joshwex90

All right there in the title. I just can't keep up with remembering what the password is. It's one thing for banks in Israel to do it, but LY? (Not that the banks should do it, but at least I get it.)

awayIgo

Once upon a time people thought it was safer. There have been things saying it is LESS safe. Regardless this is what I do.

Lets say my password is ( it is NOT)

123ABC,

my new password becomes

123ABD

and then

123ABE

or you could do the reverse

Password123

Password124

Password125

moe8555

What the previous poster does is exactly what I do as well.

But I completely agree: very unnecessary to be forced to change so often.

economyman

Most airlines never require you to change your password. I have not had to change mine for years and it has never been an issue. Also, LY's password is convoluted with a 4 digit PIN plus 4 letters - a very weird implementation of security.
Overall the approach to web security at banks and other organizations in Israel has been very badly thought through. IME changing one's password regularly increases the security risk rather than reducing it, unless there is a good reason to do so such as a breach.

mikebg

After complaining about the issue, I have recently been told by my (Israeli) bank that they have dropped the requirement to change the password often.

joshwex90

Agreed 100%. That's what makes the password so annoying as I'm always coming up with something new that satisfies the ridiculous requirements.

For UA, you have a password and PIN. The password and PIN I have have been the same since 2007 at least. Never had any issues whatsoever.

Which bank?!

mikebg

FIBI

joshwex90

Being partially owned by Discount, you'd think they'd introduce the same customer-friendly measure

entropy

Changing passwords regularly generally means that people change from a possibly secure password to one that is structured and/or written down.

worse for security...

clubman

I hate it.

In fact I've forgotten my bank password 3 times in the past month due to the constant requirement to change it.

I've had the very same password with my UK bank as well as with all my other FF programs (BA,VS,IB etc) for years now, so what do these Israeli institutions know that they don't?

joshwex90

clubman, I'm the same. I just had to change my bank password (Discount). That means having to save the new password in my phone so I don't forget it which means I'm screwed if that gets hacked. At least my standard password is so random that I'm only in trouble if the bank themselves get hacked. Which is the same regardless of password

LatusElAl

Nothing.
Its called typical Israeli arrogance.

clubman

Josh, I think reaching out to Liat here is a total waste of time.

Who knows if she's even working for them anymore, and if she is she sure hasn't been around here in a very long time...

nombody

In regards to Israeli banks, don't blame them, most of the rules are set by the Bank of Israel, and in this regard Bank of Israel is following the pattern of Asian regulators like Singapore and Hong Kong.

In regards to El Al, it's yet another indicator of a poor website design, in that no one has done any sort of risk analysis on the password policies or any comparison with comparable airline frequent flyer websites. IF they had done a comparison they would have realized that no airline or hotel FF website requires users to reset their passwords on a regular basis, and the only cases where it has been required were in case of a security breach, or where the website is upgrading their password policy requirements to require more complex passwords.

Indelaware

I knew an organization that required its employees to create passwords that contained two upper case letters, two lower case letters, two digits, and a punctuation mark. It was further required that no letter be followed by one or more letters such that a word in English was spelled. On top of all that, employees were required to change their passwords each month. This entire practice was thrown out the window by senior management when the audit department went around one night and found that a very large majority of employees kept their passwords written down in their desks - sometimes attached to the desk, computer, monitor, or wall.

Often times it is paranoia that is the greatest risk to security.