Tuesday, May 17, 2011

Your social security number is a very poor password

I've written before about why using social security numbers as an identifier is a bad idea. But why learn from other's mistakes, when you can learn from your own?

First Tech Federal Credit Union is the product of the merger of First Technology Credit Union and Addison Avenue Credit Union and they're finally integrating their banking systems. As always, there are a few hiccups in the process. For example, some members are getting new account numbers since there are conflicting account numbers between the two.

There's a bigger problem with the phone banking system. As part of the transition, they need to reset the PINs of all members of the old First Tech (Addison Avenue members are not affected). I'm guessing this is because they're moving the First Tech members over to the old Addison Avenue system. According to the First Tech integration guide (page 11), they're making two changes during the transition at the end of May:
  • you will be able to "use any of  your account numbers to login"
  • "we'll reset your Phone Banking PIN to the last four digits of your social security number"
When you write a check, many businesses ask for the last four digits of your SSN for identification or verification purposes. So anyone with a copy of that check now has access to exactly what they need to access your account by phone.

How sure are you that your account is safe? I'm not – which is why I asked First Tech to disable phone banking on my account.

I love First Tech and have been a member for a long time. Before posting this, I contacted First Tech to notify them of the problem. Their response:
We could not issue new PINs to members because they would have to be issued after our system conversion, which would leave members without access to Phone Banking for at least several days. Setting the PINs to the last 4 digits of the Social Security Number allows members to continue to access Phone Banking during this system conversion. At this point we are moving forward with the plan as stated in the integration guide.
I hope that First Tech will change this decision, but in the meantime, I know that many members will not be aware that their accounts are at risk. Unfortunately, I can't be as sure that hackers aren't targeting First Tech customers. In fact, First Tech is aware of this possibility and specifically advises people to watch out for "phishing" attacks during the transition.

Therefore, I've decided to write this blog post to publicize the problem. I recommend that you disable phone banking for your account before May 26th. To do this, call 1-800-637-0852 option 2 or sign into online banking and send First Tech a message asking them to disable phone banking.

Monday, April 11, 2011

Ironically, a glaring Google grammatical error

Google unveiled a new trivia question a day site to encourage people to learn better searching techniques.

Note this part:
"... signed me ... my importance ... I have ... What is it?"

Why doesn't it end with "What am I?" Apparently, whoever wrote this isn't aware of how to properly use the first person convention in riddles. It just sounds awkward and ungrammatical and likely to confuse solvers.

Personally, I would have used the word "readers" instead of "viewers" but that's a more minor quibble.

Update: Yes, I know that "it" is the intended answer, but the question should have been written so that it was less confusing. A better way to write it would have been "Most modern readers think there's a glaring spelling error in a famous US historical document. Two future presidents signed it and two didn't because they were abroad. What is the error?"

Friday, April 01, 2011

March gets more madness next year

There's no doubt that the selection of teams for this year's NCAA Men's D1 basketball tournament was a complete debacle, with both the tournament selection committee and ESPN commentators proving that they have no special (or normal) ability to decide which teams belong in the tournament.

Today, the NCAA announced a series of changes designed to improve the tournament. First, the tournament will roll back to 64 teams next year. This will avoid the possibility of a team like VCU, which really doesn't belong in the tournament, embarrassing the committee so spectacularly.

Second, the NCAA will no longer use a committee to select the teams or seeding to match up teams. Instead, teams will be selected by the well-respected BCS selection algorithm and randomly dropped into the bracket. This should result in more interesting and competitive games as well as increased revenue for Las Vegas sports books.

Third, the tournament will have eight regionals instead of four with each regional having eight teams. The geographic region names have been a challenge, with the majority of teams seeded outside their region. To avoid that problem, the NCAA announced that the new regions will not be geographically based and instead we will have:
The regions will be matched up differently each year on a rotating basis. So one year, the Dogs will fight the Cats for a Final Four berth while the next year, the Dogs might face the Birds. Teams that don't fit into any of the above categories will be arbitrarily and capriciously assigned to one using the same process that the selection committee has been using for seeding up until now.

UPDATE: After posting this I learned that the Miami Heat is, in fact, an NBA not an NCAA team. My bad.

UPDATE 2: Sorry, this is all made up. Except the part about the Big Ten (sic) having a Legends division.

Search This Blog