Forum Overview :: Hacker
 
Unnamed bank - wild animal security avatar by Ice Cream Jonsey 06/15/2020, 2:38pm PDT
The bank in question invented a process where you picked a security avatar. If I remember right, it was one of a few dozen wild animals. You couldn't upload your own, mind you, there was a set and it wasn't infinite.

The deal was, after you picked it, it would show up as part of your logon process forever. You would always be able to see a genuine logon screen for the bank because after you put your username in and clicked next, the picture of the moose would show up.

This was stupid for two reasons:

1. You're telling your customers that this picture will always be there. The feature as a whole is moronic and poorly thought out, but the entire premise is that if we ever see a logon screen without it, we should run far away and not put our password in.
2. They are tying themselves to a logon process "forever" where you input the username, click next, they retrieve the avatar and display it, and after that you put your password in. They would never be able to support username and password in the same box ever again. This bank could be around for another hundred years! What folly!

Of course, what happened was they just stopped putting the avatars up, they changed their website's logon process to allow for username and password to be entered at the same time and just sort of hoped nobody would remember this really stupid attempt at "security" through the eyes of a first grader.

(The avatar thing lasted around 3 years.)
PREVIOUS NEXT REPLY QUOTE
 
Mankind's ability to screw up a logon screen is limitless. A thread. by Ice Cream Jonsey 06/15/2020, 9:02am PDT NEW
    Unnamed bank - wild animal security avatar by Ice Cream Jonsey 06/15/2020, 2:38pm PDT NEW
        Bank of America and the problem with that by The Happiness Engine 06/15/2020, 4:45pm PDT NEW
            I actually like the idea of the website validating itself, but it won't happen by blackwater 07/02/2020, 10:15pm PDT NEW
    Mortgage website by Ice Cream Jonsey 07/02/2020, 6:31am PDT NEW
        Re: Mortgage website by laudablepuss 07/02/2020, 11:25am PDT NEW
            Webshits can't understand input validation, which was solved by 2005. NT by The Happiness Engine 07/02/2020, 4:04pm PDT NEW
    Why would anyone conceal the MFA code in your login screen? by laudablepuss 07/09/2020, 8:32am PDT NEW
        Re: Why would anyone conceal the MFA code in your login screen? by Quentin Beck, worst Caltrops Poster 07/09/2020, 9:12am PDT NEW
    I am Hackerman. NT by Hackerman 07/21/2020, 2:09pm PDT NEW
    Windows 10 login pin by Micro$loth WinBLOWS 07/26/2020, 8:19am PDT NEW
        If you don't want logins on your win 10 home PC, unplug the internet. Seriously. by MM 07/26/2020, 8:33am PDT NEW
            Heed MMs Hacker Tip of the Day by OTG 07/26/2020, 9:59am PDT NEW
 
powered by pointy