![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Enhanced security measures
Dec. 9th, 2010 11:49 amThe Bank of Scotland has started a new security initiative that makes sure that all account information is viewable by absolutely nobody at all.
Recently, they changed from asking for a password and security question to getting you to provide three randomly chosen characters from a string of 'memorable information'. (An aside question - doesn't this mean that this information needs to be stored in a retrievable form somewhere, as opposed to your password which doesn't?) The whole point of this memorable information is that nobody else even knows what it is - you don't get any field to describe it, it's just an anonymous string of characters that has to be of a certain length and include at least one number. I might have provided this at the time that I set up my account several years ago - needless to say, I had by now completely forgotten my so-called memorable information and needed to reset it.
Resetting this necessitates resetting pretty much everything. A random password is generated for you, and is given in two separate pieces - three characters on the confirmation page, and four more and instructions for recombining them sent via email. Once you've got those back together, you can log in with the reunited temporary password, and it was here that I ran into problems.
I absolutely could not get it to accept my choice of security question. All the other fields appeared to be all right, and I only ever got an unhelpful "Please set: Your own choice of question" red message when I tried to submit the form. So I initially thought that something in my question marked it as being too common a question, or not forming a sentence it could parse, or something of equal silliness, and tried multiple alternatives, each with the same result. I had meant to telephone them, but by the time I remembered on any particular day, it was already after 12pm in Boston and they would be closed.
But in one last effort when I went back to it yesterday, I tore into the Javascript of the page, and realized that their question field was subject to the same restriction as the rest of the fields - you can have no spaces or special characters (such as, fairly importantly, a question mark) in your question, or it won't be accepted. Oddly, the "20 characters" restriction was lifted for this box, so while even an effort like "What_is_your_favourite_colour?" won't be accepted for its special characters, if you pare it down to "whatisyourfavouritecolour" then you can finally get through. Perhaps they were expecting their customers to ask only things like "Why?" or "Toast?" Except those have got question marks in them.
My security question is now "whoisseventeenofthirtytwoalsosortyoursiteout" (which you can puzzle out for yourself), I have got back into my accounts, and I've emailed the bank at the only address I could find for them - the Contact Us page advises looking in the Online Banking Help, which redirects you to the Contact Us page - but I haven't received a reply yet. I have to wonder how they haven't noticed an extreme drop in new online accounts being created...
Recently, they changed from asking for a password and security question to getting you to provide three randomly chosen characters from a string of 'memorable information'. (An aside question - doesn't this mean that this information needs to be stored in a retrievable form somewhere, as opposed to your password which doesn't?) The whole point of this memorable information is that nobody else even knows what it is - you don't get any field to describe it, it's just an anonymous string of characters that has to be of a certain length and include at least one number. I might have provided this at the time that I set up my account several years ago - needless to say, I had by now completely forgotten my so-called memorable information and needed to reset it.
Resetting this necessitates resetting pretty much everything. A random password is generated for you, and is given in two separate pieces - three characters on the confirmation page, and four more and instructions for recombining them sent via email. Once you've got those back together, you can log in with the reunited temporary password, and it was here that I ran into problems.
|
Artist's impression - I wasn't going through all that again just to get a screenshot |
But in one last effort when I went back to it yesterday, I tore into the Javascript of the page, and realized that their question field was subject to the same restriction as the rest of the fields - you can have no spaces or special characters (such as, fairly importantly, a question mark) in your question, or it won't be accepted. Oddly, the "20 characters" restriction was lifted for this box, so while even an effort like "What_is_your_favourite_colour?" won't be accepted for its special characters, if you pare it down to "whatisyourfavouritecolour" then you can finally get through. Perhaps they were expecting their customers to ask only things like "Why?" or "Toast?" Except those have got question marks in them.
My security question is now "whoisseventeenofthirtytwoalsosortyoursiteout" (which you can puzzle out for yourself), I have got back into my accounts, and I've emailed the bank at the only address I could find for them - the Contact Us page advises looking in the Online Banking Help, which redirects you to the Contact Us page - but I haven't received a reply yet. I have to wonder how they haven't noticed an extreme drop in new online accounts being created...
