Vicariously Prejudiced in a Perfunctory Manner

Well, I'm back.  For today, at least.  And the topic of today's post?  Usability!  Hooray!

As of December 3rd, I am now a fully responsible, contributing member of society, also known as an adult.  With great responsibility comes great power, therefore it is with (great) pleasure that I am able to announce that I can now bank online.  Yes, the powers that be (also known as The Man) have determined that I am now in possession of some required intellectual capability and must no longer make the trudge down the street to my local TD branch in order to determine the state of my material possessions.  There are not words to describe the intense joy I am experience inside.

However, this is simply the prelude.  Today's topic stems from the newly created Canadian Tire Financial Services.  The chain that previously wanted most of your money now wants all your money.  Well, at least it's Canadian!  Full speed ahead!  What's that?  Until December 31st, normal 4% interest is actually 5.5% interest?  Where can I sign?

That was the idea, at least.  Having now created an account, I am feeling significantly less comfortable with the arrangement.  Here's the deal: after Canadian Tire approves your account creation and the initial deposit, you have to phone them up to receive a temporary password for web banking.  That sounds perfectly reasonable to me.  When I asked to speak to a customer service representative, I had to verify my identity by reciting the usual personal information - name, address, postal code.

'That's good,' I thought to myself.  'I'm glad they're concerned about these sorts of things.'

However, once I let the representative know that I wished to obtain a temporary password, suddenly we went on a trip to Bizarro-land.  I was informed that my identity had to be verified via three random questions from a third-party... identity provider?  I was never quite sure exactly what this third party's role was.  The three questions were similar to these:

1. What is your home phone number? (Ho-hum, pretty basic)
2. Which of following is the address of the National Banking branch that you bank with: 123 Dufferin Street, 457 Sunshine Ave, or none of the above? (Hold up, I don't bank with NB.  What gives here?)
   
3. Which of the following is the address of a cooperative that you have lived in during the past 10 years: 24 Park Lane, 714 Reno Street, or none of the above? (Wait what?  I've never lived in a cooperative.)

When confronted with question two I paused, for quite some time.  This is the first time I can remember being asked a question which is inherently wrong in order to prove my identity.  There's something very counter-intuitive about the whole situation.  After probably 30 seconds of silence, the representative asked me, "Do you bank with National Bank?" to which I replied, "No, I don't."  Replied she: "Then the answer would be none of the above, right?"  Uncertaintly, I said, "Yes, I suppose?"  She promptly moved on to the next question, which is based on the exact same premise.  This second time I chose the last answer with more confidence, but it's still quite... disconcerting, I suppose.

So, with that formality out of the way, and my identity confirmed twice (double the security!), the representative was now authorized to give me my temporary password.  After warning me that it would expire in two hours, she then proceeded to inform me that the password I changed it to would have to be between 6 and 8 characters long.

"And that's numbers only," she continued.  "We don't accept letters in your password."

Ding ding ding ding.  Warning bells.  Not very loud ones, but bells nonetheless.  What kind of system restricts you to numbers, but requires the same length as a normal passphrase?  Note the irony in calling it a password, but not accepting anything to constitute a word.

I dutifully finished the conversation and went to myCTFS.com, and promptly noted another alarming feature.  Underneath the login box is a checkbox labelled "Using a shared computer."  This checkbox defaults to off.  This is the opposite behaviour of the majority of other financialinternet institutions.  If you could be remembering sensitive data, you should make sure the user specifically instructs you to remember it, not the other way round.  Ding ding ding ding ding.

So, I logged in and was presented with the required password change (after being instructed to input my current password in order to agree to the terms of service.  What?)  And the representative was right, they only accept 6-8 numbers.  And the explicitly state that you should avoid anything like phone numbers, birthdays, sequences, and other similarly easily-deduced strings of numbers.  However, that's not leaving me much to go by, is it?  How many other password-length numbers that are "unique and easily memorizable" can you think up?  That's what I thought.

So that's it.  I can't fathom the thought process behind these decisions.  On one hand, limiting a password to numbers would seem to provide additional security by removing the ability to choose easily-guessed words ("password1", anybody?)  However, it seems to me that people would be far more likely to choose a phone number or birthdate simply because the alternative is a meaningless string of digits.  And if customers can't remember their passwords, I would assume that they could call up the service representative in order to be issued a temporary one.  But if all this requires is validating your identity by what you're not, that doesn't seem like a completely secure system.  I'm going to be contacting CTFS with my concerns later tonight, but I wanted to put my thoughts down coherently first.

Am I right to be this wary?  Do you get the same alarm bells in your heads?  Internet, talk to me.

Oh man, jetlag.  Oh man.  I just got in at 6 pm, and my body thinks it's 5 hours later.

What ho, France followers!  I've been in Nantes for the past three days, and lacking internet access, I actually had more to experience the wonder and mystery of France.  So, to sum up:

• Galettes = crepes with fillings like bacon, mushrooms and cream, or ham, mushrooms and cream.
• The aforementioned galettes were my delicious dinner two nights in a row
• Then I followed that up with crepes filled with honey and lemon
• The French meal plan: Breakfast (brioche, pain sucree, toast, whatever, all covered with nutella) around 8-9 am.  Lunch, anything you want that is not a sandwhich, anytime from 1-3 pm (everything closes for lunch, too!).  Dinner, anywhere from 8-11 pm (a dinner party last night: 3 courses, spanning 3 hours, and dessert was served at 11:30!)
• Wine for $1.  Better wine than you find for $10 in Canada.

Is there anything else to France than food?  Not really, as far as I'm concerned!  Well, there are scarves, too.  And large, phallic buildings, I guess.  It's been good, though!  Now we're in Paris again, for our last night, on our way to a Greatest Hits concert of classical music.  The concert's happening in a multi-century old building, so the acoustics should be good, at least.  So long from France!

I spent today on the beach, eating treats from the patisserie. That's about it!

Oh yeah, and I had pain au chocolat for breakfast. Life is good. Tomorrow, we attend the Dinan market then head out for Nantes!

Today I:

• Listened to a saxophone busker play sweet sweet jazz on the bridge by Notre Dame
• Climbed up Notre Dame
• Climbed down Notre Dame
• Watched the Eiffel Tower attempt to induce seizures on passers-by (it does some insane flickering light show every hour after dark)
• Ate Chinese food (cheapest thing in the Latin Quarter besides Greek food)
• Heard "House of the Rising Sun" sung very badly by another busker
• Was accosted by multiple street entertainers/entrepreneurs in one of the seedier Parisian areas
• Took pictures of gargoyles
• Loitered in a park, while listening to cool jazz and eating a croissant
• Enjoyed the sunlight and +15 C temperatures

That's it!  Tomorrow we leave Paris and move to Dinan for a few days, before heading for Nantes.  Who knows what the internet situation will be like!

Today was an extraordinarily beautiful day, so we made the best possible use of it that we could: we picnicked.  In fact we ate our lunch of baguette, camenbert and spanish sausage in front of The Thinker, the centrepiece of the Rodin Museum's garden.  It was delicious, and cheap, too!  We bought a sizeable chunk of camenbert for €0.85, or just about $1.20, which would be around $4.50 at any North American deli.  After our delightful time at the museum, we decided to head to St Chapelle for last light, and we saw some marvellous displays of stained glass projected onto the wall there.  Apart from these activities, nothing else has changed: we're happily tired at the end of each day, Paris is full of wonder and surprises, and the food is delicious.  And the people here are all beautiful!  I think it must be illegal not to be beautiful in Paris!

The metro here is pretty nice, too.  Canada should look into copying it.

So I was reading this interesting paper on Self-Reproducing Programs in Common Lisp, and I've just come to the bibliography at the end.  Lo and behold, there is some kind of story written there about a king, a toaster and several advisers who are supposed to create a microcontroller for it (the toaster).  Unfortunately it cuts off about halfway through, and now I'm curious as to what the moral is at the end.

Interweb, commence your sleuthing!

A testament to the awesomeness of stop motion

Today was my 17th birthday.  I got the paperback version of Knife of Dreams by Robert Jordan, my own Go board (the deluxe edition, no less!), a promise from my brother to register me a copy of djDecks, a "Code Hero" shirt and a bit more than $150 in cash.  The harvest is good!

I also composed a song for my Dad, whose birthday it also happens to be.