[ComputerGuru]

The only drawback to that is the difficulty of logging in while out of the house (I understand making priority accounts “on site access only” but what about others?) and the fact that you’re deincentivized from making more secure passwords because (even if only subconsciously) you’re going to have to type in all those characters and symbols each time you want to log in.

I think the biggest security failure is session cookies that expire too quickly or too eagerly. Having people need to enter their password so often is more dangerous than keeping them logged in (from the same IP) for a longer period of time.

If my bank would keep me authorized for basic access (review transactions, pay bills, transfer money between own accounts) without logging in each time, but required a password to add a payee or make changes to the account, I’d keep the password in a journal in a safe.