Financial Account Aggregation

Three years ago, I wrote a blog post entitled Internet Security Rule One about the stupidity of sharing your passwords with anyone. I finished that post with a joke. Look, I’ll tell you what. I’ve got a really good idea for an add-on for your online banking service. Just leave the login details in a comment […]

First Direct Update

Earlier in the week I talked about my concerns with First Direct’s new password policy. I got an email from them about this, but it really wasn’t very reassuring. But I kept digging. And on Thursday I got a bit more information from “^GD” on the @firstdirecthelp twitter account. It still doesn’t answer all of […]

First Direct Passwords

I’ve been a happy customer of First Direct since a month or so after they opened, almost twenty-five years ago. One of the things I really liked about them was that they hadn’t followed other banks down the route of insisting that you carried a new code-generating dongle around so that you can log into […]

Internet Security Rule One

Internet security rule one is “do not share your password with anyone”. There should be no exceptions to this rule. If anyone asks you to share your password with them, your answer should always be no. Sometimes people say “oh well, it’s only a password for [some unimportant web site] – what harm could it […]

More Password Idiocy

When will web sites start to be careful with people’s passwords? Oh, I know that a few sites get it right, but it seems to me that the vast majority still don’t have a clue what they are doing. Here is today’s example. I got an email this morning from a company called RAM (that’s […]

Hating Computers

Right now I’m hating all computers with a fierce intensity. You all know about the server disk crash. I’m still dealing with the fallout from that. In addition to that, on New Year’s Day I upgraded my main desktop machine to Fedora 8 – with the result that the wireless network (which is how that […]

Password Basics

I’ve banged on before about the need for web sites to store passwords encrypted. This is a good example of why it’s necessary. Fasthosts, “the UK’s number 1 web host”, has fired off emergency emails telling customers to change all their passwords after police were called in to investigate a major data breach. Also note: […]

Basic Password Handling

This afternoon I signed up to a new web-based application from a very well-known media company. I gave them my email address and the password that I wanted to use and a few minutes later I got an email from them confirming my registration. That was fine. But then I noticed that the email from […]