Comment by abustamam
10 days ago
That's pretty funny on a few levels, not in the least that they required a "secure" password like that but stored them in plain text.
10 days ago
That's pretty funny on a few levels, not in the least that they required a "secure" password like that but stored them in plain text.
I regularly conduct transactions at the branch of my local bank wherein they ask me for no credentials whatsoever. I also once forgot to bring my account number with me and the teller said "no worries, I'll look it up for you." Kind of horrifying.
Oh! But that’s safe! Secret question time: What’s your mother’s maiden name.
It helps that it’s a jailable offense to make fraudulent transactions
Isn’t unauthorized access to a computer system also a jailable offence in most places?
Would using the password you gain through this social engineering be doubly illegal?
1 reply →
My bank’s password field is case insensitive. Of course they could have lowercased it before hashing but I doubt it.
That's scary. I wonder if incompetence like that could lead to a lawsuit in the case of a breach.
At this point I wouldn't be surprised if there exists a system that just asks for username with a checkbox "check here if you are the owner of this account"
Yeah I was a bit shocked... like... you're not supposed to know that!