Wednesday, September 19, 2007

Know What I Hate?

I hate financial sites that track your login by IP address, and then forget who you are whenever you login from a new machine.  I appreciate the concept -- new machine could mean new person off on a stolen card number someplace.  But in reality I've got a laptop that I cart back and forth between work and home, and if I check the bank account from work, and I last checked it from home, I have to dig out my bank card again and re-enter my information.  It's a small pain, but it's still a pain.  I'd rather they just didn't claim to remember it at all and made me re-enter it every time, instead of every visit being a potential unpleasant surprise. 


steveo said...

The recent rise in phishing scams have forced this.

My bank also just asked for auxiliary questions such as "What is you favorite food?", "Who is your favorite sports hero?".

Now whenever you use a new ip address or access your account at a different time of day than normal you have to give the answer to one of those questions as well as your normal login information.

Annoying. But probably somewhat effective against phishing.

Duane said...

I'm all for new techniques, I suppose. It's not really that big of an inconvenience. But why not go the whole way, and come right out and make me register a couple of IP addresses? Whenever my IP address changes, I have to jump through some extra hoops - but then, each time I use that IP address, I'm already verified. Going back and forth is silly.

Then there's the Bank of America thing where they show you the silly picture. A study was done a little while back where they had 50 people login to the site the normal way, and 50 people log in where the picture was not shown at all - and only 2 people complained. 48 people never even noticed the picture was missing.

steveo said...

The daily WTF has a rant against this "wish it were two factor" authentication that was posted just after I complained about it here: