[aianus]

All of the bank accounts I have in Canada let me send $2000 with nothing but a password. They also won't let me use non-alphanumeric passwords and don't support any two-factor authentication. Same in the US.

Of course, if anyone did try to steal my money this way, the bank would reverse the transfer and give it back to me.

[mcv]

Sounds very insecure for a bank. Will they really automatically reverse any transfer you object to? What if they don't control the target account? What if there's no money on the other account anymore? What if it was a legitimate payment, you got what you ordered, and then you had the payment reversed?

I see a big hornet's nest of potential problems in a system like that.

[aianus]

I guess they try to pull it back and if it's not possible they eat the cost. I imagine any bank that tried to force people to use 2FA and/or get rid of the zero-liability policy would lose a lot of customers.