I hold a credit card account with a financial institution
which shall remain nameless, aside from the observation that
their name suggests that they’re America’s national bank.
Personally, I prefer credit unions,
so my wife and I use the card only as a backup, in case something goes wrong
with the credit union’s card.
For reasons that don’t require elaboration, that happened last month.
When the bill came due, I went to visit their website.
It was the first time in months, if not years,
so upon logging in I encountered a web page happily offering
to let me pay my bill — so long as I verified my identity first.
Very well; I understand the problem.
I selected the option for a text message with a security code to my phone
Did I mention I was waiting? Because America’s would-be national bank
seemed to have forgotten me.
This must not be that uncommon, as they had an option to request another code.
I clicked on that button, again selected my phone, and waited.
At this point I noticed a warning on the webpage
that the code is valid for only 10 minutes.
It’s been a good 5 minutes already. Hmmm…
Alright, let’s try a security code via email. I selected that, and…
that worked! Within moments, my email held a security code.
Off I go and log in.
On the one hand, I like that resolution, because email is civilized,
while telephones are barbaric.✝I’ll revisit this eventually, but in short:
with email you can notice that someone needs your attention,
triage the request against others, as well as your own urgent obligations,
or even your not-so-urgent obligations,
then reply at your convenience.
You can silence an email client without feeling too guilty.
Telephones, by contrast, demand urgent attention, now, now, now
— which woudln’t be so bad
if people would use telephones for urgent matters,
which they almost never do.
The situation was resolved, and the bank gave options. Very good.
On the other hand, email accounts are hacked pretty often,
and email is an insecure medium. That’s not so great.
What happened to those text messages, anyway?
I learned about 36 hours later, when one of them popped up on my phone…
then again 60 hours later, when the second popped up on my phone.
“Ten minutes”, eh?
So, infotech’s solution to
security failures on their end
is to foist on users
increasingly unreliable, highly inconvenient nuisanceware
that even major financial institutions of national reach
can’t implement correctly.
Should I go ahead and fill out a check to the
Mailer Dæmons gang now?