Bank unilaterally changes password

Just seen a funny, but worrying, story on the BBC, a man who had the password 'Lloyds is pants' on his bank account had it changed by the bank to 'no it's not'. It was changed as it was 'inappropriate'. He tried to change it to 'Lloyds is Rubbish' - or 'Barclays is better' but this was not allowed. He tried 'censorship', but was told his password had to be six letters or less!

  1. "No it's not" is more than six letters.
  2. A bank suggesting a password that's seven letters long is too long is sadly mistaken
  3. Why was an employee at the bank even able to see the whole password?

When the password is set, it should be done by having the customer enter it secretly in the branch, at the time the account was opened. If done by post, then it should be by an anonymised form which bears a reference number allowing the computer to tie the password to the account, but not for the person entering that password to know the account.

Anyone employee needing to verify a customer should be told by the computer to ask for the 'second, tenth and eleventh' characters of the password, they should enter them - but not be able to see the characters before a correct verification (so if just one letter is wrong, the employee can't know what two were).

At no time should an employee be able to link a full password to an account. The only time an employee should even see a full password is if they're in the section of the head office which handles the anonymised forms.

Unless I've overlooked something, this seems indicative of a security flaw... and as someone with shares in the bank concerned, it worries me. I've written to the bank to try and find out what's happening here.

The bank said: "It is very disappointing that he felt the need to express his upset with our service in this way. Customers can have any password they choose and it is not our policy to allow staff to change the password without the customer's permission. "