Er, Whats My Password

Updated: Jul 26 2002, 05:30am hrs
Do bank customers celebrate user-Id Before you bark out userwhat, hear this bank manager in a computerised branch. We dont celebrate any user-id here. I mean, under the Negotiable Instruments Act, we have bank holidays on Bakr-Id, Ramzan Id and Id-e-Milad. But I have never heard of this one (User-Id).

Perplexed Dr Sharad D Varde, an information system (IS) auditor and director of Vas Management Consultants, has more anecdotes to tell in his Case Studies On Information Systems Security In Banks. Its a collection of experiences of different IS auditors and risk-assessment experts while carrying out IS audits in banks.

Auditing, whichever form it may be, is a boring job, at least for a layman. But certainly not for Dr Varde: These stories are hard to believe. Even my wife was a bit apprehensive. He tells a story where the staff of a bank used to chant the password while typing it down so as to remember it correctly and type without errors. Remem-bering password is not as easy a job as it seems, says Dr Varde.

To elucidate: Older people here (in a bank) find it difficult to remember their usernames and passwords. So, complicated alpha-numeric characters are out of question for them. The solution we found is that they use their own name as username and the name of one of their dear ones as password. And no one was unwilling to let everyone know their passwords that will, afterall, help them in case they forgot the passwords!

However, the systems administrator at the above bank was a jovial fellow. He suggested employees must use college sweetheart names or their own age as passwords. I bet, this password will never be forgotten. None will reveal his or her password, grinned the system administrator.

These anecdotes nevertheless alert us to the perils of modern banking system run by IT-illiterates. Can you imagine a bank manager sharing his password with his colleagues and spreading the risk of letting out confidential information. The case study is a wake up call. Especially in the backdrop of bank scams.