Security Through Stupidity Aside

An aside to the Washington Mutual issue with silly security questions. Turns out this was something they first announced in December 2005 in a press release. The release is full of your typical flowery prose that says a lot of nothing:

Washington Mutual […] will be adding a risk-based multi-factor authentication solution to provide enhanced security for its online banking users….

It works like this, they say:

Washington Mutual’s enhanced security will analyze every online login and transaction behind the scenes and score the potential risk based on a broad range of criteria, including the user’s IP address, geographic location, prior transaction behaviors and much more. When a potential risky situation is detected, it can invoke additional authentication methods in real-time.

Those “additional authentication methods” are the three-part questions I first discussed a couple of days ago. The solution they selected offers “minimal impact” they say.

Another press release from just a few weeks ago also caught my eye:

Washington Mutual was recently ranked No. 1 for bank Web sites by Change Sciences Group, an online customer experience research and consulting company. The study evaluates more than 40 leading bank sites based on what people experience as they find a checking account that meets their needs and then apply for it online.

Good thing the study didn’t investigate how people go about using the website after the account is opened, because it’s certainly not all wine and roses.

I’ll be putting up all the questions they ask you in the near future. Stay tuned….