I have spent a significant part of the last ten or more years developing my skills, learning how to create and retain complex passwords. Most of my clients insist that their contractors and employees use them, even making sure they are updated every couple of months.

I was shocked this week to discover that my bank does not allow any passwords with symbols such as stars or exclamation marks etc. Not even underscores!  Perhaps the bank knows something that I don’t and have come to the conclusion that complex passwords are no more secure than ordinary ones?

It all came about when I needed to renew my on-line password.  I was having trouble getting the log in page to accept my new password and security code. The instructions were clear but incomplete. They didn’t say that the 8 or more digit password must not contain any symbols, spaces or other characters.   When even this combination failed I finally phoned support only to learn that the letters had to all be capitals.  So this is it, you can get into my business account by simply knowing my ID, my 8 digit or more password and hack a five digit number code where any number cannot appear more than twice. Now how hard can that be?

The worst of it is that my bank’s web page gave no indication that there was an error but simply returned me to the same log on page time after time. For customer interface design the site is a real mess!

This leads me into thinking… how can the bank allow this to happen? Especially when the lady in support admitted that indeed the design was poor and there were many people that had exactly the same problems as I had faced?

If we are going to even pretend to increase security and to design operationally excellent processes, then surely my bank can learn a lesson from some of my colleagues (and if they will not listen to us, then they should at least send some of their process design team members to Professor Ann Vereecke’s Operational Excellence program at the Vlerick school in Belgium)!

Maybe in practice my bank’s overall security is acceptable, I don’t know. But it does seem strange to make an outdated limitation when most of us are getting used to creating and remembering complex passwords.

Have a good week!