Originally Posted by peachfront

These are all absolutely terrible suggestions. No offense, guys. I realize they are the standard suggestions, and you mean every good thing by offering them. But there is lots of evidence that more and tougher passwords don't work, more and tougher security questions don't work, and so on. Why is that? Pretty simple. The human brain.

Nobody over the age of 23 or so can remember multiple passwords. Having a different password for every account is guaranteed hours lost out of your week every month -- if not every week. "Where do you go to high school? Corey Feldman." Like you're going to remember THAT eight years (or even 8 montsh later). I remember once chewing out my broker. "It won't let me log in because it wants to know my favorite movie. Hello, I'm an adult? I don't have a favorite movie." Later, when I realized what it was, I felt pretty foolish. I could have googled myself on the internet and found out what it was. Everybody in the world could have answered that question...except me. [Don't get excited, bad guys. I gave up on jumping through hoops every time I wanted to make a trade and closed the account.]

The more passwords, the more questions...the more your account is available only to the evil doer while you can't get into it yourself. You can't store all this garbage in retrievable form in the human brain so there must be some kind of storage system, on your computer, scribbled on a piece of paper, or whatever. Each of these systems leaves you vulnerable to being attacked, while providing an increasingly higher difficulty in you being able to use the program. Meanwhile, because you must have the information at your fingertips, the information is 1) very easy for family members, housekeepers, and other people who have access to your home to steal, and 2) the bank, CC company, etc. will NOT protect you --instead, they will threaten to prosecute you for fraud for giving the password to someone else and presumably splitting the proceeds.

I know a victim very well who is still paying off what her daughter stole from her and she'll be paying off this debt for the rest of her life. On a credit card that would have had zero liability if some stranger in eastern Europe had stolen the money. Making these passwords etc. more difficult does not help older and vulnerable people. It hurts them. Because the company comes back and says, "Well, you must have given her the information because nobody would just figure out, 'where did you go to high school' 'corey feldman.'" And older people don't have enough time to left to go to court and hope justice is done...

I won't say I know all the answers. I will say that I know what DOESN'T work. Making the internet, online payment systems, banking, loyalty programs, etc more and more difficult for busy and older people to use DOESN'T work. That's why more and more people give up and give their passwords over to third party services. When you have someone else control your "wallet," you are responsible and you are out the money, miles, etc. any time you turn your password over to somebody else. I don't think there is any real legal debate about this. I could be wrong. But from what I've seen, all the business in question has to do is point out that you shared your password, and if your account is mis-used, it's YOUR problem. And if it's a family member who got the log in information, even if they stole it by snooping, because it was too much for you to remember so you had to record it SOMEWHERE...the company will CLAIM you shared it, and it will be a "he said, she said" situation.

Not to single out anyone's suggestion, but the idea of having 3 passwords to log into an airline loyalty program is just...ridiculous. Frustrating, time wasting, and, really, just not the way to treat older and busy customers who do have money to spend and shouldn't be forced to jump through endless hoops like trained seals.