- Bargaineering - http://www.bargaineering.com/articles -

ING Direct’s Annoying Security Measures

ING recently added in a very annoying third step to their login procedures that “encrypts” your PIN before they send it across an already encrypted SSL (secure socket layer) connection. I’m a fan of Step 2 (a revolving set of questions that changes each time) as a security measure because it’s actually a security measure. Encrypting a pin twice doesn’t seem to be that much added security and logging into my account takes that much longer ebcasue I need to click on these stupid buttons or type in the corresponding letters. The transmission encryption they use is High-grade SSL Encryption (RC4 128-bit) and it’s so much more powerful than this silly little keypad.