Password (In)Security at Lloyds
Aug 27

Password (In)Security at Lloyds

Man’s ‘pants’ password is changed: While this is funny, the important takeaway is that Lloyds apparently stores customer passwords in clear text, which is scary.

A man who chose “Lloyds is pants” as his telephone banking password said he found it had been changed by a member of staff to “no it’s not”.

by Deane   August 27, 2008 11:49 PM    |   Follow Gadgetopia on Twitter

Comments

by Mark McNally,   August 28, 2008 3:27 AM  

Think you missed the point that these passwords where used for telephone banking confirmations, if the call operator can't read the password how can they confirm that you gave the right password ??

by yachris,   August 28, 2008 3:37 PM  

Anyone from the UK care to enlighten us Americans on just how bad "pants" is as an insult? Not sure how sensitive they were being...

by Mark McNally,   August 29, 2008 8:54 AM  

Pants are underwear not trousers! Just think "Y-fronts" lol

by Rob,   September 4, 2008 12:56 PM  

@Mark: that is not an excuse (or even a reason) for keeping the passwords in simple text. There are several ways for passwords to be confirmed without the need of an operator actually reading the original password; for example, the same interface any web application has (e.g. the web mail of your choice), where you type the password, it's compared with the one on their database and then it gives an "OK" or "incorrect password". This is one of many ways.

On my blog (www.kinamik.com/blog) I also comment another thing... what reason would that operator have (the one that read and changed the "Lloyds is pants" one) to read the password? What was he/she looking for? Or was it for "fun"? Simply is something to be worried about... I think that proper audit methods should be put in place so operators are accountable of their acts.

Add Comment