6

I recently went to an office to open up a demat account

Manager: so your login and password will be sent to you and then once you login you'll be prompted to change the password

Me: *that's a good idea except that you're sending me the password which could be intercepted* ok

Manager: you'll also be asked to set a security question...

Me: *good step*

Manager: ...which you'll need to answer every time you want to login

Me: *lol what? Maybe that's good but kinda seems unnecessary. Instead you guys could have added two factor authentication* cool

Manager: after every month you'll have to change your password

Me : *nice* that's good

Manager: so what you can do change the password to something and then change it back to what it was. Also to remember it keep it something on your number or some date

Me: what? But why? If you suggest users to change it back to what it was then what is the point of making them change the password in the first place?

Manager: it's so that you don't have to remember so many different passwords

Me: but you don't even need to remember passwords, you can just use softwares like Kaspersky key manager where you can generate a password and use it. Also it's a bad practice if you suggest people who come here to open an account with such methods.

Manager: nothing happens, I'm myself doing that since past several years.

Me: *what a fucking buffoon* no, sir. Trust me that way it gets much easier to get access to your system/account. Also you shouldn't keep your passwords written down like that (there were some password written down on their whiteboard)

Manager: ....ok...so yeah you need sign on these papers and you'll be done

Me:(looking at his face...) Umm..ok

Comments
  • 0
    @1989 India
  • 0
    @1989 oh actually I had gone there through a contact and this person had already talked an employee there and I felt it might be rude to deny....and I ended up going there... :|
  • 0
    @1989 oh cool, thanks man.
  • 0
    It is already an anti pattern to force users to change the password regularly. Because that often leads to users using patterns to generate passwords so they are easier to guess. This way users can remember their pw easier.
    Doing that too for my user account at work because I cannot use keepass before being logged in. :)
Add Comment