Free text and fuvk now no c c

12-Jan-2020 11:14

I was surprised to notice last week that the bank is charging me /month in account fees unless I keep a minimum of 00 in it at all times (effectively, an interest-free loan to the bank).

For 4 a year, I think they can afford an RSA token or something better than the existing nonsense.

But I have never seen a study that shows this to be so.

It may well be that many set their banking password as the first account they ever used on the Internet and then reuse this same password for subsequent systems.

I know, the bank makes money from fees and that's the price I pay for access to a large ATM network.I distinctly remember a time when they made money from lending, while still managing to have a risk management policy grumble grumble Banks are moving to multifactor auth systems. Buy me a beer next time I'm in San Francisco and I'll give you anecdotal details I can't give here.

I think one obvious (but HN-unfriendly) point to be made here is that the overwhelming vast majority of bank customers could give a shit about online authentication systems. If your profile info is accurate, you live in a region served by the SF Fire Credit Union (

Of course all of this needs to be matched by the proper security rules on the backend, which, given their cluefulness with frontend, I trust them to have.p.s.Regular users reuse passwords given the opportunity to do so, and most of them will happily cough up their bank password to, quite literally, any site on the Internet.There's got to be some weird game-theory solution for "Maximize for security while simultaneously minimizing the sum of all accounts on the Internet which have a password that could possibly collide with a valid password on this site."As someone that has been the lead for many large banking systems, I can say your intuition on this one is off.That said, indeed now I remember that the password rule they had is kinda stupid.But I have only one bank and I can make the exception for them, given that they have done their homework otherwise.p.p.s.

Of course all of this needs to be matched by the proper security rules on the backend, which, given their cluefulness with frontend, I trust them to have.p.s.

Regular users reuse passwords given the opportunity to do so, and most of them will happily cough up their bank password to, quite literally, any site on the Internet.

There's got to be some weird game-theory solution for "Maximize for security while simultaneously minimizing the sum of all accounts on the Internet which have a password that could possibly collide with a valid password on this site."As someone that has been the lead for many large banking systems, I can say your intuition on this one is off.

That said, indeed now I remember that the password rule they had is kinda stupid.

But I have only one bank and I can make the exception for them, given that they have done their homework otherwise.p.p.s.

They'll get the other accounts once you log into them.