July 27, 2009
Six, almost seven, years ago, I purchased two Apple computers using an "Apple Loan." Originally this was backed by MBNA, but they've long since been purchased by Bank of America. B of A implemented a number of security measures for their online banking, including a visual "site pass" image that I got to select and that should always be present when I sign in. I often times chafe at the security measures employed in the name of account security, but I recognize they are a necessary evil.
Today, it seems, those security measures at B of A protected my account. At around 11 pm last night I was sent an email with an "account unlock" code for my account. Perfectly legitimate email, except that I hadn't done anything to that account in months. While I was home for lunch today, Sibylle and I logged on to the account and discovered it was locked due to "repeated unsuccessful attempts to log in." Someone had been trying to access our account. It's the virtual equivalent of being at home and hearing someone try to open your front door.
As the unlock code only last for 30 minutes, we requested a new one and accessed the account. Everything thing there is fine, as far as we can tell. The password used there is a decent one, capitalization, numbers, not a dictionary word, et cetera. And even though I feel it is a relatively good password, knowing that someone was (or is) actively trying to guess it, makes me a bit nervous. If I get another, unlock code email from Bank of America, I will probably change the password to something really complex, just to give myself piece of mind. And I'll suffer the indignities of calling customer support to let the B of A folks know that it isn't me rattling the doors and testing the windows looking for a way in.