Categories
PMO

Websites for Utilities and Services

I have some suggestions for some institutions that give me some access online to manage my account with them:

  • Bank of America: Quit it with the SiteKey shit! (If you’re a site that still doesn’t have SiteKey, please, please never implement it). It makes the site less secure, not more secure, and it does not make phishing any more difficult. I am only your customer because you bought out MBNA, and I only stuck with MBNA (and now you) because of the ShopSafe feature where I can set a false limit and expiration date on a virtual credit card number that functions like a partition of my real credit card. Oh, and please don’t ask me the state either. Just require a 12 or 16 digit password, and let me know if it fails on a dictionary attack. You could even let me choose from a list of randomly generated passwords. Then, also suggest to me that I store the password in my browser. That way it will only be filled in on the legitimate site, and not phishing sites. Give me graphs!
  • WaMu: I only have a couple minor suggestions. Overall WaMu’s got it right. First, don’t tell me “Welcome back, _________” and then make me have to click “I’m not _________” just so that I can use my browser’s stored password. Second, please allow me to input checks prior to you knowing about them. I can input the check number and the value, and (when the check goes through) if the values don’t match, please flag it for me. I’d like to know my real balance ASAP, and this would allow me to balance my account online. Third, (this would go well with#2) allow me to annotate transactions in my online records. Give me graphs!
  • Wells Fargo: Please make it so I can easily make a payment for a student loan even when it’s in deferment. Give me graphs!
  • Cell Phone Carriers: What couldn’t you change? Open your networks to all devices. Charge significantly less for bandwidth. De-obfuscate your websites. Make it easier to change plans online. Give me graphs!
  • All utilities and services:
    • I don’t care how small of a utility company or M.U.D. you are, you need to have online account management.
    • I don’t care how you do it, but every utility needs a way to pay the bill online with zero fees for doing this. It’s just as convenient for you as it is for the customer and should be offered free-of-charge.
    • Don’t mess with login screens or login page URLs! We want our browser to always know how to save, and then automatically fill in (I’m talking to you Comcast), the username and password.
    • Make every connection to your website https (SSL)! This is how you show us you care about security.
    • Don’t say that the challenge (or “security”) question makes the site more secure.  I started with a unique username and a 12 character long random string, and then you make me give a single word (from the dictionary or baby name book) so that someone (hopefully only me!) can use this as a backdoor to my account.