Call it the Internet strikes back. Almost as soon as financial services giant HSBC rolled out “secure keys” – that generate temporary passwords for online banking customers as part of a two-factor authentication upgrade – the Web exploded with opposition, as users expressed frustration and anger.
Alun Morris posted: “Online banking users: even if you are not with HSBC, you're next. Stop compulsory security keys. I'll end up having to put five of them on my keyring if this carries on.”
On Twitter, meantime, anti HSBC posts also flourished. rkbake wrote: “I HATE HSBC's new stupid secure key. what a great way to make internet banking more INCONVENIENT.”
The Internet row has grown so vituperative that even the mainstream press has covered the online complaints of HSBC customers, now required to use the secure keys. Leading broadsheet The Telegraph, for instance, on Saturday ran a story titled, “Facebook Campaign by Angry HSBC Customers Over New Online Security Key.”
HSBC, for its part, told the UK publication Computing that it did not plan to back down from the rollout. A spokesperson elaborated: "The HSBC Secure Key is simply the introduction of a two-factor authentication process into our Internet banking. It works by having one piece of information that remains the same [a username, for example], and one that constantly changes but is based on a unique set of information for each user [the secure-token generated PIN]. The code is not sequential, so it can't be guessed, and expires after 30 seconds so can't be generated and used at a later date.”
The spokesperson added, “We have a duty to strike the right balance between ease of use and the highest level of security our customers demand of us."