this post was submitted on 21 Aug 2024
601 points (98.1% liked)

Privacy

32173 readers
947 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Not only does the credit bureau max out their password length, you have a small list of available non-alphanumeric characters you can use, and no spaces. Also you cannot used a plused email address, and it had an issue with my self hosted email alias, forcing me to use my gmail address.

Both Experian and transunion had no password length limitations, nor did they require my username be my email address.

Update: I have been unable to log into my account for the last 3 days now. Every time I try I get a page saying to call customer service. After a total of 2 hours on hold I finally found the issue, you cannot connect to Equifax using a VPN. In addition there is no option for 2FA (not even email or sms) and they will hang up on you if you push the issue of their security being lax. Their reasoning for lax security and no vpn usage is "well all of our other customers are okay with this".

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 53 points 3 months ago (2 children)

Financial institution security is quite frankly a freaking joke. My bank only has the options for 11 character passwords at maximum. It's like oh come on that is way too easy these days

[–] cm0002 18 points 3 months ago

Oh but wait! That non-customizable ~~account number~~ user ID that you have to wait for in the mail is definitely top notch security!

[–] bassomitron 13 points 3 months ago (1 children)

Honestly, that's a sign to me that your bank doesn't take cybersecurity seriously and would possibly consider switching. Mine has amazing security as well as fraud detection. Sometimes it'll even send me a text to verify a purchase if their software thinks it's weird I got across town too quickly, though that's pretty rare so it isn't overly aggressive/inconvenient.

[–] [email protected] 2 points 3 months ago (1 children)

In Germany at least, I hear that banks have weird law requirements for these weird security things, like photoTAN.

I'd be much happier if they'd just let me do my usual setup with password, totp and my hardware token.

[–] [email protected] 3 points 3 months ago* (last edited 3 months ago)

In the US the FDIC sets security requirements for banks and audits annually, and they keeps raising requirements every year or so. At this point its just easier for a bank to invest in following current best practices and keep updating to the current best practices than to keep chasing every new finding on the FDIC audits each year

Source: I worked in IT at a bank for a while