http://blog.wired.com/27bstroke6/2008/08/british-bank-ba.html
Here is a snippet
A customer of the British bank Lloyds TSB discovered the bank had changed his account password because someone on staff apparently couldn’t take a joke.
Steve Jetley had created the password “Lloyds is pants” after he had a dispute with the bank over free travel insurance that was supposed to come with the account.
But when he tried to access his account over the phone, a call center representative told him the password didn’t match what was in his file. The password had been changed to “no it’s not.”
I am not upset that some support wanker at the bank couldn’t take a joke… You run into that all the time, lots of dumb people out there that can’t appreciate good humour when it bites them… But the very fact that Lloyds lets an employee see a clear text password? WTF WTF WTF WTF WTF WTF???? A clear text password shouldn’t exist ANYWHERE on their systems. Have they not heard of one way hashes? Its a unique concept, you encode the password in such a way that you can’t unencode it unless you brute force try every password possible and compare the resulting hashes to what you are generating. If they need help, just use Active Directory for the backend authentication source, it doesn’t store clear text passwords.
If any Senior people in charge of innovation or security or anything like that at Lloyds reads this blog, I hope they make it a point to mention how silly it is too have clear text passwords. Obviously I am not a London resident and don’t use Lloyds but if I had any clue that my bank had clear text passwords available to its employees, at the very least they could expect me to close out my internet access to my account… And well… knowing me the way I know me, if I can’t get to my bank account over the internet, I am going to be using a new bank in the very short term… And if I can’t find one that can do account security properly, well I have no problem with burying mason jars somewhere on my 12 acres of property.
Another good reason for not having an account with Lloyds TSB. Personally, I lost hope after I spent a while trying to get a debit card out of them when I was 16. I was assured I could have one, and then had the rudest letter from the bank refusing me. So I upped and left at that point.
~x~