Feeds

Password pants-off at Lloyds Bank

Rogue staffer tinkers with login trousers

Gartner critical capabilities for enterprise endpoint backup

Updated: Set yourself a rude password at Lloyds TSB, and it is just possible that you might find it changed to something politer. That was the experience of Lloyds customer Steve Jetley, who attempted to set "Lloyds is pants" as his telephone banking password.

According to Mr Jetley, this was then changed by a member of staff to "no it's not". A certain amount of toing and froing followed. Mr Jetley played "Barclays is better". The computer said ‘no’. He was informed that the system would only accept single words.

Mr Jetley then tried “censorship”, but again, the computer said ‘no’. Apparently six characters is the system limit.

In fairness to Lloyds, it has since apologised to Mr Jetley, putting this incident down to the actions of a single rogue member of staff. A statement from the bank added: "It is very disappointing that he felt the need to express his upset with our service in this way. Customers can have any password they choose and it is not our policy to allow staff to change the password without the customer's permission. (El Reg exclaims: ANY password?)

"The member of staff involved no longer works for Lloyds TSB."

While all this japery may bring a smile to our readers’ lips, it does raise some quite serious issues. According to Mr Jetley, the first he knew that his security details had been changed was when he was informed that his code word did not match with the one on the computer.

When we spoke to Lloyds about this matter, it was less than reassuring. The system in question was one specific to Business Customers: as far as they were aware, the worst that could happen was that Mr Jetley would have been unable to confirm the balance on his account. There was no possibility that this password could have been used to plunder his hard-earned dosh.

Nonetheless, the consequences for any individual of not being able to access business banking information when they wish to could be serious.

Lloyds also confirmed that individual staff members were not allowed to change passwords – but was not so sure whether this also meant that they were not “able” to do so.

Initially, it believed the latter to be the case, but this story would suggest otherwise. It then suggested – but could not confirm - that the system involved in this particular story was an old one and had since been changed.

In other conversations with Lloyds, Reg readers report they have been told that Lloyds Telephone and Online Banking is based on state-of-the-art security principles. We seriously question this.

Or to put it another way: if a six-character password, visible to all system users, and with an apparently instant over-write facility represents the best in current security, then Vulture Central is investing in a very large mattress, under which it will be storing all its ill-gotten gains in future.

Updated: Lloyds sent us the following statement: "The keyword system referred to is one of a number of security checks that are used by Lloyds TSB, primarily for certain small business customers. The system is designed for customers who require a limited range of services such as the provision of an account balance. Other services such as payments require additional security checks.

"In response to customer demand for a wider range of services over the phone, we took the decision last year to introduce a new security number system for small business customers. Both systems are secure and easy to use. The security number is not accessible to staff."®

Next gen security for virtualised datacentres

More from The Register

next story
Drunkards warned: If you can't walk in a straight line, don't shop online, you fool!
Put it away boys. Cover them up ladies. Your credit cards, we mean
Yes, but what are your plans if a DRAGON attacks?
Local UK gov outs most ridiculous FoI requests...
Cops baffled by riddle of CHICKEN who crossed ROAD
'Officers were unable to determine Chicken's intent'
Murder accused DIDN'T ask Siri 'how to hide my roommate'
US court hears of cached browser image - not actual request
Why your mum was WRONG about whiffy tattooed people
They're a future source of RENEWABLE ENERGY
Chomp that sausage: Brits just LOVE scoffing a Full Monty
Sales of traditional brekkie foods soar as hungry folk get their mitts greasy
Nuts to your poncey hipster coffees, I want a TESLA ELECTRO-CAFE
Examining the frothy disconnect in indie cafe culture
Ex-Apple man Sam Sung - for it is he - sticks namebadge on eBay
Stump up via tat bazaar, do a good thing for ill kids
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.