It's my password and I'll swear if I want to

Lloyds TSB changed the password of computer consultant Steve Jetley from Shrewsbury after he had logged it as “Lloyds is pants”.

BBC News reported that the bank also stopped him changing his password to “Barclays is better”. Apparently Jetley discovered that “Lloyds is pants” had been changed only when he tried to use the bank’s telephone service and found his password had become “No it’s not”.

It is good to see that Lloyds TSB takes our password security so seriously. Perhaps Jetley should try “Leave my f**king password alone”.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

This story just highlights how most web sites (not just Lloyds) handle passwords. If they can send your password back to you when requested (and even worse, in a clear text email)then someone/something other than you has access to that password. Have a think, just what is that password protecting? Maybe we should always ask how the password is held on the system. The normal practice is via a one-way hash so it cannot be reversed engineered and nobody but you knows it. If you then loose your password they must send you a new expired one (after some challenge and response criteria success) which has to be changed on first use. I can see some repudiation cases being upheld in the distant future. In this case Steve Jetley might just be right as Barclays use PINSentry which effectively gives you a OTP (one time password).