The downside of being an on-line users is that at any point in time I have to remember atleast 5-7 different usernames and passwords. Be it my e-mail, bank, on-line trading account, insurance policy account, every service provider of these on-line services implements a different information security and user management policy.
Yesterday, while I was subjected to change my internet banking password, I stumbled upon a shocking gap in the password policy of my bank, which is one of the best private banks in India. The password policy of this bank forces me to change the password at regular intervals and enforces that my current password is different from my last 3 passwords. However, to my surprise, I could change the password 3 times successively and could return to my original password within a matter of few minutes.
Are such stringent password policies really secure and safe for customers? I do not think they achieve anything other than complicating the lives of customers and users of on-line services. Having to remember 5-7 different usernames and passwords, I expose myself to risk of identity theft by recording them on an easily accessible medium for easy reference.
Why is that the brick & mortar world does not force me to change my signature every now and then? What do you think is the right approach?