British bank changes “pants” password

By Mark O’Neill
Contributing Writer, [GAS]

Here’s some food for thought if you think your online banking password is securely hidden from curious eyes at the bank.

A British banking customer, Steve Jetley, phoned up his bank (Lloyds TSB Bank) and discovered that his password “Lloyds is pants” had been changed to “no it’s not” by a bank employee.   He had made this password after having an argument with the bank over insurance.

He was then told he was banned from changing it back to “Lloyds is pants” or to another password such as “Barclays is better” (Barclays is a rival bank).   He even tried the word “censorship” but the bank employee refused that one too on the grounds it was too long.

Lloyds claims the employee has now been fired and Mr Jetley has received a full apology.   But this incident makes you wonder how many bank employees actually have full unrestricted access to your online banking password.

BBC News via Schneier on Security

Advertisements
Advertisement




26 Responses to British bank changes “pants” password

  1. lol, indeed it gives something to think about . This reminds me of an article, it had some results from a study, and the question was, if you would get fired, would you release sensitive information. So it's a question towards all IT's working out there….80% said YES …xD .

    No wonder IT people get paid good ;) …which reminds ..i study IT…WOOOOOTT :p

  2. lol, indeed it gives something to think about . This reminds me of an article, it had some results from a study, and the question was, if you would get fired, would you release sensitive information. So it’s a question towards all IT’s working out there….80% said YES …xD .
    No wonder IT people get paid good ;) …which reminds ..i study IT…WOOOOOTT :p

  3. I think the biggest problem here is that the bank is able to see the customer's password at all.

    Shouldn't they be doing a 1-way encryption on all passwords? Storing passwords in plain text is a very bad idea.

  4. I think the biggest problem here is that the bank is able to see the customer’s password at all.

    Shouldn’t they be doing a 1-way encryption on all passwords? Storing passwords in plain text is a very bad idea.

  5. he was probably calling in and the bank asked for his password. there's no way a bank employee was going from account to account just looking at passwords.

    unless lloyds really is pants.

  6. he was probably calling in and the bank asked for his password. there’s no way a bank employee was going from account to account just looking at passwords.

    unless lloyds really is pants.

  7. I'm a Lloyds TSB Customer and I have two passwords with them, one for my Phone Banking (which I can never remember so have to go through the arduous process of trying to remember all my recent account activity) and my Internet Password. Lloyds staff don't have access to my Internet password, they do however see my Phone Bank one.

  8. I’m a Lloyds TSB Customer and I have two passwords with them, one for my Phone Banking (which I can never remember so have to go through the arduous process of trying to remember all my recent account activity) and my Internet Password. Lloyds staff don’t have access to my Internet password, they do however see my Phone Bank one.

  9. I was a bank employee for two years. We didn't know the customer PIN numbers or passwords, but we could change them if necessary, or at will if we really felt like it. For obvious reasons we didn't, but the passes are not completely yours.

  10. I was a bank employee for two years. We didn’t know the customer PIN numbers or passwords, but we could change them if necessary, or at will if we really felt like it. For obvious reasons we didn’t, but the passes are not completely yours.

  11. it is funny indeed, but it is worrying that employees can access that data freely and without worries of being asked "why are you looking at that?". Also, I cannot understand why that data wasn't encrypted.

    Either way, it wasn't clear which one of the two employees was dismissed: the one that accessed and changed the data or the one that didn't accept the new ones.

  12. it is funny indeed, but it is worrying that employees can access that data freely and without worries of being asked “why are you looking at that?”. Also, I cannot understand why that data wasn’t encrypted.
    Either way, it wasn’t clear which one of the two employees was dismissed: the one that accessed and changed the data or the one that didn’t accept the new ones.

  13. Most computer software NEVER stores your reall password. It runs the password thru a one-way lossey hash and stores that result. Each time you enter your password the software runs the password thru the same one-way lossey hash and compares this number with the one stores. You aren't supposed to be able to reconstruct the password from the hash. If banks have such crappy software that they actually store "raw" readable passwords then we should all be scared about how safe our money really is. Especially if employees can read this data.

    /DaveS

  14. Most computer software NEVER stores your reall password. It runs the password thru a one-way lossey hash and stores that result. Each time you enter your password the software runs the password thru the same one-way lossey hash and compares this number with the one stores. You aren’t supposed to be able to reconstruct the password from the hash. If banks have such crappy software that they actually store “raw” readable passwords then we should all be scared about how safe our money really is. Especially if employees can read this data.

    /DaveS

  15. I would just like to say, it doesn't concern me that Bank Employees can see my password because as it stands they can see my entire banking history at the same time. That said, the situation does concern me but only for the fact that someone in the general public could find out my password.

  16. I would just like to say, it doesn’t concern me that Bank Employees can see my password because as it stands they can see my entire banking history at the same time. That said, the situation does concern me but only for the fact that someone in the general public could find out my password.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.