Saturday, July 08, 2023

Security

A largish proportion of the complications in data archiving and retrieval had to do with authentication and privileges (those are not the same animal). I was a little surprised at the bank yesterday.

I'll omit identifiers.

I've been the treasurer of an association for a few years, largely because I was willing to take the not-very-onerous job. A new and more experienced volunteer appeared, and the minutes of the meeting approving a new treasurer were finished. So the old and new treasurer trooped down to the bank.

The bank's small business rep was new to me and I to the rep, but the rep took me at face value, and the minutes at face value. The rep wanted the ID of the new treasurer, but seemed quite content to remove one of the signatories on an account without reference to either my ID or my signature, and add a new signatory without authenticating the minutes.

I pulled out my drivers license anyway, part way through the exercise, to show that I was the person registered in the account and referenced in the minutes. I hope it was a learning experience.

Maybe my honest face was good enough.

1 comment:

Jonathan said...

Most of the time fake or flawed security appears to work, because actual attempts to compromise secure systems are rare outside of the Internet. Who knows if the bank rep learned anything of importance. Part of the problem with banks is that everything about them appears to be second-rate, including their employees and security procedures.