Arbitrary website security and design
Poorly designed websites, and arbitrary security policies peeve me. Why is it that my online banking sites never require me to change my password, but my healthcare reimbursement account site, on which I cannot do anything except look at what claims have been paid and what my balance is, now requires me to change my password every 60 days. This is a little ridiculous. I thought having to change my LAN password at work every 90 days was a pain, but every 60 days for a website that I can’t do anything on? Of course, this company (Ceridian) rolled out an “upgrade” of their system this year which in my opinion is a complete disaster. The website has wasted menu pages with only one link to click on, full new window popups (how 1998!) and randomly organized tables of data (instead of say, chronologically). Not only that, but this also apparently affected their backend processes, so while I used to get a [unnecessary] single page “tear off the edges to open” statement in the mail, I now get an envelope with 3 sheets of paper in it – a cover sheet with my address on it and the amount of the reimbursement (which is direct deposited), a second page which has my account balance, and a blank form for future claims. The first page is half blank space, the second is a third blank space, and the last page is completely unnecessary because most claims are submitted electronically to Ceridian. On the off chance I need to submit a claim myself, the form is available as a PDF from both their website and my company’s intranet.
How about other websites? Why does del.icio.us sign me out after two weeks? Is there a big threat of someone adding a new bookmark to my account? My Yahoo! pretty much never logs me out and it has a bookmark feature.
I’m looking forward to the day when we have more OpenID (and similar) based systems, which might lead to some standardization in password rules and persistence. As far as stopping people from downgrading their websites in attempts to upgrade them? I’m not holding my breath for that.
If you want online banking security, switch to First Niagara. You must change your password everyday. If the computer you are using is not recognized, you must answer a security question. There is also a pass phrase and image for each account. If all of those are correct, you many enter your password to access the account.