Feeds

Password pants-off at Lloyds Bank

Rogue staffer tinkers with login trousers

Top 5 reasons to deploy VMware with Tegile

Updated: Set yourself a rude password at Lloyds TSB, and it is just possible that you might find it changed to something politer. That was the experience of Lloyds customer Steve Jetley, who attempted to set "Lloyds is pants" as his telephone banking password.

According to Mr Jetley, this was then changed by a member of staff to "no it's not". A certain amount of toing and froing followed. Mr Jetley played "Barclays is better". The computer said ‘no’. He was informed that the system would only accept single words.

Mr Jetley then tried “censorship”, but again, the computer said ‘no’. Apparently six characters is the system limit.

In fairness to Lloyds, it has since apologised to Mr Jetley, putting this incident down to the actions of a single rogue member of staff. A statement from the bank added: "It is very disappointing that he felt the need to express his upset with our service in this way. Customers can have any password they choose and it is not our policy to allow staff to change the password without the customer's permission. (El Reg exclaims: ANY password?)

"The member of staff involved no longer works for Lloyds TSB."

While all this japery may bring a smile to our readers’ lips, it does raise some quite serious issues. According to Mr Jetley, the first he knew that his security details had been changed was when he was informed that his code word did not match with the one on the computer.

When we spoke to Lloyds about this matter, it was less than reassuring. The system in question was one specific to Business Customers: as far as they were aware, the worst that could happen was that Mr Jetley would have been unable to confirm the balance on his account. There was no possibility that this password could have been used to plunder his hard-earned dosh.

Nonetheless, the consequences for any individual of not being able to access business banking information when they wish to could be serious.

Lloyds also confirmed that individual staff members were not allowed to change passwords – but was not so sure whether this also meant that they were not “able” to do so.

Initially, it believed the latter to be the case, but this story would suggest otherwise. It then suggested – but could not confirm - that the system involved in this particular story was an old one and had since been changed.

In other conversations with Lloyds, Reg readers report they have been told that Lloyds Telephone and Online Banking is based on state-of-the-art security principles. We seriously question this.

Or to put it another way: if a six-character password, visible to all system users, and with an apparently instant over-write facility represents the best in current security, then Vulture Central is investing in a very large mattress, under which it will be storing all its ill-gotten gains in future.

Updated: Lloyds sent us the following statement: "The keyword system referred to is one of a number of security checks that are used by Lloyds TSB, primarily for certain small business customers. The system is designed for customers who require a limited range of services such as the provision of an account balance. Other services such as payments require additional security checks.

"In response to customer demand for a wider range of services over the phone, we took the decision last year to introduce a new security number system for small business customers. Both systems are secure and easy to use. The security number is not accessible to staff."®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Win a year’s supply of chocolate (no tech knowledge required)
Over £200 worth of the good stuff up for grabs
Facebook's Zuckerberg in EBOLA VIRUS FIGHT: Billionaire battles bug
US Centers for Disease Control and Prevention contacted as site supremo coughs up
Space exploration is just so lame. NEW APPS are mankind's future
We feel obliged to point out the headline statement is total, utter cobblers
Red Bull does NOT give you wings, $13.5m lawsuit says so
Website letting consumers claim $10 cash back crashes after stampede
Down-under record: Australian gets $140k for pussy
'Tiffany' closes deal - 'it's more common to offer your wife', says agent
Internet finally ready to replace answering machine cassette tape
It's a simple message and I'm leaving out the whistles and bells
Swiss wildlife park serves up furry residents to visitors
'It's ecological' says spokesman, now how would you like your Bambi done?
The iPAD launch BEFORE it happened: SPECULATIVE GUFF ahead of actual event
Nerve-shattering run-up to the pre-planned known event
STONER SHEEP get the MUNCHIES after feasting on £4k worth of cannabis plants
Baaaaaa! Fanny's Farm's woolly flock is high, maaaaaan
FedEx helps deliver THOUSANDS of spam messages DIRECT to its Blighty customers
Don't worry Wilson, I'll do all the paddling. You just hang on
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.