I have been ICICIDirect bank’s customer for more than 12 months.
Here is my 1-paise advice regarding basic password management i.e,
useful if it’s counted, useless if not counted by ICICIDirect. I have
made another review on the same password issue, for the same ICICI
company, but different service
(https://mouthshut.com/review/ICICI_Bank-82899-1.html).
I am
not a daily-trader and don’t consider myself a regular in stock/mf
trades. But I do have investiments in long-term MFs via the
icicidirect.com
First things first:
To ICICI - Please Send new passwords printed in readable and BIG letters.
My parents, who have perfect vision, couldn’t read the letters
correctly and even after taking help from others, got it WRONG. I am
going to request for new password once again. And hopefully you will not use those dot-matrix obsolete printers to print all-important passwords. Please upgrade folks !!
So, the new password policy, implemented by ICICIDirect as per the
"National Stock Exchange of India" norms, needs a review here, on
MOUTHSHUT.com!!____________________________________________________________________________________________________________________________________
You will have to change your password compulsorily every 14 calendar days
Source - ICICIdirect.com
After
reading this first "norm", my instant-expressions are - "What the
hell?"; "Hell breaks loose with this rule" ; "Sucks" ; "Oh my God" ;
"Unbelievable" and so forth...
Luckily, the remainder of the norms are "good", "acceptable" and absolutely nothing wrong with them!!
Problems with this rule
a) Doesnt work well
- Surprisingly this rule is a disguise for both regular and non-regular
users of icicidirect.com. Here is how. The regular or weekly users gets
annoyed, if they were to change the password more than 25 times a year.
And add the burden of memorizing it; I will get to this latter in
detail. And for the non-regular, once-in-a-while users like me, imagine
having to face the all-important decision of choosing a new password
everytime I login. And locating where I have written down the previous
password to make sure that that’s updated with the new password, so
that I don’t get confuse with this ever-changing password in future!!
b) May actually defeat the purpose
- The purpose of this rule is to help people avoid someone else (may be
a relative or a friend or a stranger) misuse password, if leaked. The
purpose is defeated because, most of the users endup storing this
ever-changing password in some notepad or somewhere instead of memory.
Alternatives for this rule
You can try any one or combination of the below 3 alternatives!
a) Dump it - Remove the 14-calender days rule.
b) Fix it
- Implement the new trend in online security. BankOfAmerica’s
"SiteKey", Yahoo’s "sign-in seal". The basic idea is to enable "easy
login" on the "home computers". In other words, these websites let you
identify the computer(s) that you use frequently and whenever you sign
in using these frequently-used computers, the website will only ask for
a password. And this password need not be changed regularily. If you or
any unwanted user attempts to login from a different computer, say a
browsing center, the website will ask for personal identification
question and answers like "what’s your mothers maiden name" etc.,
c) Enhance it
- Make the change-password frequency a configurable value. And let the
customer decide whether he/she does like to change password as often as
everyday or never. Why not?
_____________________________________________________________________________________________________________________________________
References:
BankOfAmerica’s Sitekey - https://bankofamerica.com/privacy/sitekey/
Yahoo sign-on seal: https://protect.login.yahoo.com/
ICICIDirect Password policy - https://secure.icicidirect.com/customer/PasswordPolicy.htm
ICICIDirect competitors - https://nse-india.com/content/equities/eq_inetmembers.htm
PS: This review is written for my father, who is the icicidirect account holder.