Password (In)Security at Lloyds

By Deane Barker on August 27, 2008

Man’s ‘pants’ password is changed: While this is funny, the important takeaway is that Lloyds apparently stores customer passwords in clear text, which is scary.

A man who chose “Lloyds is pants” as his telephone banking password said he found it had been changed by a member of staff to “no it’s not”.

Gadgetopia

Comments

  1. Think you missed the point that these passwords where used for telephone banking confirmations, if the call operator can’t read the password how can they confirm that you gave the right password ??

  2. Anyone from the UK care to enlighten us Americans on just how bad “pants” is as an insult? Not sure how sensitive they were being…

  3. @Mark: that is not an excuse (or even a reason) for keeping the passwords in simple text. There are several ways for passwords to be confirmed without the need of an operator actually reading the original password; for example, the same interface any web application has (e.g. the web mail of your choice), where you type the password, it’s compared with the one on their database and then it gives an “OK” or “incorrect password”. This is one of many ways.

    On my blog (www.kinamik.com/blog) I also comment another thing… what reason would that operator have (the one that read and changed the “Lloyds is pants” one) to read the password? What was he/she looking for? Or was it for “fun”? Simply is something to be worried about… I think that proper audit methods should be put in place so operators are accountable of their acts.

Comments are closed. If you have something you really want to say, email editors@gadgetopia.com and we‘ll get it added for you.