Skip to content

Thinking I do with words - Passwords on top of passwords

In the beginning, there was a password. That password lead you to all sorts of exciting information. Then, some people – mostly banks – decided this was not enough passwords, so they added a second password.
Devin

In the beginning, there was a password. That password lead you to all sorts of exciting information. Then, some people – mostly banks – decided this was not enough passwords, so they added a second password.

This second password was something of a problem, because as designed it was actually less secure than the regular password. They would ask you a question, and then the answer would lead you to get your banking information. While the regular password could be an incoherent jumble of numbers and letters, the second password was a response to a question. Stuff like your mother’s maiden name.

The secondary password is a strange system because it’s inherently easy to crack. It may be different for people with common names, but if I search for my own name I can find my mother’s maiden name quite easy.  I mean any potential identity thief might have to reach the third page of Google before they get that information, that’s how hard it is to find.

If you want to try to find it, have fun! Try it with your own name too.

In the interest of banking security then, the answer to the prompt probably shouldn’t be the actual answer, because you’re not actually adding security. Given that people now have a fairly immense online trail of fingerprints, it’s honestly kind of silly that this is even considered a security measure. For people of future generations, it’s not even going to be possible to put “favorite childhood pet” as a believable secret, because this generation’s mom’s are going to put a post on Facebook of little Liam playing with their dog Flutterboots, leading to banking disaster only 20 years later.

So now I just have to remember two sets of passwords. And I have to remember which set of fake information goes with which set of prompts, which I inevitably forget because it’s stupid that I need two sets of passwords just to see how much money I don’t have.

What is a solution to this conundrum?

I’m actually not sure there is a solution. Take two-factor authentication. If you want to access online banking information, it sends a text to your phone with a code you have to enter to keep going. Great, except plenty of people just access the bank through their phone. So if your phone is stolen, they have your bank.

It’s better than nothing, of course, but I find myself wondering if there’s anything that can be done to have a meaningful level of security. Just adding passwords won’t work. Constantly asking people when they were born, as seems to be preferred in medical situations, won’t work. Because all of this is easy to circumvent.

I’ll contemplate this as the bank asks me who my favorite teacher was, because it certainly isn’t the string of letters I said it was, but what was that string of letters to begin with?