I just went through a call with my credit card company. 4 transfers later the only verification I've been asked is the last 4 of my social, my name, and when I was at the "highest level" of security they took the amazing step to... call me back. All because my credit card, which is travel focused, got flagged because I bought a <$300 plane ticket... They claimed I got an email and text message, which I got neither (I'm sure the email got filtered and same with the text message. Thanks Google. I'm glad you filtered those but not the emails addressed to someone else, "from" a hashed domain, and where the header is passed through 5 relay services -- including several .edus. -____-)
You are not alone. It is an __absolute joke__ that my github account is more secure than any banking service I use. How is it that the only 2FA they offer is text message? A method that's been known to be terrible for over a decade now. Where are my OTPs? They give me apps on my phone, why not push verification there? (Vanguard recently started doing this) Why can't I set up hardware keys or public private keypairs? Sure, I get that you still got to service grandma and grandpa, but at least give me something. In today's day and age the two most important services I have are email and banking. The former is impossible to resolve when shit hits the fan and the latter doesn't even implement basic security.
Something is very wrong, and I'm not sure it is even about money (unless short term vs long term). Dinky little websites implement better security than most baking services. Clearly the banks could reduce their spending on fraud detection and resolution if they added some basic security.
I will note that I had a Capital One account that used the card as a 2FA into the phone app. Was neat, other than Capital One was a whole shitshow on its own.
I'm also very surprised at how much spam gets through services like Gmail and Twitter which could be easily detected by Naive Bayes filters. Something is very wrong.
USAA actually does push passcodes using their app.
The banks' understanding of security is so poor that they push people to use voice or fingerprint authentication. My wife constantly fights Wells Fargo about it every time she calls them because they want to helpfully sign her up for their voiceprint service so she doesn't have to use her PIN anymore. She used to work in a retail cellphone store so has heard tons of horror stories of people signing up for the same and then getting their voice deepfaked by a telemarketer to access their accounts.
LOL what a joke. Isn't there even a news story floating around about someone deep faking Biden's voice? I expect banking security to be better than what's in the public lexicon, not worse.
I can log into chase.com with my password in any case. Banking security is an absolute joke.
The interesting part is that if I have to do a 2FA SMS challenge, I am required to re-enter my password. At this point the password checking becomes case sensitive.
You are not alone. It is an __absolute joke__ that my github account is more secure than any banking service I use. How is it that the only 2FA they offer is text message? A method that's been known to be terrible for over a decade now. Where are my OTPs? They give me apps on my phone, why not push verification there? (Vanguard recently started doing this) Why can't I set up hardware keys or public private keypairs? Sure, I get that you still got to service grandma and grandpa, but at least give me something. In today's day and age the two most important services I have are email and banking. The former is impossible to resolve when shit hits the fan and the latter doesn't even implement basic security.
Something is very wrong, and I'm not sure it is even about money (unless short term vs long term). Dinky little websites implement better security than most baking services. Clearly the banks could reduce their spending on fraud detection and resolution if they added some basic security.
I will note that I had a Capital One account that used the card as a 2FA into the phone app. Was neat, other than Capital One was a whole shitshow on its own.
I'm also very surprised at how much spam gets through services like Gmail and Twitter which could be easily detected by Naive Bayes filters. Something is very wrong.