33
submitted 8 months ago by Rexios@lemm.ee to c/cybersecurity@infosec.pub

How is this legal? This has to be the most insecure login method I’ve ever seen. They removed the password from my account without consent and have no way to go back to requiring a password. Literally all an attacker has to do it gain control of either my phone/email and brute force a 4 digit pin. I’m going to have to change banks because of this.

Oh also I posted this on the bad version of Lemmy and the mod tried to claim that this method of auth is actually more secure than a password, posted a Wikipedia article about passkeys, and then locked the post… In no reality is it at all possible that this is more secure than a password.

So stay away from One Finance if you value your money

you are viewing a single comment's thread
view the rest of the comments
[-] abacabadabacaba@lemm.ee 4 points 8 months ago
[-] cm0002@lemmy.world 4 points 8 months ago

If banks have some top notch backend security checks, then WHY do so many not let you choose a fucking user name? I absolutely DESPISE any bank that makes me use some dumbass customer/account/user number like 94023382 that I'm NEVER able to remember and always have to go scouring my house for some old paper statement.

But would I stop using a bank (as I've seen suggested in the past) solely due to their password policy?

I have.

this post was submitted on 03 Mar 2024
33 points (92.3% liked)

cybersecurity

3284 readers
36 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Enjoy!

founded 1 year ago
MODERATORS