Dear Sallie Mae

Your "wish it was two factor" authentication scheme has just become more trouble than it is worth.

(see http://thedailywtf.com/Articles/WishItWas-TwoFactor-.aspx for more info)

I can understand the cost and legal pressures that prompted this change, but that doesn't mean I have to like it. The current expert advice for preventing research attacks on challenge questions and maintaining your sanity ("did I capitalize 'Virginia' "?) is to simply make the answers the same, either use your strong password if the challenge response is used to reset your password, or the site name if it's used after your password/access code.

When I tried to do this, I was informed that I could not reuse any of the last 5 passwords used on your site. This is "not even wrong", and you should read "why software sucks" by david platt. http://www.whysoftwaresucks.com/ It's a good read. The last 5 passwords? Are you kidding? Its better to make one strong password for all financial sites, and until you can come up with a good way to do single sign on between all these websites (many have tried and failed) "that dog just aint gonna hunt".

Your site is used a handful of times a year, and no human can be expected to remember the myriad of financial website's passwords if they need to change periodically. It's also inappropriate for you to assume we'll write them down, or god-forbid, store them on disk somewhere (unless it's your wi-fi password - if someone can get to that, wifi is the least of your worries).

For now, I'll contact a much more expensive human representative over the phone if I need to conduct business with you. Maybe if things affect your bottom line enough, you'll take note.

FYI: to create a strong password - come up with a memorable phrase, like "You would think a security expert would know better." Then take each first letter, ywtasewkb, then alternate caps in some pattern, YwTaSeWkB, then throw in a number or two or some other character so you'll make all the different sites happy. 'YwTaSeWkB2@'. Or pick the last character. Whatever you feel like. Set all your financial website passwords to the same thing, and you'll end up typing it every day. Reboot once a year to feel really good. Make sure you use a different password for all your email addresses/ social networking sites. Enjoy :)

-- Claire
Posted by 3 comments:

Baby Quilt for Brooke

My dear friend is about to give birth to her first child and requested a baby quilt for her little guy. The room is themed "Jungle", the same for my brand new nephew! Both baby quilts will be similar in appearance- with the green being traded out for a tan in the other. I will post pictures of the other quilt when I finish it- hopefully tonight!

This one is titled: "Standard example usage"
"Maker's Mark"
"Blanket fort example usage"
"A gazelle is freakin fast!"
"Exhibitionist sample usage"
Posted by 1 comment:

Christmas Pictures

Erik practicing Christmas carols

Sisters!
My new socks from Sheila


Scrabble battle between Erik and Mom
Charlie was so happy...Santypaws brought him a new bone and a squeaky grizzly bear.
Sheila unwrapping a 2008 Santa Nutcracker
Dad opening a gift from Sheila.

Posted by No comments:
Subscribe to: Posts (Atom)