What is a secure hypothetical way of granting access to an account when the customer lost access to their email and phone (so no pw reset or 2 factor authentication will work)?
The bank has to have other processes in place. They're not going to keep your money from you. Let's say they accept a driver's license as authentication or a debit card. These methods are way less secure than a secret password and possibly introduce more security risk than a rep having access to view a password.
A bad actor rep could then [almost] just as easily get a fake ID created to get the same access the password would have granted. I'm also assuming that the password was completely visible, not just a truncated version.
This is the root of my concern of not knowing all the risks and processes involved. I don't want to jump to conclusions without knowing the whole ecosystem.
What is a secure hypothetical way of granting access to an account when the customer lost access to their email and phone (so no pw reset or 2 factor authentication will work)?
The bank has to have other processes in place. They're not going to keep your money from you. Let's say they accept a driver's license as authentication or a debit card. These methods are way less secure than a secret password and possibly introduce more security risk than a rep having access to view a password.
A bad actor rep could then [almost] just as easily get a fake ID created to get the same access the password would have granted. I'm also assuming that the password was completely visible, not just a truncated version.
This is the root of my concern of not knowing all the risks and processes involved. I don't want to jump to conclusions without knowing the whole ecosystem.