you underestimate how bad a lot of people are at using technology. something like banking can be a necessity and must be accessible to all. many banks should encourage more secure MFA but i understand why they can’t require it.
Saltarello@lemmy.world 2 days ago
My previous bank does this sends an SMS. Extremely insecure & also just means a would be thief has my phone. I’ve never understood it.
Is there not an argument that password managers have been around long enough now that anyone reusing logins & easily guessable passwords responsible for their own stupidity? We all know not to leave our doors & windows wide open when we go on vacation.
erev@lemmy.world 2 days ago
birdwing@lemmy.blahaj.zone 1 day ago
sometimes people just need to learn
erev@lemmy.world 1 day ago
you’re asking the refugee who just immigrated, is learning the local language, and may not have had as much exposure to web banking systems and MFA and many aspects of cybersecurity to figure out how to set this up and manage it well without accidentally losing access.
you’re asking the old retiree who has no family left to help them and doesn’t understand technology very well but understands how to open the shortcut to the banks website and check their texts to suddenly understand a much more complex system than they’re used to.
you’re asking the young adult whose school didn’t teach them about technology and they were too poor to have much of their own to instantly learn about even more tools and apps on top of trying to adjust to using technology in general.
I’m not saying that improving security or moving towards a more secure baseline is bad, but for some critical public services security absolutely does not always trump accessibility. cybersecurity and technology education is more necessary at all levels and must equitably taught, but that will take time, resources, and effort. there are ways to improve security without compromising accessibility.
vrighter@discuss.tchncs.de 2 days ago
banks have the most obnoxious, yet the stupidest security measures.
AA5B@lemmy.world 1 day ago
Banks are the web sites most likely to reject a generated password from my password generator
ozymandias117@lemmy.world 1 day ago
It’s been a few years, I dont know if they ever fixed it…
However, at least as of 2022, Wells Fargo (the 4th largest bank), had case insensitive passwords.
If you made your password
hUnTer2, you could also log in withHUNTER2,hunter2,HUntEr2, etc.Trigger2_2000@sh.itjust.works 1 day ago
All I can say is: Take my money!
How stupid of WF.