520
Yikes 😬 (reddthat.com)
you are viewing a single comment's thread
view the rest of the comments
[-] Z4rK@lemmy.world 42 points 1 year ago

I still can’t believe American banks lets you login with just username / password? Surely there is some id check or at least two factors involved?

[-] icanwatermyplants@reddthat.com 34 points 1 year ago* (last edited 1 year ago)

Nope, several years ago someone complained that their steam account has better protection then their bank account. We're now in 2023 and that statement still holds. It's quite scary really. Bank websites that heavily rely on third party scripts ,"MFA" logins based on something you know and something you know. Account verification question based on code words or security questions based on public information. Worst of all, the ignorance of it all. "We got hacked, here have a identity protection bandage, comes with an automatic subscription after several years".

[-] slackassassin@sh.itjust.works 3 points 1 year ago

Yes, they do. Wtf is even happening in this thread.

[-] icanwatermyplants@reddthat.com 1 points 1 year ago

There are some that do, true, but also a boatload that don't. In my personal experience, most don't.

[-] slackassassin@sh.itjust.works 3 points 1 year ago

Most do, unless they're some small town bank. That could be the difference, perhaps.

[-] icanwatermyplants@reddthat.com 2 points 1 year ago

Most interesting, I checked 2fa.directory and lo and behold, one of them shows that use 2fa! It's the dinky SMS one, but still better then none! Sad part is that a) they never informed me and b) it's completely optional also c) this must be something from the last year or so as I'm one of those people who actively gives feedback

[-] slackassassin@sh.itjust.works 1 points 1 year ago

Hey, that's great. I'm glad you looked into it, they really should have let you know.

[-] NikkiDimes@lemmy.world 1 points 1 year ago

Chase is a small town bank? TIL

[-] slackassassin@sh.itjust.works 1 points 1 year ago* (last edited 1 year ago)

?

2-step verification requires you to enter a unique code every time you sign in to Chase.com on a browser. This helps ensure that it's actually you and not someone suspicious.

https://www.chase.com/digital/resources/privacy-security/security/how-you-can-protect

[-] Adramis 1 points 1 year ago

Schwab has 2fa, and isn't Schwab literally owned by Chase? Wtf

[-] slackassassin@sh.itjust.works 3 points 1 year ago

2-step verification requires you to enter a unique code every time you sign in to Chase.com on a browser. This helps ensure that it's actually you and not someone suspicious.

https://www.chase.com/digital/resources/privacy-security/security/how-you-can-protect

I don't know what they're talking about.

[-] atrielienz@lemmy.world 3 points 1 year ago

I wanted to use a 2FA device for my banking accounts and no bank that I have spoken to would allow it. I'd had a breach on one account because my information had been leaked from several different places including the federal government and a credit agency and as a result the person used my leaked information to validate their way into my checking account. At that point they let me set up a pass phrase and a couple of other random safeguards. This was all well and good but it didn't make me feel safer than having that account protected by a physical 2FA device. I was also given more free credit monitoring (which I've gotten like 4 or 5 times in the last 10 years or so). Still bugs me to this day.

[-] Madison420@lemmy.world 5 points 1 year ago* (last edited 1 year ago)

Bank of America has two factor and optional 3 three factor integration, what are you talking about?

https://www.eff.org/deeplinks/2016/12/how-enable-two-factor-authentication-bank-america

[-] atrielienz@lemmy.world 3 points 1 year ago

Bank of America is not one of the banks I talked to because I will never bank with them again. I was 18 and they sent me (unsolicited) a credit card when I opened my first checking account. It had A 35% interest rate.

[-] Madison420@lemmy.world 3 points 1 year ago

Commerce, Midwest, citi, and most if not all state banks have 2fa at this point.

[-] atrielienz@lemmy.world 2 points 1 year ago* (last edited 1 year ago)

2fa with a physical key? Also it's been more than a year since I last checked at all.

[-] Madison420@lemmy.world 3 points 1 year ago* (last edited 1 year ago)

Via third party integration yes. Outside of that is user/password then they send a code to your email or phone you enter that and it bumps you to third party if you've requested it.

https://www.bankofamerica.com/security-center/online-mobile-banking-privacy/usb-security-key/

[-] atrielienz@lemmy.world 3 points 1 year ago

Thank you. I actually really appreciate this information.

[-] Madison420@lemmy.world 2 points 1 year ago

No problem.

Iirc any bank that does European transactions is obligated to offer it so they can conduct business with European banks.

[-] ICastFist@programming.dev 1 points 1 year ago

35% interest rate

Per year? Rookie numbers, imagine that per month

[-] icanwatermyplants@reddthat.com 3 points 1 year ago

Here's the silly thing - most other countries have had a form of 2FA for decades. Yes, decades. Some of the earliest ones used to sent you a printed list of codes and asked you a random code from that list. This was before the Internet even when you had to use a modem to dial in to a bank to transmit your transactions.

[-] Z4rK@lemmy.world 2 points 1 year ago

No wonder all the finance and budget apps primarily prefers integrating with American banks!

[-] laxsill@infosec.pub 6 points 1 year ago

Yeah I'm European end my job in accounting makes me have to work with American banks regularly. So let's just say my expectations on American banks are quite low.

[-] lulztard@reddthat.com 1 points 1 year ago

Wait, American banks don't go with extra authentication? I couldn't log in anywhere without SMS or additional apps or whatever. Depending on your bank you might even have to go through three different stages of authentication. Over the pond you just go username / password?

[-] Madison420@lemmy.world 2 points 1 year ago

They do. It's not as stout as basically anywhere else but 2fa is and has been a thing here for quite some time and specifically as long as I've banked Mobile ACC that's gotta be 5 years+.

I'm honestly not sure where this whole comment chain is coming from , I guess people don't just ask and instead assume it's not offered. I dunno it's a very weird argument to me since my bank has always had 2fa and alllows third party geolocating 3fa.

[-] lulztard@reddthat.com 1 points 1 year ago

Interesting. Does "offered" mean it's not mandatory?

[-] Madison420@lemmy.world 1 points 1 year ago

Yes. We're stupid and lazy and because of that security is third.

[-] lulztard@reddthat.com 1 points 1 year ago

Ahhh, I see. That's why.

[-] XTornado@lemmy.ml 1 points 1 year ago

TIL about 3fa.

[-] some_guy@lemmy.sdf.org 5 points 1 year ago

I have BofA and my mobile app requires 2fa over SMS.

[-] PoolloverNathan@programming.dev 4 points 1 year ago

Alright, SIM swap it is!

[-] slackassassin@sh.itjust.works 5 points 1 year ago

They don't, and there is, but you would still suggest removing the user name and password from a social media post anyway. Right?

this post was submitted on 12 Nov 2023
520 points (100.0% liked)

Old People Facebook

1460 readers
1 users here now

The sublemmy for "Old People Facebook" is a curated space showcasing the charming, confusing, and often hilarious social media endeavors of the older generation. From accidental memes and cryptic status updates to endearing attempts at using modern technology, this sublemmy celebrates the unique ways seniors engage with the digital world.

founded 1 year ago
MODERATORS