Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
retnikt67746y@metamourge even HSBC do this, and they're like one of the biggest banks in the world? There must be some reason.
-
@retnikt
Most probably, because they have insurance and the lawyers to sue the hacker to hell, if he's caught. -
52cal4976y@M1sf3t if banks had read only access then I would use Mint in heartbeat! I don’t know why, but I’m still always surprised by how outdated such large companies can be.
-
ddephor44466yBank security is shit. My wife an I have an account at a german bank where we have one account, sharing the same login name, but different passwords.
So their user management must handle multiple passwords per user.
The real fun point is if one enters the wrong password too often, both logins are locked.
And many banks still use a PIN for login instead of a real password. -
ddephor44466y@Alice No, it's really the same username.
We both have user 'account123', she has password 'secret' and I have password 'nooneknows'. When we login, the system can differentiate between us, because we can have our own settings, authentication tokens, etc. The only criterion for the system to differentiate our login is the password. -
In the US, banking security is absolutely obscene. I spoke to a guy who did bank infosec once and their offices were surrounded in Faraday cages, all entry required physical 2fa, and all phones were stored outside the office space, also in Faraday cages. No internet connection. All USB connections disabled at the hardware level. All machines were simply displays for a centralized VM system, meaning the computers themselves were empty. He described his office as "a hacker's worst nightmare" to crack.
-
I work at an IT-Solution-Provider for banks and at least for our clients I can say: No they don't.
-
retnikt67746y@RantSomeWhere I have no doubts that it's not encrypted - GDPR does not require specific one-way hashing iirc
Related Rants
Hang on... If online banks ask you for the n'th, m'th and p'th character of your password, they must be storing it on plaintext! WTF? I don't even understand why they do that in the first place.
rant
bank
plaintext
security
password
hashing