[Dshield] Re: Way off Topic
hobbit at avian.org
Tue Sep 9 22:54:00 GMT 2003
Maybe at the least you can get whatever bank it was to see the good
reasons behind maybe CHANGING the static password to your money, i.e.
your card number, more than every five YEARS, and then adopt a
personal policy of forcing them to change it every six months. Yes,
you'll raise red flags with them, and then you can drive the point
home when they ask. You also may have to phrase it as "my card
was stolen" to get them to hop.
What does the bank's own security policy say about frequency with
which their *employees* change passwords, that already have the
advantage of generally not being sent flying into some podunk
net-peddler's insecure database and being enshrined there in plaintext
waiting for them to get knocked over? C'mon, now. The FINANCIAL
INDUSTRY should think this through a little better, even if said
e-tailers themselves are hopeless.
More information about the list