Wednesday, March 30, 2011

Security Overkill

I'm required to use a Citibank credit card for official, business travel.

Their website is horrible. And their security is risibly oversensitive.

I don't travel much, and it used to be that every time I logged in to pay my bill I would have to call them to get my password reset. Turns out - the guy said, last time this happened - you have to change your password every sixty days and if you don't log in within those sixty days you get locked out.

Okay. Fine. Sigh.

I put a recurring reminder on my calendar to log in and change the password every seven weeks. (Did I mention, you must use IE?) What happened? "Logon credentials are invalid."

So at least I could still reset the password by answering all the questions (first pet's name? billing zip code? last six digits of account?) and then, when I logged in, I had to answer another security question.

So I've changed the reminder to every six weeks. We'll see if that makes a difference.

At some point security hoops become so not worth it, and if you can you abandon the company/bank/website requiring them for one that lets you never change your password. I'm not sure exactly where that point is. But Citi is well past it.

Labels: ,


Post a Comment

Subscribe to Post Comments [Atom]

Links to this post

Links to this post:

Create a Link

     <-- Older Post                     ^ Home                    Newer Post -->