Security has just got ridiculous

[Oliversmumsarmy]

I am trying to cash in some premium bonds. I wanted to pay for my holiday etc.

I forgot one of the security questions. I pressed forgot the answer and it has now logged me out of my account and changed the password. I won’t know the password until it is sent to me in 5 working days.

My dd has just changed her bank account.

Been issued with a card reader and a customer number.

Either the customer number doesn’t work or the card reader number doesn’t.

She has given up trying to do on line banking and has now set up a new bank account.

I know security is supposed to be tight but it has got so ridiculous that it is back firing.

I feel I will need to make a note of my security details separately otherwise I will get locked out of my account.

FWIW this is the first time in about 5 years I have had to cash in PBs. I can’t remember my security questions from at least 5 years ago.

I know I probably am being unreasonable but I cannot be the only one to forget this stuff

message me for a couple of tips, if you like (I wrote them out, then thought better of putting them up on a huge site like this).

bet it was Dr Who! it started in 1963 -

firstly, I inherently don't trust anyone who asks for mother's maiden name. Its ridiculously easy to find out. The problem with using something that isn't the real one is remembering what it was!

I've given up using a credit card with a very unforgiving system that doesn't allow 3 goes.

I've fallen foul of systems that tell me my security answer is wrong because I forgot to use an uppercase letter (or vice versa). My first childhood home is quite long and has 3 words in it, which some systems don't like. And don't get me started on hyphens!

I do write down many of my details, but in a coded form that most people wouldn't easily recognise. Even that is a security risk.

Life is all about flipping passwords isn't it. We have to write these down. Even Mumsnet password is a joke with all the capitals and special characters.

My bank asks me 4 questions. One of them is "what is your favourite meal or restaurant". That is TWO questions. Neither of which I can answer as they change all the time! (Clydesdale bank...YOU)

This is why I have so little on social media. I have an unusualish first name, so if you knew my surname then it'd be pretty easy to hunt through the few of the same name to find my profile if you came across any detail and wanted info to match.
My birthdays are not online.
I'm not signed up to any school alumni.
Nobody knows where I was born.
I'm not online 'friends' with masses of cousins (who have my mother's maiden surname), even so all my friend lists are hidden.
Etc.

Totally agree with you, I had the same issue with NS&I / Premium Bonds. I forgot a password recently and had to have everything posted out to me again, the flaw in the plan being that I was trying to change my address via the online account so it all went to the old address. Forwarded on, so all fine, but it just felt like a farce.

two factor ID is a real pain if you live in an area with bad mobile reception. Until we moved last year, if I wanted to log into the HMRC site, i'd have to enter my password then run to the end of the road and wave my phone around to get the secondary access code... which is only valid for a certain amount of time.

I log into my bank account before work every day. I then check my email (with a different password). I set my house alarm via a pin number. I go to the cash machine and enter my pin to get some money out. When I get to work there is a code (that changes monthly) to get into the main car park then another to access the front door. I buy breakfast in the canteen with another pin number. I do my photocopying (another number) and then get to my office which is accessed by another number. I have to enter my printer code every morning after logging on to my computer with password. For someone with a kind of number dyslexia it's no wonder I come home exhausted!

YABU

Use a password manager. That's a platform/app where you have an account with a password (something very hard to guess, like a phrase including numbers and punctuation). It stores all your logins and passwords and security numbers etc in encrypted format. You only have to remember the one password.

The online banking thing is just a fluke, or maybe the bank is rubbish. Getting your accounts hacked is much more inconvenient than having to deal with some security.

But you're told to use different answers on different websites, so you've have to remember lots of different made-up words for different banks.

That's different password. The security question can be the same - especially if it's nonsense. (a) the website you're giving it to won't know, (b) it can't be guessed from a dictionary attack.

And if you have enabled 2FA (where available. But any site serious about security will have it) then even if your password is compromised somehow, any attacker still needs to bypass that. Which isn't easy if it's a code to your phone (what you still have in your bag).

The card reader thingy most banks now issue is 2FA. Even if someone had access to your online banking password without having your card in their hand, they'd be stuck at that prompt.

Another tip is to memorize then destroy the last 3 digits on any card you have. They are only ever needed for online purchases, so no need to let all and sundry see them when you hand your card over. (Which really, you're not supposed to do, but I have noticed some shops that force you to hand your card over ....)

This is why I don't do online banking.

My Shell petrol points card is the weird one... they send me an email telling me how many points I have and ask for me to log in to redeem said points. Log in requires my email address, but then it says that email address is not recognised. Well its the one you twats emailed me on to tell me to log on using that email address!

two factor ID is a real pain if you live in an area with bad mobile reception. Until we moved last year, if I wanted to log into the HMRC site, i'd have to enter my password then run to the end of the road and wave my phone around to get the secondary access code... which is only valid for a certain amount of time.

Yep, I feel your pain. I have a small accountancy practice that has no mobile phone access. The HMRC log in is awful for us, as like you say, we end up walking up and down the main street until we get the signal then it's a run back to the office before the time elapses. Crazy way of working, but then it is HMRC!!

GlasgowWorrier I have the same issue with HMRC. They owed me loads of tax back but I couldn't get on the website as it took over 24 hours for the texted code to get to me, by which time it was no longer valid.

we have the same problem at work with the CIS & VAT My boss is old school and doesn't have a mobile phone so we have to use my personal one.

The security systems are part of the reason we use cash as much as possible. DH gets paid by a cheque. We pay the mortgage and all other bill by posting cheques

2FA can be via an app (e.g. Google Authenticator). And I know Google, Microsoft and Facebook have a mechanism where you can generate a code to write down somewhere in case you need to 2FA and haven't got connectivity.

er, no - just a pretend word. Or "word" - doesn't even need make sense. As long as you can remember it.
I wonder if you could use a word like "bollocks" if you wanted To?

DH regularly fails his security questions because they are of the ShreddedBanksy mentioned type. I think I was recently asked to name a S/O mandate as a security question and my mind went blank (as I have no idea which are D/Ds and which are S/O).

I closed some accounts as there was so much security I couldn't access the money myself so gave up and closed them. Some accounts are a lot easier than others and never had any fraud on any account. I don't mind checks as long as they are quick not in the post in 5 days. Also I hate the compulsory "extra security" of a mobile - its not extra as I don't have a mobile.

Shreded I had questions like that from my bank one time including what was my exact balance that day and when I said she said no its needs to be precise. And what was the exact amount of your last water bill? Yep, I memorise those. Then she said she was going to block access at which point I got annoyed as had just moved house and had transactions going here, there and everywhere and she backed down.

I agree that it is getting frustrating. I do understand the reasons for it, but my memory for this sort of thing unfortunately isn't getting any better as I head through the perimenopause.

I wonder if you could use a word like "bollocks" if you wanted To

Of course you can. I use obscenities as passwords all the time.

Saving a password is fine but does anyone put in the new password to set it up, you then have to re enter it and then it says

No. You can’t have that password.

So you try again and the computer says

No. You can’t have that password.

By the time you have got the right amount of letters, numbers, capital letters and signs. I have forgotten what I typed.

A password manager is fine for passwords but does it answer the questions etc

Dd found out too late and has now changed banks but apparently the card reader she was given was broken.

Atm I am trying to convince the broadband company that my first name does exist.

Apparently I am not called my perfectly ordinaryish name.

I also am a new customer because I have just opened an account with them and just because they can now see it on their system doesn’t mean I have a previous account with them.

I do feel like I have disappeared down some rabbit hole and come out into a Kafka novel

A password manager is fine for passwords but does it answer the questions etc

I use Lastpass (other password managers are available) which will generate passwords within rules for you, and also allow you to store notes against each site you have a password stored for. In my case (for example) I have stored the Verified By Visa password.

So you can store the answers to supplementary security questions there.

Lastpass can be set up to require 2FA (using Google Authenticator) and also to trigger a further security check when it's accessed for the first time from another computer (as can Facebook).

As with anything security related, it's not really possible to get to 100%. But lifting yourself above 80% should keep you relatively safe with the minimum of hassle.