by mike808137 » Sat Jul 09, 2016 10:06 pm
Start naming names, people. Referencing "my bank" or vague "european banks" won't help any of us understand exactly what you're talking about, nor will it help LastPass reach out to those institutions to figure out a way to address this goofy login issue.
I noted someone said it is only part of the login, in that you have to provide your full password in one place and then in some other place, they only ask you for some random character(s) from the password you entered earlier.
I'm not sure that's of any actual security benefit - if the bad guys already know your entire password, they can certainly enter the partial characters any other time. It is also trivially provable that they MUST BE STORING A DIRECT COPY YOUR PASSWORD - one that can be STOLEN and COPIED WITHOUT THEIR KNOWLEDGE. That's the entire point of a password breach.
I seem to recall that the europeans also believed that the world was flat too. Didn't make it any more true than the claim that europeans are more susceptible to mass stupidity than in other parts of the world.
If your bank is doing this, they're doing security wrong as well as just inflicting pointless complexity upon their users And that is a provable fact, just as 1 + 1 = 2. Don't reward their failed security theatre with your business or money.
Post URLs and call these securty clowns out.