It's the only practical option. It is impractical for most users to remember all the details required. One bank I use requires all of: A user ID number; an online password; an online PIN; a telephone banking PIN; a password for using the debit card online; and finally a debit card PIN. This is separate from the sort code and account number, or the debit card number, all of which I must already remember.
Each of these six additional security items must be either remembered, or documented. Like many consumers, I have several bank accounts with multiple cards, and each of these has a similarly long list of details required. I have seven accounts with banks or credit cards. If each require at least four security values that is already twenty-eight separate items, on top of the card numbers and account numbers which many users will already remember as a matter of course.
And it is not just banking: even transactions which did not previously involve any self-service access or any password now generally do. Examples include electricity or gas accounts, car or home insurance, airlines, railways or TfL, Uber, or any number of things.
I do work hard to remember things and set proper passwords, but a few years ago the volume of passwords and ID numbers required made it no longer possible for me to do so without writing them down. There may be people who are able to remember the fifty or a hundred passwords needed regularly without writing them down, but I think most people are simply not able to remember a very large number of separate passwords.
The realistic options are either:
- to use the same password and PIN everywhere.
- to write the passwords and PINs on a piece of paper.
- to store them on a mobile device or computer.
The third option is not perfect but it is much better than the two alternatives. It is, at least, encrypted. An end user must take some responsibility for security of a system and this is by far the best option of the three.
I wonder what the article's author suggests as a better option?
There is always the option of writing security details down in lemon juice invisible ink and then revealing the writing later by holding it near a candle. But you may not always have a candle (or lemon) to hand when out and about.