Feeds

Password pants-off at Lloyds Bank

Rogue staffer tinkers with login trousers

Choosing a cloud hosting partner with confidence

Updated: Set yourself a rude password at Lloyds TSB, and it is just possible that you might find it changed to something politer. That was the experience of Lloyds customer Steve Jetley, who attempted to set "Lloyds is pants" as his telephone banking password.

According to Mr Jetley, this was then changed by a member of staff to "no it's not". A certain amount of toing and froing followed. Mr Jetley played "Barclays is better". The computer said ‘no’. He was informed that the system would only accept single words.

Mr Jetley then tried “censorship”, but again, the computer said ‘no’. Apparently six characters is the system limit.

In fairness to Lloyds, it has since apologised to Mr Jetley, putting this incident down to the actions of a single rogue member of staff. A statement from the bank added: "It is very disappointing that he felt the need to express his upset with our service in this way. Customers can have any password they choose and it is not our policy to allow staff to change the password without the customer's permission. (El Reg exclaims: ANY password?)

"The member of staff involved no longer works for Lloyds TSB."

While all this japery may bring a smile to our readers’ lips, it does raise some quite serious issues. According to Mr Jetley, the first he knew that his security details had been changed was when he was informed that his code word did not match with the one on the computer.

When we spoke to Lloyds about this matter, it was less than reassuring. The system in question was one specific to Business Customers: as far as they were aware, the worst that could happen was that Mr Jetley would have been unable to confirm the balance on his account. There was no possibility that this password could have been used to plunder his hard-earned dosh.

Nonetheless, the consequences for any individual of not being able to access business banking information when they wish to could be serious.

Lloyds also confirmed that individual staff members were not allowed to change passwords – but was not so sure whether this also meant that they were not “able” to do so.

Initially, it believed the latter to be the case, but this story would suggest otherwise. It then suggested – but could not confirm - that the system involved in this particular story was an old one and had since been changed.

In other conversations with Lloyds, Reg readers report they have been told that Lloyds Telephone and Online Banking is based on state-of-the-art security principles. We seriously question this.

Or to put it another way: if a six-character password, visible to all system users, and with an apparently instant over-write facility represents the best in current security, then Vulture Central is investing in a very large mattress, under which it will be storing all its ill-gotten gains in future.

Updated: Lloyds sent us the following statement: "The keyword system referred to is one of a number of security checks that are used by Lloyds TSB, primarily for certain small business customers. The system is designed for customers who require a limited range of services such as the provision of an account balance. Other services such as payments require additional security checks.

"In response to customer demand for a wider range of services over the phone, we took the decision last year to introduce a new security number system for small business customers. Both systems are secure and easy to use. The security number is not accessible to staff."®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Apple CEO Tim Cook: My well-known gayness is 'a gift from GOD'
'I have benefited from the sacrifice of others'
MEN: For pity's sake SLEEP with LOTS of WOMEN - and avoid Prostate Cancer
And, um, don't sleep with other men. If that's what worries you
Jim Beam me up, Scotty! WHISKY from SPAAACE returns to Earth
They're insured for $1m, before you thirsty folks make plans
Now: The REAL APPLE NEWS you need to know
OMG! Gravity's totes amazeballs. Calm down, George Clooney, not your film
Boffins who stare at goats: I do believe they’re SHRINKING
Alpine chamois being squashed by global warming
Let's make an app that POSTS your POO to APPLE HQ
Plus: It's OPEN WARFARE in the Linux greybeard world
Adorkable overshare of words like photobomb in this year's dictionaries
And hipsters are finally defined as self-loathing. Sort of
Not a loyal follower of @BritishMonarchy? You missed The QUEEN*'s first Tweet
Her Maj opens 'Information Age' at the Science Museum
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The Heartbleed Bug: how to protect your business with Symantec
What happens when the next Heartbleed (or worse) comes along, and what can you do to weather another chapter in an all-too-familiar string of debilitating attacks?