• laxsill
    link
    fedilink
    1281 year ago

    Their policy should just be to reset the password immediately and have the user set a new one. This is one hell of a risk.

    • @[email protected]
      link
      fedilink
      English
      411 year ago

      I still can’t believe American banks lets you login with just username / password? Surely there is some id check or at least two factors involved?

      • @[email protected]
        link
        fedilink
        34
        edit-2
        1 year ago

        Nope, several years ago someone complained that their steam account has better protection then their bank account. We’re now in 2023 and that statement still holds. It’s quite scary really. Bank websites that heavily rely on third party scripts ,“MFA” logins based on something you know and something you know. Account verification question based on code words or security questions based on public information. Worst of all, the ignorance of it all. “We got hacked, here have a identity protection bandage, comes with an automatic subscription after several years”.

      • laxsill
        link
        fedilink
        61 year ago

        Yeah I’m European end my job in accounting makes me have to work with American banks regularly. So let’s just say my expectations on American banks are quite low.

        • @[email protected]
          link
          fedilink
          11 year ago

          Wait, American banks don’t go with extra authentication? I couldn’t log in anywhere without SMS or additional apps or whatever. Depending on your bank you might even have to go through three different stages of authentication. Over the pond you just go username / password?

          • @[email protected]
            link
            fedilink
            21 year ago

            They do. It’s not as stout as basically anywhere else but 2fa is and has been a thing here for quite some time and specifically as long as I’ve banked Mobile ACC that’s gotta be 5 years+.

            I’m honestly not sure where this whole comment chain is coming from , I guess people don’t just ask and instead assume it’s not offered. I dunno it’s a very weird argument to me since my bank has always had 2fa and alllows third party geolocating 3fa.

      • @[email protected]
        link
        fedilink
        51 year ago

        They don’t, and there is, but you would still suggest removing the user name and password from a social media post anyway. Right?

    • @[email protected]
      link
      fedilink
      11
      edit-2
      1 year ago

      That would imply they have to test that the credentials are correct though.

      Otherwise I can just put somebody’s user and put some fake password and they would reset it and disconnect the account of that user and annoy him.

    • @[email protected]
      link
      fedilink
      71 year ago

      But the username is still public, you can change the password but if your customer is idiotic enough to blast both out into the internet, the password will just get a 1 or ! After the password they used before…