Banks. They screw us on interest rates, they screw us on fees and they screw us on passwords. Remember the old "bank grade security" adage? I took this saying to task almost a decade ago now but it seems that at least as far as password advice goes, they really haven't learned. This week, Commbank is telling people to use a password manager but just not for their bank password, and ANZ bank is forcing people to rotate their passwords once a year because, uh, hackers? Ah well, as I always end up lamenting, it's a great time to be in this industry! 🤣
References
- Sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite
- T2 tea got themselves scaled by a data breach (don't hate me, that's not my analogy!)
- Piping Rock became the 4th victim of shopifyGUY (I wonder where he's finding those API keys?)
- Lufthansa provided some advice on how not to get p(ra)wned (cool piece, but "Keepass is already installed on most devices" misses the mark by a long way)
- Bank security is important, so why is Commbank telling people to keep their most important passwords in the least secure place?! (it just defines logic)
- And while we're talking banks, why is ANZ mandating password rotation in the absence of suspicion of compromise?! (it's been many years since this thinking was flushed down the toilet)