Hacker News new | past | comments | ask | show | jobs | submit login

As many people in this thread pointed out: lots/most banks suck ta this. Tiny max length passwords, not 2fa, etc, etc...

Are there any Canadian banks which don't suck at this?




Chase is awful too, their passwords aren't case sensitive! If you have an account you can try it right now, type in your password and change the case of a letter and it doesn't make a difference.


So chase is storing passwords in plaintext? Or maybe storing a hash of every combination of case?


They probably lowercase passwords before hashing them.


I have TD and RBC, both can have complex longer passwords upto 32 character, but not a requirement(atleast when I changed passwords last time).

RBC supports finger print auth with their app, and forced security questions.


That 32 character password (on RBC) is case insensitive, unfortunately. I noticed when I logged in with caps lock on (so my cases were inverted) and it worked. =\


Actually, I have a new/beta wealthsimple savings account which supports 2fa, etc...




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: