Well it was bound to happen, from the moment the damn thing arrived through the door I knew this day would come.
Now it has… I’ve lost my pinsentry!
Pinsentry is the calculator like device Barclays forced upon their customers a couple of years ago to improve online security. The introduction was far from smooth. I discovered I needed one when online one day and trying to add a new destination account for a money transfer. I then had to make a phone call to request one. How nice of them to be so pro-active! (not!). Honestly fancy locking your customers out of some of their account services and not sending them the key in advance? If my money transfer was something urgent, business related, there could have been big trouble. As it was it was just some money to my brother who had picked something up for me on his credit card.
Anyway, it arrived a few days later, and now I have to use it to log in on the website.
Their reasoning is that it improves website security… Hmmm… If it’s so good, why haven’t I seen other banks issuing them? I’ve had this damn thing for over a year. If they were really that worried about website security they could have just improved their old password system… This system insisted on a password of at least 6 characters (that’s fine, maybe a little low, but good it’s that high), unfortunately it then insisted on it being 8 characters of less… not good. Stay with me, it gets better.
So I type in a good secure (well as good as I can get with 8 characters maximum) password, mixture of letters and numbers. Guess what? No numbers allowed. Jeeez.
No I know a little bit about system security, I’ve been a programmer for many years. I’ve worked for very large defence contractors, been vetted under the official secrets act and assisted a company pass PCI accreditation.
Why no numbers? The 8 character maximum is obviously because their database field was defined too small, but why remove 10 possible characters from each of the 8 bytes of storage they do have? Obviously you don’t want people to put in their phone numbers as passwords, but the normal industry standards just insist on a mixture of numbers and letters.
In frustration I typed “Aaarrggh”. Guess what? That failed too. Too many repeated letters! Honestly, one night I will sit down and work out the possible permutations they are excluding with all their funny filters!
I eventually got something accepted. I’m not going to tell you what it is though. Let’s just say that it would fail a dictionary attack! Brilliant eh? Oh well, you still need the pinsentry and my pin, and my card… And right now I don’t have the pinsentry, so even I can’t get in!
Which means I can’t pay my credit card. I could write a cheque, but before that gets cashed I need to move some money into the current account to meet it. To do that I need to log on, and… Aaarrggh!
So tomorrow I have to go and face one of the bods behind the bullet proof screen and ask them for a new pinsentry. I bet they don’t keep any in the branch, but they damn well should!
