Subscribe by EmailBritish bank changes “pants” password
August 29, 2008 by Mark O'Neill | 13 commentsBy Mark O’Neill
Contributing Writer, [GAS]
Here’s some food for thought if you think your online banking password is securely hidden from curious eyes at the bank.
A British banking customer, Steve Jetley, phoned up his bank (Lloyds TSB Bank) and discovered that his password “Lloyds is pants” had been changed to “no it’s not” by a bank employee. He had made this password after having an argument with the bank over insurance.
He was then told he was banned from changing it back to “Lloyds is pants” or to another password such as “Barclays is better” (Barclays is a rival bank). He even tried the word “censorship” but the bank employee refused that one too on the grounds it was too long.
Lloyds claims the employee has now been fired and Mr Jetley has received a full apology. But this incident makes you wonder how many bank employees actually have full unrestricted access to your online banking password.
BBC News via Schneier on Security
- A Lesson in Password Security
- iPod pants on fire: liar liar?
- How to Retrieve or Reset your Lost Windows Password
- HOW TO: Get back in Windows after losing your password
lol, indeed it gives something to think about . This reminds me of an article, it had some results from a study, and the question was, if you would get fired, would you release sensitive information. So it’s a question towards all IT’s working out there….80% said YES …xD .
…which reminds ..i study IT…WOOOOOTT :p
No wonder IT people get paid good
I think the biggest problem here is that the bank is able to see the customer’s password at all.
Shouldn’t they be doing a 1-way encryption on all passwords? Storing passwords in plain text is a very bad idea.
he was probably calling in and the bank asked for his password. there’s no way a bank employee was going from account to account just looking at passwords.
unless lloyds really is pants.
I’m a Lloyds TSB Customer and I have two passwords with them, one for my Phone Banking (which I can never remember so have to go through the arduous process of trying to remember all my recent account activity) and my Internet Password. Lloyds staff don’t have access to my Internet password, they do however see my Phone Bank one.
I was a bank employee for two years. We didn’t know the customer PIN numbers or passwords, but we could change them if necessary, or at will if we really felt like it. For obvious reasons we didn’t, but the passes are not completely yours.
The funniest part about this story, to me, is that “pants” is a derogatory term in some places
Yup, in British English, pants are underwear. It is also slang for something that is bad, terrible, stupid, screwed up, etc.
And yet, when “Sisterhood of the Travelling Pants” came over here, no-one thought to change the name…
LOL @ pants being bad LOL
it is funny indeed, but it is worrying that employees can access that data freely and without worries of being asked “why are you looking at that?”. Also, I cannot understand why that data wasn’t encrypted.
Either way, it wasn’t clear which one of the two employees was dismissed: the one that accessed and changed the data or the one that didn’t accept the new ones.
Most computer software NEVER stores your reall password. It runs the password thru a one-way lossey hash and stores that result. Each time you enter your password the software runs the password thru the same one-way lossey hash and compares this number with the one stores. You aren’t supposed to be able to reconstruct the password from the hash. If banks have such crappy software that they actually store “raw” readable passwords then we should all be scared about how safe our money really is. Especially if employees can read this data.
/DaveS
I would just like to say, it doesn’t concern me that Bank Employees can see my password because as it stands they can see my entire banking history at the same time. That said, the situation does concern me but only for the fact that someone in the general public could find out my password.
This is an amazing article. Ive posted an article about it on my blog linking back, great article and yes Lloyds is very pants.