Tuesday, January 5, 2010

Yet another Chase annoyance

Yesterday the nice guy at Chase unlocked my account.  He did that by erasing the security q&a's on my account.  Yesterday I tried and tried to log in, but every time I got an error that the system was unavailable after I entered my new security answers.

I thought about it last night and realized that I was using an ampersand ("&") in one of my answers.  That shouldn't be a problem, but I've been doing software long enough to know that I should try removing that.  So this morning I tried again and used the ampersand, and got the same error again.  I immediately tried again and replaced the ampersand with "and" spelled out (even though the answer is now actually misspelled.)  It worked.

So their website hasn't been developed to standards, and they aren't properly escaping the security answers.  That probably means that their security answers can be hacked--just a guess.

I did write down my security answers in my folder, and I noted the misspelling.  (sigh)

No comments:

Post a Comment