My Pet Peeve: Maximum Length Passwords
-
@boomzilla said:
For most things, I'm watching from the DVR. But there are a few channels to which I regularly tune manually, and they're hundreds of channels apart, so I've memorized them and use them all the time.
After I read this, I thought a bit harder, and realized that I have absolutely no idea what channel numbers carry the shows I watch, because I almost always (as in 99%+ of the time) use the DVR. I do tend to watch my regular shows the night they're on (or maybe the next night), but I'll wait until they're at least halfway through or completely over so that I can skip the commercials.
@boomzilla said:
IT'S LIKE A CLI FOR MY TV!
[code][b]TiVo$ [/b] find . -name "BigBangTheory" | /dev/living_room_screen[/code]
-
@Lorne Kates said:
Forget that. Let me introduce you to the motherfucking wonders called "Touch screen credit card terminals". They're just like regular checkout terminals, except instead of having a physical keypad, they have a touchscreen. snip ...
I always lean waaaaay in when using those to try to block as much as I can with my body. But yeah, I always worry about someone looking for prints afterward. sigh. Maybe Thoreau had it right, after all.
-
-
@Ben L. said:
@locallunatic said:
Or put the fields and everything on the screen and let them enter passwords however they like, then ignore them. No matter what they enter for the password, they get in. Even if they don't enter anything for the password, they get in.
What you should do is put a giant notice at the top of the login/registration pages that tells users how insecure the system is and who they should contact to get it fixed.@flabdablet said:
@locallunatic said:The real hard part comes when the customer is writing the spec (contract work) and specifically asks for this. It's one of the things you can recommend they don't do, but nothing you can do if they insist (if you are at a contract work shop rather than doing it personally anyway).
Yes there is. You make it so there's a screen that lets you "read back the password" and what it actually does is change the password to the 12-16 character string of random symbols that's just appeared on that screen. Then you keep marking all bug reports complaining about this behaviour as RESOLVED FIXED.
Unfortunately my marking the bug reports that way got escalated to "do EXACTALLY what we asked for or we aren't paying". Only so much fighting I'm willing to do for the customer's users (it wasn't a system that our customer's customers would have accounts on).
I wonder how long it would be before they actually noticed.
-
@Shoreline said:
Perhaps having subscribed to the XKCD philosophy on passwords...
Wrong, for a variety of reasons. First, your passwords don't need to be memorized--they should be randomly-generated and stored encrypted somewhere. Then you only need to remember a single master password. Having to remember a thousand passwords would be a nightmare and only means you're going to do something stupid along the way. The fact that the baseline that idiot uses is substituting letters of a word with digits or characters shows just how fucking imbecilic he is.
Second, you only get good entropy from using words if you use random generation and you accept the very first result it gives you. If you try to reorganize the words to make something more memorable, you're reducing entropy (which is why you shouldn't be trying to make that shit memorable in the first place..)
Third, if you're going to use random password generation, then you get far better entropy per-character by using random characters ([A-Za-z0-9] works fine) than words. Twenty characters is the max you'd ever need--that means when you run into sites with a maximum length of 20 characters, you're actually getting the best security you can hope for, instead of dicking around with random words. Security needs to be practical and the xkcd method ignores a lot of legitimate concerns.
In short: you're taking security advice from a guy who draws a shitty webcomic. This may not be the wisest course of action.
@Shoreline said:
I only know the basics of password/session security, but as I understand it, passwords are hashed into a 32-character string. Why then, can I not get an extra 12 characters in my password?
You apparently don't even know the basics. A 32-character string seems to imply MD5, which nobody should be using any more. Also, the length of the hash output has absolutely nothing to do with the length of the input. MD5 is 32 characters (well, hex digits) whether the input is 1 character or 1 million.
However, bcrypt, which is the recommended way to store passwords, does have a maximum password size of 55 bytes, but you really don't need more than that.
-
@da Doctah said:
Or put the fields and everything on the screen and let them enter passwords however they like, then ignore them. No matter what they enter for the password, they get in. Even if they don't enter anything for the password, they get in.
I was writing a web-app that had the option to have null passwords, and it behaved exactly like that. When you registered, there was a check-box after the password field that said "No password, thanks.". It'd just accept anything in the password field if you had the "I don't want a password" flag set on your account. My boss fucked a pumpkin when he saw that, and I can't figure out why. :(
-
@drurowin said:
@da Doctah said:
Or put the fields and everything on the screen and let them enter passwords however they like, then ignore them. No matter what they enter for the password, they get in. Even if they don't enter anything for the password, they get in.
I was writing a web-app that had the option to have null passwords, and it behaved exactly like that. When you registered, there was a check-box after the password field that said "No password, thanks.". It'd just accept anything in the password field if you had the "I don't want a password" flag set on your account. My boss fucked a pumpkin when he saw that, and I can't figure out why. :(Worst. Programmer. Ever.
-
@morbiuswilters said:
@drurowin said:
It's how I wish I could have my Twitter, Facebook, and Gmail passwords. I'd actually PAY FOR A SUBSCRIPTION to that feature.@da Doctah said:
Or put the fields and everything on the screen and let them enter passwords however they like, then ignore them. No matter what they enter for the password, they get in. Even if they don't enter anything for the password, they get in.
I was writing a web-app that had the option to have null passwords, and it behaved exactly like that. When you registered, there was a check-box after the password field that said "No password, thanks.". It'd just accept anything in the password field if you had the "I don't want a password" flag set on your account. My boss fucked a pumpkin when he saw that, and I can't figure out why. :(Worst. Programmer. Ever.
-
@drurowin said:
My boss fucked a pumpkin when he saw that, and I can't figure out why.
Usernames are public. What happens when someone else, which is everybody, knows your username?
-
@RobFreundlich said:
@boomzilla said:
For most things, I'm watching from the DVR. But there are a few channels to which I regularly tune manually, and they're hundreds of channels apart, so I've memorized them and use them all the time.
After I read this, I thought a bit harder, and realized that I have absolutely no idea what channel numbers carry the shows I watch, because I almost always (as in 99%+ of the time) use the DVR. I do tend to watch my regular shows the night they're on (or maybe the next night), but I'll wait until they're at least halfway through or completely over so that I can skip the commercials.I have a few channels that are generally kid safe. So if the kids come in the room, or, after a DVR / on demand show stops and the channel is showing something inappropriate I can quickly go somewhere relatively safe. Or, things like the weather channel that pretty much only make sense to watch live.
-
@dhromed said:
Personally, I don't have any data I consider "worth" hacking. I'd post my passwords to Facebook/Gmail/Twitter et al here, but one of you assholes would change it and lock me out of my accounts. They're all the same, and based on just dragging my hand across the keyboard. (The "I don't want a password" flag wasn't removable without directly editing the database and then forcing a password reset from the admin console.)@drurowin said:
My boss fucked a pumpkin when he saw that, and I can't figure out why.
Usernames are public. What happens when someone else, which is everybody, knows your username?
-
@drurowin said:
I'd post my passwords to Facebook/Gmail/Twitter et al here, but one of you assholes would change it and lock me out of my accounts.
So... you care about keeping your account secure.
-
@dhromed said:
No, I have nothing to hide. I'll PM you my password to everything if you promise not to change it. See, that's why I want to be able to have an unchangeable null password. Simplifies login.@drurowin said:
I'd post my passwords to Facebook/Gmail/Twitter et al here, but one of you assholes would change it and lock me out of my accounts.
So... you care about keeping your account secure.
-
@boomzilla said:
So if the kids come in the room, or, after a DVR / on demand show stops and the channel is showing something inappropriate I can quickly go somewhere relatively safe. Or, things like the weather channel that pretty much only make sense to watch live.
Good idea! I'll have to learn where the Weather Channel lives in our area, for the FIOS box in one room. For the TiVo in the other, the Tivo button works great because the menu it brings up doesn't have a picture-in-picture of what's on the current station, so whatever was on is now blocked.
-
@drurowin said:
Personally, I don't have any data I consider "worth" hacking.
What about people using your accounts for evil and/or tainting your reputation?
-
@Zecc said:
@drurowin said:
Personally, I don't have any data I consider "worth" hacking.
What about people using your accounts for evil and/or tainting your reputation?From his posting history, I think his previous statement stands.
-
@Zecc said:
@drurowin said:
I can go back and delete Facebook and Twitter posts if something like that happens.Personally, I don't have any data I consider "worth" hacking.
What about people using your accounts for evil and/or tainting your reputation?
-
@drurowin said:
I can go back and delete Facebook and Twitter posts if something like that happens.
This "reassurance" is befuddling.
-
@drurowin said:
@Zecc said:
@drurowin said:
I can go back and delete Facebook and Twitter posts if something like that happens.Personally, I don't have any data I consider "worth" hacking.
What about people using your accounts for evil and/or tainting your reputation?And anyone can delete yours as well. So your only hope of posting, or following or whatever someone is that people don't block you from doing it. If you don't want things like that happening then you use something super simple as your password instead of a real one. It's like saying "I don't think people are going to rob my house cause I own nothing of value" and thus leaving your front door unlocked, but what you are saying is that the door should be taken off the hinges.
-
@locallunatic said:
The only reason it's not is I don't have an insect screen on it. I like the breeze coming through an open door. I don't like the skeeter bites. I do leave all my windows with insect screens open when I go to work or pop down to the shops. I also don't lock the doors. Only thing I have of "value" are my iPad and my laptop, and I take those with me most of the time. x3@drurowin said:
@Zecc said:
@drurowin said:
I can go back and delete Facebook and Twitter posts if something like that happens.Personally, I don't have any data I consider "worth" hacking.
What about people using your accounts for evil and/or tainting your reputation?And anyone can delete yours as well. So your only hope of posting, or following or whatever someone is that people don't block you from doing it. If you don't want things like that happening then you use something super simple as your password instead of a real one. It's like saying "I don't think people are going to rob my house cause I own nothing of value" and thus leaving your front door unlocked, but what you are saying is that the door should be taken off the hinges.
-
@drurowin said:
Only thing I have of "value" are my iPad and my laptop, and I take those with me most of the time.
What about your fursuit? And you can't tell me you aren't on some kind of psychoactive medication..
-
@drurowin said:
@locallunatic said:
The only reason it's not is I don't have an insect screen on it. I like the breeze coming through an open door. I don't like the skeeter bites. I do leave all my windows with insect screens open when I go to work or pop down to the shops. I also don't lock the doors. Only thing I have of "value" are my iPad and my laptop, and I take those with me most of the time. x3It's like saying "I don't think people are going to rob my house cause I own nothing of value" and thus leaving your front door unlocked, but what you are saying is that the door should be taken off the hinges.
So what you are saying is that the neighborhood kids are constantly raiding your liquor cabinet and you regularly replace things like mirrors, gotcha.
-
@drurowin said:
I can go back and delete Facebook and Twitter posts if something like that happens.
But can you delete those death threathsmorbiussomeone sent Obama in your name?
-
@Zecc said:
@drurowin said:
I can go back and delete Facebook and Twitter posts if something like that happens.
But can you delete those death threathsmorbiussomeone sent Obama in your name?According to him, he's already on a drone kill list since he, I dunno, tried and failed to make a statically-linked version of MySQL..
-
Ok, so apparently I'm late, as it seems we've already moved on to Facebook and Twitter bashing, but your bank really allows twenty character passwords??
Sans Simple (which gets it incredibly right by actually telling you to use a passphrase), I've never seen a bank/other financial/loans institution let you use more than 8-12 characters. I tried to compensate on one by generating a password with random characters, only to be greeted with an SQL syntax error. Ok, thats odd, how has nobody noticed this before?
if(document.forms[3].password.value.indexOf("'")) { alert("You're password may not contain special characters"); return false; }Ohhkayyyy.........
@dhromed said:
Usernames are public. What happens when someone else, which is everybody, knows your username?
School email systems like to do this. The default password at mine was the username. But this was fine, as usernames included randomly sequentially assigned numbers like samc31337@failhigh.cu.ni.li.ng.us.edu; so nobody would be able to hack your account unless they wanted to send you an email or looked you up in the built-in directory.
-
@SamC said:
Simple
Their most recent blog entry is from "Nigeria Prince". It's an April Fools' post, but it's refreshing to see a bank run by hipster douchebags. It seems the financial collapse of 2008 taught us nothing.
@SamC said:
which gets it incredibly right by actually telling you to use a passphrase
That is incredibly wrong! You should be using randomly-generated passwords, stored encrypted somewhere. Fucking passphrases are stupid for many reasons--hard to type, you have to remember a huge number for numerous sites, still less secure than just using a proper fucking password.
@SamC said:
...I've never seen a bank/other financial/loans institution let you use more than 8-12 characters.
I have accounts with: [REDACTED], Citibank, BoA, Amex, Chase, Ally and Discover. All but Discover have 20-character randomly-generated alphanum passwords. The Discover password is 9-character, random alphanum. I don't know if that's a limitation on their end or if I just generated it that way, but 9 characters is still pretty secure, especially for a fucking Discover card.
-
@morbiuswilters said:
Their most recent blog entry is from "Nigeria Prince". It's an April Fools' post, but it's refreshing to see a bank run by hipster douchebags. It seems the financial collapse of 2008 taught us nothing.
Funny enough, I still actually prefer said hipster douchebags to traditional banks. If you look at their blog, you will also note they actually tell you when they fucked up. One of my local bank (actually, this one recently bought by a national one) electronic statements came showing my accounts had been wiped out, all zeroes. After waiting for them to open, calling, waiting on hold for 15 more minutes, the rep assured me that "oh, that happens sometimes, it's nothing to worry about". Right..
In any case, the actual bank used is Bancorp, and it's FDIC insured just like every other US bank.
@morbiuswilters said:
@SamC said:
which gets it incredibly right by actually telling you to use a passphrase
That is incredibly wrong! You should be using randomly-generated passwords, stored encrypted somewhere. Fucking passphrases are stupid for many reasons--hard to type, you have to remember a huge number for numerous sites, still less secure than just using a proper fucking password.
Yes, but what is the password to your encrypted password store? A passphrase thats easy to remember and incredibly long? Or a password that most people would have to write down?
In most cases, I actually do use randomly-generated passwords up to the maximum-permitted length, stored in a password manager protected with a long passphrase. But, for some things, you don't easily have that option, as you need to enter them manually or on mobile apps.
Personally, I don't trust 4-word ones for most things, I usually go at least 5, longer for things that require more paranoia. Try to memorize 16 purely random characters. Now try to memorize 16 purely random words. I don't think you'd generally ever need one that long, but it is doable and has significantly more entropy.
@morbiuswilters said:
@SamC said:
...I've never seen a bank/other financial/loans institution let you use more than 8-12 characters.
I have accounts with: [REDACTED], Citibank, BoA, Amex, Chase, Ally and Discover. All but Discover have 20-character randomly-generated alphanum passwords.
Most of my accounts were, until recently, held at smaller local banks. It was the discovery of the aforementioned Javacript nightmare that prompted me to consider online-only banks. A big plus here is that support time is usually instant, no more 15-minute waits or robots telling you it's past normal business hours.
@morbiuswilters said:
Ally
Come to think of it, Ally had a 16-character limitation. More than 12, but still rather dumb to have one at all. Simple doesn't appear to have a limit at all.
-
@SamC said:
...and it's FDIC insured just like every other US bank.
Great, so when the hipster douchebags fuck up and transfer all of their clients' accounts to North Korea, the taxpayer can bail you out! What moral hazard?
@SamC said:
Yes, but what is the password to your encrypted password store? A passphrase thats easy to remember and incredibly long? Or a password that most people would have to write down?
Mine? 12-character randomly-generate alphanum. But you can use a passphrase if you want. This still has absolutely no bearing on the point, which is whether you should be using a passphrase for your bank accounts. You should not, and they are being wrong by telling you to do so.
@SamC said:
But, for some things, you don't easily have that option, as you need to enter them manually or on mobile apps.
And typing a 70 character passphrase on a touchscreen is easier than typing 12 characters? Wha?
@SamC said:
Try to memorize 16 purely random characters. Now try to memorize 16 purely random words. I don't think you'd generally ever need one that long, but it is doable and has significantly more entropy.
But it's useless entropy. If you need more entropy than 16 random alphanum characters, something is horribly, horribly wrong.
@SamC said:
Come to think of it, Ally had a 16-character limitation.
You're right, it is 16. Still, that's quite sufficient.
Edit:
@SamC said:
Filed under: 0.84% APY ain't half bad
How the hell did you manage to get a back slash in there?
-
@locallunatic said:
You know, I don't have problems with that. I believe in the goodness of my fellow human being, as well.@drurowin said:
@locallunatic said:
The only reason it's not is I don't have an insect screen on it. I like the breeze coming through an open door. I don't like the skeeter bites. I do leave all my windows with insect screens open when I go to work or pop down to the shops. I also don't lock the doors. Only thing I have of "value" are my iPad and my laptop, and I take those with me most of the time. x3It's like saying "I don't think people are going to rob my house cause I own nothing of value" and thus leaving your front door unlocked, but what you are saying is that the door should be taken off the hinges.
So what you are saying is that the neighborhood kids are constantly raiding your liquor cabinet and you regularly replace things like mirrors, gotcha.
-
@drurowin said:
You know, I don't have problems with that. I believe in the goodness of my fellow human being, as well.
How do you reconcile that with the yiffing?
-
@morbiuswilters said:
Wrong, for a variety of reasons. First, your passwords don't need to be memorized--they should be randomly-generated and stored encrypted somewhere. Then you only need to remember a single master password. Having to remember a thousand passwords would be a nightmare and only means you're going to do something stupid along the way. The fact that the baseline that idiot uses is substituting letters of a word with digits or characters shows just how fucking imbecilic he is.
While a cryptographically strong identity proof is the gold standard, it has the practical disadvantage of being rather awkward to remember; you have to record it somewhere (which in turn makes that a weak point in the system). With a memorized password/phrase, at least part of the system is now in the user's head rather than stuck on a post-it under the keyboard. The down-side is that most users are not very good at remembering strong passwords; with fully random symbol sequences, the memorization limit is rather too low for security to be assured (some people can remember more, but they're very much not close to average). The XKCD comic makes the point that what really matters is the total entropy encoded, and that a short sequence of random words (i.e., “symbols” from a very large “alphabet”) is far more memorable than the sequence of wholly random characters with the same total entropy. Hence, limits on the maximum number of characters in a password reduce entropy in practice and encourage worse security practices. The only reason for having a short maximum password length is that you've got a fixed column size in the database (or flat file!) where you're storing the password, and that's unconscionable anyway.
-
@drurowin said:
You know, I don't have problems with that. I believe in the goodness of my fellow human being, as well.
And what happens when someone hacks your passwordless forum account, and posts dumb retarded shit like "passwords r dumb retarded shit" that makes you look like a dumb retarded shit?
Because that's whre I'm assuming this dumb retarded shit is coming from.
-
@dkf said:
...record it somewhere (which in turn makes that a weak point in the system).
Encrypt it.
@dkf said:
...a short sequence of random words (i.e., “symbols” from a very large “alphabet”) is far more memorable than the sequence of wholly random characters with the same total entropy.
But the point is you shouldn't be memorizing passwords in the first damn place. Obviously you'll need to memorize one or two, but if you're relying on memorization for your bank password than you're doing it wrong.
@dkf said:
The only reason for having a short maximum password length is that you've got a fixed column size in the database (or flat file!) where you're storing the password, and that's unconscionable anyway.
Or, as I already pointed out, you're using bcrypt (which is what you should be using) and it has a limit of 55 bytes.
-
@Lorne Kates said:
And what happens when someone hacks your passwordless forum account, and posts dumb retarded shit like "passwords r dumb retarded shit" that makes you look like a dumb retarded shit?
It's drurowin.. I doubt even he can differentiate between the dumb retarded shit he's said under the influence of Kinky Liqueur and the dumb retarded shit said by hackers.
-
@Lorne Kates said:
I never said they were "dumb retarded shit", I'm sure they work for some people. I'd just like to have the option to say "No password, thanks." Just like I have the option to not lock my doors at home.@drurowin said:
You know, I don't have problems with that. I believe in the goodness of my fellow human being, as well.
And what happens when someone hacks your passwordless forum account, and posts dumb retarded shit like "passwords r dumb retarded shit" that makes you look like a dumb retarded shit?
Because that's whre I'm assuming this dumb retarded shit is coming from.
My bank, after calling and making some enquries, was happy to provision my online banking account with just a user ID and no password. So, if you guys want to see how much I have in my savings account, feel free. There's only so many UK banks, and my login ID is the same as my forum username.
-
@drurowin said:
Just like I have the option to not lock my doors at home.
The problem with this is that after you get robbed by one of the millions of criminals in your country, you'll expect other people to try to recover your sketches of Bread Loaf Snout, or at the very least piss away resources trying to re-create them. And you're giving criminals an incentive (well.. if you owned anything other than BLS drawings..) to continue their ways. You're basically punching your fellow man in the cock with your infantile refusal to do something simple like lock your doors. Thanks a bunch, asshole.
-
@morbiuswilters said:
@drurowin said:
It's simpler for me to gain access that way, though, and that makes me a happier customer. Like with my bank, they've got a customer for life by allowing me to access my current and savings accounts online without a password.Just like I have the option to not lock my doors at home.
The problem with this is that after you get robbed by one of the millions of criminals in your country, you'll expect other people to try to recover your sketches of Bread Loaf Snout, or at the very least piss away resources trying to re-create them. And you're giving criminals an incentive (well.. if you owned anything other than BLS drawings..) to continue their ways. You're basically punching your fellow man in the cock with your infantile refusal to do something simple like lock your doors. Thanks a bunch, asshole.
-
@drurowin said:
Like with my bank, they've got a customer for life by allowing me to access my current and savings accounts online without a password.
But you're assuming your bank wants retarded customers. What benefit does that provide them when you get robbed?
-
@morbiuswilters said:
@drurowin said:
Like with my bank, they've got a customer for life by allowing me to access my current and savings accounts online without a password.
But you're assuming your bank wants retarded customers. What benefit does that provide them when you get robbed?
Well the retarded customers might starve to death with no money for food, which would allow them to get rid of retarded people.
-
@morbiuswilters said:
@drurowin said:
Like with my bank, they've got a customer for life by allowing me to access my current and savings accounts online without a password.
But you're assuming your bank wants retarded customers. What benefit does that provide them when you get robbed?
Probably the fact that the terms and conditions state any account holders that are deemed to have not taken adequate security measures with their banking account will not have damages due to digital theft covered by the bank. Having an in-person request from the account holder on file in which he/she explicitly requests online access to the account without any form of password protection certainly fits that bill. It may not only save the bank from paying out any sum of money to cover damages, but it may actually make them money: if the account is mis-used to take out a loan, the account holder can be made to pay it off, including interest...
-
@DescentJS said:
@morbiuswilters said:
@drurowin said:
Like with my bank, they've got a customer for life by allowing me to access my current and savings accounts online without a password.
But you're assuming your bank wants retarded customers. What benefit does that provide them when you get robbed?
Well the retarded customers might starve to death with no money for food, which would allow them to get rid of retarded people.
I don't know about drurowin's retarded country, but here a bank would probably accrue all sorts of fines and open themselves to civil liability for letting users access accounts without passwords.
Also, the type of customer who doesn't want to use a password is usually a crazy old lady who tries to store her cat in a safety deposit box. Just not a customer you want at all.
-
@Ragnax said:
@morbiuswilters said:
@drurowin said:
Like with my bank, they've got a customer for life by allowing me to access my current and savings accounts online without a password.
But you're assuming your bank wants retarded customers. What benefit does that provide them when you get robbed?
Probably the fact that the terms and conditions state any account holders that are deemed to have not taken adequate security measures with their banking account will not have damages due to digital theft covered by the bank. Having an in-person request from the account holder on file in which he/she explicitly requests online access to the account without any form of password protection certainly fits that bill. It may not only save the bank from paying out any sum of money to cover damages, but it may actually make them money: if the account is mis-used to take out a loan, the account holder can be made to pay it off, including interest...
In the US, this would almost certainly run afoul of several Federal, State and industry regulations regarding storing of financial data. Users could possibly waive civil liability, but they can't stop the enforcement of regs.
-
@morbiuswilters said:
@DescentJS said:
You also assume the online banking has more functionality than savings > current and current > savings. Can't open loans, can't transfer to third parties. You could move all the money from my current account to my savings account and inconvenience me for about 5 minutes, but that's about it.@morbiuswilters said:
@drurowin said:
Like with my bank, they've got a customer for life by allowing me to access my current and savings accounts online without a password.
But you're assuming your bank wants retarded customers. What benefit does that provide them when you get robbed?
Well the retarded customers might starve to death with no money for food, which would allow them to get rid of retarded people.
I don't know about drurowin's retarded country, but here a bank would probably accrue all sorts of fines and open themselves to civil liability for letting users access accounts without passwords.
Also, the type of customer who doesn't want to use a password is usually a crazy old lady who tries to store her cat in a safety deposit box. Just not a customer you want at all.
-
@drurowin said:
You also assume the online banking has more functionality than savings > current and current > savings. Can't open loans, can't transfer to third parties. You could move all the money from my current account to my savings account and inconvenience me for about 5 minutes, but that's about it.
That's still disclosure of confidential financial information. shakes head in disbelief
-
I hate it when people spoil the shows on the weather channel.
-
@morbiuswilters said:
@drurowin said:
You know how 7-Elevens have the sign in the window "Register contains less than $50"? "Drurowin's current account contains less than $50." would apply too. There, confidential financial information.You also assume the online banking has more functionality than savings > current and current > savings. Can't open loans, can't transfer to third parties. You could move all the money from my current account to my savings account and inconvenience me for about 5 minutes, but that's about it.
That's still disclosure of confidential financial information. shakes head in disbelief
-
@drurowin said:
"Drurowin's current account contains less than $50." would apply too. There, confidential financial information.
I could have guessed that. The difference is this was information you told me (or that I inferred from other clues)--not information that your bank disclosed to me.
-
@morbiuswilters said:
@drurowin said:
It could be argued that because I've specifically requested not to have a password on my online banking account that I've authorized anyone to view my account information. Again, I don't really care."Drurowin's current account contains less than $50." would apply too. There, confidential financial information.
I could have guessed that. The difference is this was information you told me (or that I inferred from other clues)--not information that your bank disclosed to me.
-
@drurowin said:
@morbiuswilters said:
@drurowin said:
It could be argued that because I've specifically requested not to have a password on my online banking account that I've authorized anyone to view my account information. Again, I don't really care."Drurowin's current account contains less than $50." would apply too. There, confidential financial information.
I could have guessed that. The difference is this was information you told me (or that I inferred from other clues)--not information that your bank disclosed to me.
My voicemail has no PIN. However, it only works when called from my phone (number). If anyone else calls it, they ring my phone.
-
@drurowin said:
It could be argued that because I've specifically requested not to have a password on my online banking account that I've authorized anyone to view my account information.
Trying to argue that you implicitly gave out your account information when you declined a password is exactly the kind of shit a sane business doesn't want to get dragged into. Especially if it's just to satisfy some nutjob customer who can't be arsed to keep a fucking list of passwords. I'm shocked there's a bank incompetent enough to even let you get away with this.
