this post was submitted on 09 Sep 2024
590 points (99.5% liked)

Programmer Humor

19623 readers
507 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 1 year ago
MODERATORS
 

Edit: @Successful_[email protected] solved it. It says "one special character". Not "at least one".

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 8 points 2 months ago (2 children)

Some internet banking sites give access after only asking for login password. They will only ask for transaction password and OTP (that will only come on phone) later on. Asking for two passwords isn't necessarily more secure since many people will just reuse their original one again. And OTP instead of offering something like hardware security key is insane.

[–] [email protected] 5 points 2 months ago

My bank uses 6 digit 'customer number' (which is set by the bank) and that's verified with an app and a personal PIN (app shows 'login attempt ABCD at mm.dd. hh:mm' where ABCD is shown on login page too) or via SMS OTP (again with 'ABCD' verification). And again with personal pin + app or OTP to confirm transactions. The app itself can be protected with a fingerprint or phone pin and every new installation needs to be registered to the system, so I can't just use my phone app to access my wifes account (or anyone elses) but I still can map multiple accounts (like corporate ones) to the same installation.

I think that's pretty reasonable approach.

[–] [email protected] 3 points 2 months ago

Reason why I took a hardware tan generator versus using the OTP function of one of their other apps.
Thanks but no, I will use the old crusty method as I know how easy that's hacked.