| And yet I get much more assistance in keeping my login secure from a two-bit social media site than I do from virtually every bank I’ve had an account with (speaking of banks in the USA). Two factor using something like Google Authenticator? Nope. Two factor using a less-secure text messsge? Rarely. An email asking for secondary confirmation when logging in from a new device or IP address? Forget it. A history within my account that shows all logins and login attempts, along with the request IP address and location? I wish. I’m sure banks do stuff behind the scenes to secure my account. But it seems they could do a lot more to empower me to help in the process. I understand that it’s difficult to pin the blame on a bank for a password stolen by a virus a customer picks up that had nothing to do with them. But it seems they’d do a whole lot more to help me protect my account. I’m generalizing, I know, but I find it comical (and frustrating) at how often I see banks attempt to do things in the name of security that don’t help at all, but go a long way to destroy UX, or even decrease security. - Prevent paste on the password field. - Security questions, often with ridiculous questions. - “Security” phrase and image. - Shocking password restrictions. |
For Firefox users, I use "don't f... with paste" addon. It works like a charm.