Saturday, March 01, 2008

Security for Dummies? @$@#%&^!

...or weekend rant.

Ri thinks I'm using Working The Room for ranting and humor, and leaving my serious posts for Late Night Latte. Not true. I just happened to mention my recent online security challenge to Ri this morning and her reponse gave me pause. Rewind...

So I get up early, go the gym, settle in to pay some bills. Maybe, joy of joys, even pay off a credit card. Thus begins the quest for online account balance information with one of THE largest banking giants out there, which happens to own my mortgage and, oh yeah, the credit card with the good interest rate.

I've been a customer for at least the four-plus years I've had the mortgage, but never really felt the need for online access since it's not my everyday bank. And yes, I do realize I could have simply picked up the phone and accessed my balance that way. But no, online CONVENIENCE.

So the process goes something like this:

1) Find web address on back of card. Go to site.
2) Determine which of the many account access options I need to pursue. Click.
3) Read the login screen, determine that no, I didn't forget or lose my username and/or password -- I never had one. Click.
4) Create user name -- but first, read instructions regarding online security. Create username that is so complex I will never actually understand how I created it.
5) Link it to account number and enter access code. Access code? What the heck? Click link for detail.
6) Choose how I want to receive my access code: phone call, text message, or e-mail. Phone call/text being the only option guaranteed to grant me immediate access. Okay, choose phone.
7) Which number? Home phone? Work phone? Or one of the three choices I don't recognize, but which may, in fact, have belonged to me at some previous point. How do they know this? Hmm. Choose home. Click.
8) Promised access code to be delivered by phone in less than 2 minutes. Rinnnnnng. Access code retrieved. Could that be right? Hit 1 to repeat this message. Ah.
9) Input access code and choose proceed to password creation, step 3 of 6.
10) Warning -- this program is not compatible with Windows Vista... go back, go back.
11) Crap. Your access code is now expired. Four screens later... choose how you wish to receive your access code. Oh. My. God.
12) We're sorry, that access code is already affiliated with another user name. Yes! Me, dammit.
13) Click on Need Help? Yes, or have some wine. But it's only about 7:45 a.m. so that may not be a good idea.
14) Wait... what's that? I can create a password. But remember, it must be blah, blah, blah. It's more than 15 characters -- does that work for you?
15) Password accepted. A full 40 minutes AFTER I started this process. By this time, I no longer care what my balance is...

...but I do decide to share my annoyance at this system, and what seems to be a bit more complicated security effort than would seem necessary, with Rita.

Her reponse, creator of IT/data process/management something or other that she is, is basically that it's our own fault, we, the bank users of this world, demanded security. IT folks responded. So live with it.

URRRGGGHHH.

3 comments:

Rita said...

I'm going to need a cocktail after this post........

CJ said...

Don't let Lynt have one. She may forget her password and have to start from scratch.

Lynt said...

ha. ha.