Skip to main content

Bank: please create a strong password to secure your account.

Also bank: now, create three more laughably insecure and easily guessable passwords that can also be used to access your account (because irony is dead, let’s call these “security questions”).

*smdh*

in reply to Aral Balkan

Aral Balkan
Aral Balkan
(If your bank/financial institution is as stupid as mine – and apparently this stupidity is enforced by EU regulation – the best thing you can do is to use your password manager to generate a secure password for these. Use the readable words option as you might have to read it back to a human being at some point. If yours doesn’t accept special characters, you could try separating the words with numbers.)
This entry was edited (1 month ago)

Shannon Prickett reshared this.

in reply to Aral Balkan

Michał Kawalec
Michał Kawalec
Not sure if that's EU related, nothing like that at my bank.
in reply to Michał Kawalec

Aral Balkan
Aral Balkan
Just recounting what mine has plastered on their web page 😀
This entry was edited (1 month ago)
in reply to Aral Balkan

Alda Vigdís 🇵🇸 🇱🇧
Alda Vigdís 🇵🇸 🇱🇧
@monad_cat Lots of orgs claim something is an EU reg when that's far from the truth. It's little but blame shifting.
@Michał Kawalec
in reply to Aral Balkan

Tom Stoneham
Tom Stoneham

That's a brilliant idea for any service that uses insecure 'Security Questions' for account recovery.

(The compromises made in the name of account recovery are everywhere. But they know millions of people leave a door key under a flowerpot in case they lock themselves out, so it must seem necessary.)

in reply to Aral Balkan

Chris Mackay 🇨🇦
Chris Mackay 🇨🇦
Canadian banks — as far as I can tell — LIVE FOR THIS MORONIC BS
in reply to Aral Balkan

Erik Ableson
Erik Ableson
This is exactly my tactic as well. Knowing that I'll probably be reading these over the phone rather than copy/pasting I also use the readable option.
in reply to Aral Balkan

Fabien
Fabien
my favourite pet name is “st00pid b4nk1ng n0ns3ns3!”
in reply to Aral Balkan

bujiraso
bujiraso

I go for total chaos mode and double the password strength for these and enjoy a laugh with the service agent if they ever ask for it.

Usually point out that these things are absolutely insecure.

in reply to Aral Balkan

Jonathan Lamothe
Jonathan Lamothe

@Aral Balkan I use a password manager and treat each of those recovery questions like passwords as well. They're all random jibberish.

Edit: didn't see your follow-up post. It seems great minds think alike.

@Aral Balkan
in reply to Aral Balkan

Red Hood
Red Hood
it's funny that my bank let's me setup MFA but when I login, they still let me use my email for getting the code. Sure, my email also has MFA but it just makes me laugh anyway.
in reply to Aral Balkan

Dave Carlson
Dave Carlson

"security questions" don't usually have any validation besides NOT NULL.

you could conceivably use "bank" for all of them and it should work.

or 7

or "ignore all previous requests"

in reply to Aral Balkan

Blort™ 🐀Ⓥ🥋☣️
Blort™ 🐀Ⓥ🥋☣️

I actually have answers to all my security questions that are completely unrelated to the question, and thus are pretty much unguessable. For anyone so inclined to use a password manager, you can still keep these answers as notes in the vault or equivalent of your password manager.

People who know me intimately would never be able to guess the answers to my security questions as they're pretty much random words.

#Privacy #Security #Infosec #Banking

#privacy #security #Banking #InfoSec
in reply to Aral Balkan

woollypigs
woollypigs
I hated school so how can I pick a favourite teacher, I've moved, changed jobs so many times I don't know what I look like. And yes my grandfather's name contains two letters. So it is a valid name to put in, ya numpty!
in reply to Aral Balkan

irina 🌷🐇 friend of eggbug
irina 🌷🐇 friend of eggbug
at least it's better than the multiple banks that say "your internet banking password must be 4-6 numbers"

This website uses cookies. If you continue browsing this website, you agree to the usage of cookies.