|
|
|
|
|
|
by WorldMaker
2667 days ago
|
|
|
Banks especially seem heavily "invested" in finding the biggest/laziest loopholes in security laws that they can and driving forklifts through them for as long as possible. In the 90s, laws in multiple countries asked banks to research and implement Two-Factor security. They invented all of these stupid, stupid Wish-It-Were-Two-Factor things that are not Two-Factor but "feel Two-Factor enough" to avoid actually deploying proper 2FA, but avoid security fines: "Security Questions" (bonus passwords, still 1FA), multi-step login with "user selected pictures" (not an extra factor, just a silly memory game to potentially cut down on phishing), "partial passwords" (still 1FA). (Then other idiot sites copy these "security best practices" because Banks use them, rather than actual security best practices.) It is starting to seem like a lot of the money spent on the development effort of these "not 2FA" workarounds and portal workflows could easily have just paid for sending every bank customer a YubiKey or three by now. |
|
|