JAN 28

I signed up for a Treasury Direct account this month (so I can buy I Bonds). They have the most impressive online security I've ever seen on a site designed for consumers.

When you sign up for your account, you enter your email address and pick a password. Then they send your account number to your email. You still can't login, though. They also send you in the postal mail a personalized decoder ring card. It has 10 columns and 5 rows of letters, presumably different from everyone else's.

When you go to log in to treasurydirect.gov, you punch in your account number as you would on any site. Then you use a virtual on-screen keyboard to enter your password. Many banking sites do this (such as HSBC), but Treasury Direct is the first I've seen that randomizes the order of the keys on the virtual keyboard. This is important because the whole point of the virtual keyboard is to prevent a program from logging the key strokes or mouse clicks of your password. If the on-screen keyboard is always the same, then having the virtual keyboard doesn't help at all against that sort of attack and is just an annoyance to the user.

The final login step involves the decoder card you received in the mail. The site gives you a list of coordinates (such as B2, G5, etc.) and you have to enter the letters at those coordinates. Entry of these letters is also done with the randomized virtual keyboard.

Very, very impressive. In this case, the government is the vanguard and a role model for the private sector. Let's hope the rest of the financial industry wakes up some day and follows the Treasury Department's lead.

tags: security banking
permalink | comments | technorati
OCT 15

I have to give a plug for Banana Republic's credit card: I accidentally incurred a late fee (we were on vacation and didn't get to it in time--so it was my fault). Called them up and they refunded it without any fight. Turns out that they allow one courtesy fee refund per year! I had heard that banks were being really tough with fees lately, glad it wasn't true in this case.

tags: good-service banks
permalink | comments | technorati
OCT 11

What Renting DVDs Teaches Us About CD Yield Maximization: Instead of buying a one- or two-year CD, always buy a five-year. If you need the money early or the interest rates go way up, you still come out ahead even after paying the early-withdrawal penalty. Seems to make sense!

tags: finance cds bank
permalink | comments | technorati