The Motley Fool Discussion Boards

Previous Page

Financial Products & Services / Online Banking


Subject:  Security versus Usability Date:  7/28/2006  9:57 AM
Author:  Patzer Number:  21621 of 24361

Anyone who has been around computers a few years knows that there is an inherent tension between security and usability. The more secure a system is, the harder it is to use. The more convenient access is, the greater the security risk. Of course, this inherent tradeoff does not eliminate the possibility of less efficient implementations making a system both hard to use and insecure.

In their efforts to increase security (or at least the appearance of security), both ING and Emigrant are getting to where I'm a bit disgusted with the usability barriers.

It started with ING. Perhaps 30% to 40% of the time, misread which portion of my SSN they want or fail to register the correct click with my mouse and have to try more than once to log in. I have yet to set up the newer, more secure login process. When I try to log in this morning to get that set up, the site tells me, "We're sorry for the inconvenience. This function is currently not available." Well, that's pretty secure.

For all the nuisance of the long password and the multiple questions, at least Emigrant let me use the keyboard to log in. But wait a minute! There's the long password, plus the personal information question, plus the security question. All the answers are *'d out so I can't see typos. Okay, first time it says I'm wrong. Check my typing very carefully the second time. Strike two. Do one-finger typing (plus shift key as appropriate) to verify absolutely correct responses on the third try. Strike three! Your account has been locked, please call Customer Service.

This is getting very frustrating. Just when I thought Emigrant was really getting its act together on the interface, it becomes so secure that I can't see it.

As I'm typing this, I get through the hold and get Emigrant customer service on the line. Go through the standard list of security quesitons. Okay, she can set up a temporary new password and give me half over the phone plus email the other half. Small problem. No access to home email from work. Okay, she takes my work email from me and sends it there. Now, that's secure! I hope she has caller ID and could match the number I called from to the work number I had on file with them.

Log out. Log in again. Get the same questions that locked me out. Type in the same responses. It logs me in this time. Go figure.

Go back to ING. That feature is still not available. Hmm. Have to try that again from home, where I have all the email that ING has sent me about the security changes.

I wonder if HSBC is going to get more annoying than simply the recent change to entering ID first then password on the next screen? Even with all its clumsiness and slow transfers, if I can get into HSBC at least I can get money out of Emigrant when Emigrant locks me out.

I hope the industry in general gets to a balance with a bit more usability than the current system. For contigency . . . I guess I need to think about doing all custom challenge questions and making the answers easy to type. Hmm. I need to look at recurring transfers and put time limits on all of them, too. I can't afford recurring transfers indefinitely if the system might lock me out at any time.


Copyright 1996-2021 trademark and the "Fool" logo is a trademark of The Motley Fool, Inc. Contact Us