|Asterisks hide passwords from users, too|
As many websites do, Bank of America's replaces password characters with asterisks (*) shortly after the characters are typed in. Because passwords now have numbers, special characters, and both lower-case and capital letters, the probability of a mistake has increased as passwords have become lengthier. But one can't see what has been typed.
Unlike all my other financial and shopping accounts, Bank of America does not have a "show" or "eye"(👁) button that allows the user to turn off the asterisks.
After 3 password failures, Bank of America locks the account. And yes, that has happened to me, and I had to call the bank and spend an hour satisfying the person at the other end that I was not a scammer. The bank had me at its mercy, because the fee structure almost forces retail customers to cancel paper statements in favor of electronic access, which makes it impossible to check or reconcile with a locked account.
I've also gotten to the third and final login attempt several times, when my aging arthritic hands shook with trepidation (okay, some poetic license here).
Bank of America does allow FaceID to login on the iPhone, but the user can do it on only one account--I was locked out of one of the other two which required a typed password.
All the above is a protracted preface to a simulation that showed
that five was actually the optimal number—the sweet spot we were hoping to identify. When allowing five attempts, the number of lockouts were minimized, with no adverse effect on security.Bank of America would make me a happier customer if: 1) the Password field had a "show" option; 2) the account would lock after the fifth attempt, not the third; 3) iPhone FaceID would work on every account, not just one. I would like all of those changes, but I am not expecting any.
Come to think of it, why am I staying with them?