My Credit Union Spent Two Weeks to Downgrade Security

A few weeks ago my credit union mentioned they were upgrading the systems that handle their online banking features and the system would be down this weekend.

When the system came back online, I tried to login, but they had wiped all the passwords so I had to create a new one. Since the one I had before was pretty secure and I had it memorized, I figured I’d just used the same password again. Oops, not so fast. The system rejected my password with the following message:

That’s right. Last week I could use a 12 character password. Now, after the upgrade the system can handle a maximum of 10.

Not to worry, though. In order to ensure my account doesn’t get hacked, the system asked me to set up three challenge questions, the answer to which — if I actually followed along — is easily discoverable on the Internet. I typically use another 12 character passphrase for the answers to the challenge questions, but really whoever signed off on this should be ashamed.

This is one of the few times maintaining such a small balance has actually made me feel better.

Post Revisions:

Leave a Reply