Many of us, myself included, manage our financial lives online. I use Quicken as well as financial institutions' websites to conduct much of my financial affairs, from paying bills to managing our portfolio. An ever present trade-off in the world of online finance is the level of security provided to users vs. the hassle that is imposed on users to achieve that security.
Many financial institutions are now moving towards two factor identification of users. Previously, all you needed to log into your account was your trusty user name and password. These days many institutions require another element to ensure that you are who you say you are. Some financial outfits are able to provide this extra layer of security elegantly and gracefully, while others seem on a mission to make life as difficult as possible for their customers.
One institution that does a phenomenal job of increasing security without creating a hassle, is Bank of America. Bank of America uses what it calls a SiteKey to help you verify that the website you are visiting is indeed their corporate website. The idea is as simple as it is elegant. When you sign up for BoA's online account access, you are asked to select a personalized picture from a long list. When you get to the BoA log-in page you are asked to enter your user name. On the next page, there is a copy of the personalized picture you selected, as well as a place to enter your password. Since only BoA knows which picture you originally selected, if that picture is not displayed, you know that something fishy (or physhy... ) is going on. In addition, if you log into your bank account from your regular computer, you are only asked for your password. If you are using a computer that you did not previously designate as authorized, you are also asked a simple security question, to verify your identity.
In this way, security is improved dramatically without sacrificing ease of use. I don't say this often, but Bank of America deserves serious kudos for this approach.
On the flip side, there are those financial institutions that appear intent on annoying their customers. For example, I pulled the vast majority of our money from ING, because of their annoying security features. Log-in required me to provide my account number - a long list of digits - instead of an easy to memorize user name. In addition to my password, they also required me to enter a security code using an on-screen virtual key board. As if that was not enough, they kept shifting the location of letters on this keyboard, seemingly for the sole purpose of confusing me further. Why was all that necessary?
Ironically, I shifted our money from ING into HSBC, which adopted very similar and annoying security measures only a few months after I opened an account with them.
Interestingly most of our financial institutions have not changed their security and log-in procedures. Our credit card companies, online broker, 401k providers etc. all require a simple user name and password for log-in. Quite frankly, this simpler approach is perfectly fine with me. I feel just as secure with those basic measures as I do with those more elaborate and cumbersome ones.
Do you have similar examples? What's you opinion of the trend towards tighter and more cumbersome security measures?