stories filed under: "cleartext"
by Mike Masnick
Thu, Aug 28th 2008 1:17pm
Usually, when you're dealing with a bank, they encrypt your passwords so that no one else can read them. However, apparently that isn't always the case -- and this allowed an employee at Lloyds TSB to change the password of one member from "Lloyds is pants" to "no it's not". The customer actually found the story to be amusing -- but it does seem slightly troubling that the bank, for whatever reason, was reviewing and changing a customer's password. They also forbade him from switching the password to "Barclays is better" and "censorship." Lloyds has apologized, and said the employee in question no longer works for the firm. It also explains why the guy was able to see the password in the first place by noting that on certain business accounts with multiple users, account reps can read the password. This seems pretty weak, though. If it's a business account with multiple users, why not let each user set up their own username and encrypted password? Also, it's still not explained why the guy was looking at users' passwords in the first place.