02 November 2009
Password and PIN problems
Why is it that websites deem a 6 character all lower case password to be "very weak" when there's 306million+ possibilities. Yet a 4 digit PIN (9999 possibilities) is secure enough for banks?
The website one is almost 31,000 times more secure yet is deemed "weak". Surely a rule for websites that if the incorrect password is used a certain number of times the account is locked would be sufficient to make the weak password 31,000 times stronger than the bank's security.
We have to be practical about this. In reality, any rules around requiring a password to have upper and lower case letter and special characters such as $,% etc simply make it much more likely people will write the passwords down. Just because this makes it the person's problem rather than the website's is no excuse - the overall security of the account is the issue, including the likelyhood that the account will be broken into because the password was so complicated it, together with the dozons of other passwords from other sites, all had to be written down somewhere because it was too much to remember.
Can we please have simpler password rules for websites and some way of having one strong security mechanism which ties them all together?
02 March 2009
1. First of all the government should realise that by trying to weasel around contract law and pension law by claiming back his legal entitlement, it opens the floodgates for all those hard-done-by benefit claimants that really need the government's support and are all too often eliminated from the basic money they need by government red tape. I know, I've had the chancellor of the exchequer tell me so personally (he used to be my MP). The government all to regularly hides behind legislation that results in the needy being denied money because of red tape (e.g. form says "please return this form within a month otherwise your claim may be delayed" without informing the claimant that the underlying legislation requires the form to be returned within a month otherwise the claim will be invalid and so on). If the government can twist and bend the legislation to get back some of Sir Fred's pension then it should certainly have a thought for the hard done by citizens of this country, struggling in a recession on a lot less than Fred's feather bed nest egg and who the government is all to happy to exclude from a basic minimum entitlement, despite paying national insurance etc. If the government can bend the rules to rake in money, it can surely bend the rules to pay it out to those who need it most.
2. If the government is adopting the new found stance of ensuring that failure isn't rewarded and that people don't want away from failure with large fat-cat salaries then we really need to question what example MPs are going to set. After all, Gordon Brown has presided over the biggest economic failure this side of the great depression yet in 2 years will walk away from that failure with a well paid job in the city and a pension that even Sir Fred Goodwin would enjoy. Surely if bankers are to be penalised for failure, the same rule should apply to the politicians which allowed the bankers to be so reckless in the first place. The buck stops with government. I'm sure the politicians that preside over failure would be a lot less keen on calling for Fred to pay back some of his pot if the same politicians were having their pension pot culled by the same percentage and for exactly the same reasons.
That's what I don't like about Labour. One rule for them and another one for everyone else.
Shoe on the other foot, Gordon Brown?
26 February 2009
Lord Stevenson, former chairman, HBOS Bank
Andy Hornby, former CEO, HBOS Bank
Sir Fred Goodwin, former CEO, RBS Bank
Sir Tom McKillup, former chairman, RBS Bank
John McFall MP, chairman, Treasury Select Committee
Alistair Darling, Chancellor of the Exchequer
Sir Terry Wogan, presenter of the BBC Radio 2 Breakfast Show
It's Terry Wogan, the only one with a banking qualification.