Dec. 27th, 2007 | 04:59 pm
t00nz: Dave Brubeck - Three to Get Ready
As of December 3rd, I am now a fully responsible, contributing member of society, also known as an adult. With great responsibility comes great power, therefore it is with (great) pleasure that I am able to announce that I can now bank online. Yes, the powers that be (also known as The Man) have determined that I am now in possession of some required intellectual capability and must no longer make the trudge down the street to my local TD branch in order to determine the state of my material possessions. There are not words to describe the intense joy I am experience inside.
However, this is simply the prelude. Today's topic stems from the newly created Canadian Tire Financial Services. The chain that previously wanted most of your money now wants all your money. Well, at least it's Canadian! Full speed ahead! What's that? Until December 31st, normal 4% interest is actually 5.5% interest? Where can I sign?
That was the idea, at least. Having now created an account, I am feeling significantly less comfortable with the arrangement. Here's the deal: after Canadian Tire approves your account creation and the initial deposit, you have to phone them up to receive a temporary password for web banking. That sounds perfectly reasonable to me. When I asked to speak to a customer service representative, I had to verify my identity by reciting the usual personal information - name, address, postal code.
'That's good,' I thought to myself. 'I'm glad they're concerned about these sorts of things.'
However, once I let the representative know that I wished to obtain a temporary password, suddenly we went on a trip to Bizarro-land. I was informed that my identity had to be verified via three random questions from a third-party... identity provider? I was never quite sure exactly what this third party's role was. The three questions were similar to these:
- What is your home phone number? (Ho-hum, pretty basic)
- Which of following is the address of the National Banking branch that you bank with: 123 Dufferin Street, 457 Sunshine Ave, or none of the above? (Hold up, I don't bank with NB. What gives here?)
- Which of the following is the address of a cooperative that you have lived in during the past 10 years: 24 Park Lane, 714 Reno Street, or none of the above? (Wait what? I've never lived in a cooperative.)
So, with that formality out of the way, and my identity confirmed twice (double the security!), the representative was now authorized to give me my temporary password. After warning me that it would expire in two hours, she then proceeded to inform me that the password I changed it to would have to be between 6 and 8 characters long.
"And that's numbers only," she continued. "We don't accept letters in your password."
Ding ding ding ding. Warning bells. Not very loud ones, but bells nonetheless. What kind of system restricts you to numbers, but requires the same length as a normal passphrase? Note the irony in calling it a password, but not accepting anything to constitute a word.
I dutifully finished the conversation and went to myCTFS.com, and promptly noted another alarming feature. Underneath the login box is a checkbox labelled "Using a shared computer." This checkbox defaults to off. This is the opposite behaviour of the majority of other
So, I logged in and was presented with the required password change (after being instructed to input my current password in order to agree to the terms of service. What?) And the representative was right, they only accept 6-8 numbers. And the explicitly state that you should avoid anything like phone numbers, birthdays, sequences, and other similarly easily-deduced strings of numbers. However, that's not leaving me much to go by, is it? How many other password-length numbers that are "unique and easily memorizable" can you think up? That's what I thought.
So that's it. I can't fathom the thought process behind these decisions. On one hand, limiting a password to numbers would seem to provide additional security by removing the ability to choose easily-guessed words ("password1", anybody?) However, it seems to me that people would be far more likely to choose a phone number or birthdate simply because the alternative is a meaningless string of digits. And if customers can't remember their passwords, I would assume that they could call up the service representative in order to be issued a temporary one. But if all this requires is validating your identity by what you're not, that doesn't seem like a completely secure system. I'm going to be contacting CTFS with my concerns later tonight, but I wanted to put my thoughts down coherently first.
Am I right to be this wary? Do you get the same alarm bells in your heads? Internet, talk to me.
Mar. 19th, 2007 | 05:18 pm
Mar. 18th, 2007 | 05:44 pm
location: Parisien internet cafe
- Galettes = crepes with fillings like bacon, mushrooms and cream, or ham, mushrooms and cream.
- The aforementioned galettes were my delicious dinner two nights in a row
- Then I followed that up with crepes filled with honey and lemon
- The French meal plan: Breakfast (brioche, pain sucree, toast, whatever, all covered with nutella) around 8-9 am. Lunch, anything you want that is not a sandwhich, anytime from 1-3 pm (everything closes for lunch, too!). Dinner, anywhere from 8-11 pm (a dinner party last night: 3 courses, spanning 3 hours, and dessert was served at 11:30!)
- Wine for $1. Better wine than you find for $10 in Canada.
Mar. 14th, 2007 | 07:43 pm
Oh yeah, and I had pain au chocolat for breakfast. Life is good. Tomorrow, we attend the Dinan market then head out for Nantes!
Mar. 12th, 2007 | 10:18 pm
location: Paris Internet Cafe
- Listened to a saxophone busker play sweet sweet jazz on the bridge by Notre Dame
- Climbed up Notre Dame
- Climbed down Notre Dame
- Watched the Eiffel Tower attempt to induce seizures on passers-by (it does some insane flickering light show every hour after dark)
- Ate Chinese food (cheapest thing in the Latin Quarter besides Greek food)
- Heard "House of the Rising Sun" sung very badly by another busker
- Was accosted by multiple street entertainers/entrepreneurs in one of the seedier Parisian areas
- Took pictures of gargoyles
- Loitered in a park, while listening to cool jazz and eating a croissant
- Enjoyed the sunlight and +15 C temperatures
Mar. 11th, 2007 | 12:53 am
The metro here is pretty nice, too. Canada should look into copying it.
Mar. 10th, 2007 | 09:17 am
Yesterday we walked through some of the ritziest parts of Paris while trying to find a currency exchange building. We also passed through a shopping mall that was built underneath a 400 year old stained glass dome. Today, we're going to the Rodin Museum, and we're picking up some (lots) of bread and cheese so we can picnic in the garden.
PS. in Paris, everyone is fashionable. Even the babies. Especially the babies.
PPS. French keyboards are insaaaaaaaaaaaaaaane!
Mar. 7th, 2007 | 02:37 pm
Attention internet: I am leaving for France in five minutes. More updates to follow over the next twelve days.
EDIT: I am now relaxing in the wonderful Air Canada lounge, as my flight's had a teensy delay. PS, life sucks because they just ran out of sundried tomato & basil-flavoured chips >:(
Dec. 5th, 2006 | 06:27 pm
t00nz: Final Fantasy XII Soundtrack
Interweb, commence your sleuthing!
Dec. 3rd, 2006 | 11:14 pm
Today was my 17th birthday. I got the paperback version of Knife of Dreams by Robert Jordan, my own Go board (the deluxe edition, no less!), a promise from my brother to register me a copy of djDecks, a "Code Hero" shirt and a bit more than $150 in cash. The harvest is good!
I also composed a song for my Dad, whose birthday it also happens to be.