Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I feel the bank should be liable for stolen funds or information in the case of a security breach.


Yes, I expect the bank to protect my money. What I'm saying is how they actually do it, clear text pwd or whatever is not really my concern. Why should I ?


You’re right, you’ll probably get your money back if your password gets stolen.

Eventually. Might be real disruptive if you’re in the middle of buying a house.

I’d probably choose my bank to minimize my chances of dealing with a giant bureaucracy for however long (and the non–zero possibility that I actually won’t get my money back). But if that’s not “damage” to you, feel free to keep doing business with them!


>Might be real disruptive if you’re in the middle of buying a house.

Agree, I consider this a damage but if the bank can avoid causing me any disturbance despite of using clear text password or <insert any other questionable security practice> then why should I be concerned ?


The same reason you might be concerned even if a doctor can deliver a baby safely despite not washing his hands in between a cadaver examination and touching your wife.

Do you feel lucky? Well, do ya?


Sure, If the doctor can deliver baby safely and not causing any other damage despite not washing hands then what's the issue?

That's why I asked what is the actual damage. Is the money is stolen ? Is the money can't be accessed ? If the bank doesn't do me any actual damage despite the clear text password then I don't see why I should be concerned.

I guess I can see that for some people, clear text password usage can cause them anxiety and lose some sleep.


Are you genuinely saying that when you see someone putting you at risk, that you do not see a problem with it until a problem actually occurs?

Imagine you worked in a building for a week and didn’t die in a fire. Would you have a problem with discovering that the writing was done by a amateur, there were piles of lint and fabric everywhere, and there was only one revolving-door exit?

If yes, then you understand the problem of risk and its just a question of magnitude.

If not, then you should be aware that you see the world dramatically differently than most people.


The risk are highly exaggerated, the damage may never occurs in the first place.

It may seem unlikely that the bank can keep my money save by using plain text pwd but if they can somehow do that, why do I care.

Even in the unlikely event that the money is stolen but if the bank can handle that without causing me disruption then whats the issue.


This the most intelligent thing I've heard on this thread.

So long as I'm not holding the bag should my account with them go haywire, I don't care. This is why shared passwords are bad.


Sounds like they are open to social engineering attacks, if you can get a rep to describe the password to you... Meaning I could pretend to be you and get your money.


Maybe but that is their problem. Its still the bank responsibility to deal with that.


Well any risk is going to be paid by the customer in the end. If they lose 0.01% of their deposits because of a vulnerability, they're gonna be charged more by their insurance and eventually charge it on their service fees to customers.


You're implicitly suggesting that the bank can either pass on the costs without people noticing, or that they have no competition, so they can set fees and interest rates to whatever they like. I don't think either is true. We do regulate banks, and this is why it's vital.

You could just as well say the cost is going to be paid by the shareholders, the public (in the form of reduced taxes), or the employees.


Yes, if they cause the customer actual damage, such as increased fees then it is a concern. But if there is no actual damage then what's the issue?


They are... there's also multiple levels of insurance to cover it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: