• Z4rK@lemmy.world
    link
    fedilink
    English
    arrow-up
    42
    ·
    1 year ago

    I still can’t believe American banks lets you login with just username / password? Surely there is some id check or at least two factors involved?

    • icanwatermyplants@reddthat.com
      link
      fedilink
      arrow-up
      33
      ·
      edit-2
      1 year ago

      Nope, several years ago someone complained that their steam account has better protection then their bank account. We’re now in 2023 and that statement still holds. It’s quite scary really. Bank websites that heavily rely on third party scripts ,“MFA” logins based on something you know and something you know. Account verification question based on code words or security questions based on public information. Worst of all, the ignorance of it all. “We got hacked, here have a identity protection bandage, comes with an automatic subscription after several years”.

    • laxsill@infosec.pub
      link
      fedilink
      arrow-up
      6
      ·
      1 year ago

      Yeah I’m European end my job in accounting makes me have to work with American banks regularly. So let’s just say my expectations on American banks are quite low.

      • lulztard@reddthat.com
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        Wait, American banks don’t go with extra authentication? I couldn’t log in anywhere without SMS or additional apps or whatever. Depending on your bank you might even have to go through three different stages of authentication. Over the pond you just go username / password?

        • Madison420@lemmy.world
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          They do. It’s not as stout as basically anywhere else but 2fa is and has been a thing here for quite some time and specifically as long as I’ve banked Mobile ACC that’s gotta be 5 years+.

          I’m honestly not sure where this whole comment chain is coming from , I guess people don’t just ask and instead assume it’s not offered. I dunno it’s a very weird argument to me since my bank has always had 2fa and alllows third party geolocating 3fa.

    • slackassassin@sh.itjust.works
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      They don’t, and there is, but you would still suggest removing the user name and password from a social media post anyway. Right?