at Barclays,
It kept rejecting my new password, I eventually found out, that it was because
they don't accept special characters in passwords, AND, the password can only be between
6 and 8 characters long.
So I had to alter my password manager settings to create a password that would satisfy their weak,
crappy standards.

By todays standards, this is very poor security, because if their password hash tables were ever
hacked and stolen

EVERY SINGLE ONE of their customer's bank account would be compromised very quickly.

Not only is their password reset, and online problem handling system very user UNFRIENDLY
their security people seem to have no idea how quickly a modern PC, equipped with 4 Graphics cards
could Brute force an 8 character password, consisting only of letters and numbers.

Let alone 2 or more PCs working together.

These big companies, and little ones should agree a standard that should last us for the next 5 - ten years
with regards to passwords,
Eg, All sites should agree to password formats of

at least 12 characters long (preferably 15),
contain at least 1 number,
one lowercase letter,
1 Uppercase letter
and at least 1 special character.
AND 2FA.

I've decided to destroy my Barclays card and intend to close the account on monday.

For those interested, here's some youtube links to Password Managers, I like Lastpass, but there
are other ones that come highly recommended, Keypass for example is open sourced.

Password managers.

https://www.youtube.com/results?search_query=password+managers

2 Factor authentication

https://www.youtube.com/results?search_query=2+factor+authentication

Online security.

https://www.youtube.com/results?search_query=Online+security

In a further development, writing tags for this article, it appears
the tags must start with a letter, all tags must be lower case
can't start with a number, Why not ?
how difficult would it be to lowercase all tags internally to this site.

Sort:  

Hello @royalecraig! This is a friendly reminder that you have 3000 Partiko Points unclaimed in your Partiko account!

Partiko is a fast and beautiful mobile app for Steem, and it’s the most popular Steem mobile app out there! Download Partiko using the link below and login using SteemConnect to claim your 3000 Partiko points! You can easily convert them into Steem token!

https://partiko.app/referral/partiko

Congratulations @royalecraig! You received a personal award!

Happy Birthday! - You are on the Steem blockchain for 2 years!

You can view your badges on your Steem Board and compare to others on the Steem Ranking

Vote for @Steemitboard as a witness to get one more award and increased upvotes!