Thursday, August 03, 2006

Enhanced Login: Is It Really Necessary?

Think you have enough online passwords to remember? How about adding a couple of more questions each you try to access your account?

Recently, there is a wave to improve securities at several financial institutions by adopting the so-call “enhanced login process.” For the past month, among various accounts I own, I have seen HSBC Direct, ING Direct, and EmigrantDirect followed one another to change their logins.

For HSBC, there isn’t really any change to my opinion. Before, they have user name and password on the same page. The new login process simply splits the user name and password: I first enter my user name, then a new page comes up where I type in my password. I didn’t see any enhanced security features and I don’t understand how this can prove security as they claimed.

At ING Direct, the new process contains two parts: in the first part, I need to kind of “register” your computer by selecting and naming an icon (it actually is a picture) and ING asks me if the computer is the primary computer that I use to access my account (From my knowledge, Bank of America did this early this year). The second part asks me to answer 5 out of 10 questions as an extra layer of protection. The good thing of ING’s new process is that once I registered my computer, those questions won’t show up in the login process unless I try to access my account from another computer. I only need to enter my password.

The biggest hassle came from EmigrantDirect. To setup the new login process, I was also asked to provide 5 out of 10 security question answers. Among them, 5 are standard questions from EmigrantDirect. If I am not happy with these five, I have to come up with different ones. Once this the setup is done, I start to login by first typing in my user name. Then in the new page, I not only have to give my password, but also answer 2 out of those 5 security questions! Even worst, my answers are shown right on the screen!

For me, these enhanced features didn’t really make me feel safer about my accounts. Rather, I saw some of them as unnecessary. Getting access to my own accounts shouldn’t become a headache. I'd rather take precautionary steps, such as use a firewall, install anti-virus and anti-spyware software, and clean-up my computer regularly, than being asked a bounch of questions.


Digg this!   |   Add to deli.cio.us   |   Yahoo

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home