[plorntus]

Spains banks (I’ve used two so far) simply use your ID number which is used in a lot of places and not considered secret and enforces a 4 digit password.

It’s an absolute joke.

[illusiveman]

I wondered once about this, but it kind of make sense from the point of view of usability.

Unlike any webservice, you usually have very few attempts to make a successful login before getting locked out, so even if it's four digits, the odds of a successful brute force attack are very low

[plorntus]

I suppose so, I just find it funny really that my bank has less password requirements than most (if not all) online services I use

[deepsun]

Bank Of America requires to tell them a 2FA code sent over SMS, when SMS literally says:

   <#>BofA: DO NOT share this code. We will NEVER call you or text you for it.

No, it wasn't scam, seen that process physically visiting a branch on agent's display multiple times.

[photonerd]

My bank does that for in person visits but you key in the code on a PoS style keypad at their desk

[ljm]

Most banks in Spain require physical presence in the branch for 2fa

[mooreds]

You mean to set up a second factor, they require you to go into a branch?