Why do you think that bank-issued passwords would either disincentivize use of web banking or cause more support requests than the current convoluted systems?
I believe that substantially less than 5% of Americans with a banking account would either a) recall or b) have recorded that when asked for it two weeks later. I have no citation for this other than "I have spent the last couple of years helping people log into their Googles and they frequently volunteer their passwords to me, often in the form 'My password is either kittens or kittens1 or kittens!' They overwhelmingly care about things in life other than computers, password security, and password security on their computers."
I realised a while ago that the most problematic logins for me were the ones with the most onerous password requirements. OK, I know this isn't great, but I do reuse passwords. The ones I care about least have the least adherence to good security practices, because it so vastly improves the user experience for me. Other solutions have been tried and cause more problems than they solve.
Between news sites like HN, content sites like BBC iPlayer, Facebook / LinkedIn / Twitter, eBay, different financial services websites, multiple email accounts, various topic specialist forums, standard and admin logins for each of the three computers I personally own, database server root passwords...... There's just far, far too many for me to be able to tie a unique password to each that complies with their length and character mix standards (and, in some cases, their re-use policies), particularly when the login page (sensibly) won't remind me what their particular complex requirements are.
I'm not at all convinced the end result of their aggressive requirements is more secure. Several of them I end up using the password reset function waaaay more than 50% of the time because it's enormously easier than memorising their particular onerous code.
I'm willing to be persuaded, but I'm currently using two different machines, each with two different browsers open, and this is a relatively light usage case... It's a remarkably complex problem.
1Password can sync between multiple machines via Dropbox. I'm not sure about other OS, but on a Mac there is a browser plugin for Safari, Firefox and Chrome (and a companion iOS/Android app).
I've been using 1Passw[or]d since 2007, and literally all my passwords are uniquely generated (including server root passwords, database root, etc.) At one point I'm a bit scared if I ever lost the database, I'd lost access to all websites forever (because I don't even "know" my email password).
If you're using this 1Password for everything, how do you log in to your Dropbox?
Assuming you have a passphrase for Dropbox, as well; then, I didn't know it had a web ui, and that ~does~ make things convenient --- assuming SSL or similar for security.
I don't use (no longer use) Dropbox. 1Password database is synced to my phone via Wi-Fi, and I always have my phone with me so it never really a problem. If I ever leave my phone elsewhere, then I've got a bigger problem anyway.
Dropbox Web UI is just a HTML implementation of 1Password (read-only) sitting in your disk, so its HTTP security depends onto Dropbox (or whatever sync service you use) rather than 1Password itself.
If banks would supply the password on paper, then that issue would go away for most people. And if the bank would use OTP then supplying passwords on paper slip is a natural solution. I know that that kind of solution works even for computer illiterate people, as most, if not all web banks around here use OTP.
> If banks would supply the password on paper, then that issue would go away for most people. And if the bank would use OTP then supplying passwords on paper slip is a natural solution.
So you have to get a new paper slip every time you log in? How would the logistics of this work? If you have to go to your bank / wait for physical mail on every login, then the convenience of online banking goes away, doesn't it? (Or would you get a collection of them? Then, if you're like me, you'd lose that; and you'd be right back at the inconvenience, while someone else has temporarily unfettered access to your account.)
My bank gives a three times folded, credit-card sized password-card, and mail automatically a new one when you are about 2/3 through it. As it is credit-card sized, it can conveniently be stored in wallet, and thus losing it isn't much of an issue.
