The signs were all there
Mar. 30th, 2010 01:26 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
ventaI fear the apocalypse may be nigh. Certainly the end times are near.
Bruce Schneier is quoting Jeremy Clarkson.
Bruce Schneier is quoting Jeremy Clarkson.
ventaventa
Profile
venta
Page Summary
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
Style Credit
- Style: Neutral Good for Practicality by timeasmymeasure
Expand Cut Tags
No cut tags
no subject
Date: 2010-03-31 11:32 am (UTC)I've actually has a few cases where bank employees have even (potentially) compromised security by promoting bad policy. They phone me up and then ask for security details. I respond by asking them to prove they're the bank and they are completely baffled, as though nobody's ever said this to them before!
no subject
Date: 2010-03-31 11:48 am (UTC)Not only have they been baffled, but even after I've explained why I want them to do this, they don't seem to understand why it's important.
In fairness, I do think the bank ought to have thought this through and introduced a stage where they verify their identity, or at least included an extra bit of script in case the user asks for it. By the time I've answered the phone they've already got one-factor security ("something I have") on who I am, so a sensible policy would encourage people like me to demand something from them before I hand over information.
The best come-back I heard (from someone asking for my DOB and mother's maiden name) when I asked that they verify their ID first was "but I only want your DOB and mother's maiden name, anyone can get hold of those". Er... yes, they can. So why are you using them for your security checks?
no subject