this post was submitted on 02 Nov 2023
1641 points (99.6% liked)
Technology
59412 readers
3322 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Problem is big sites you're forced to use (banking sites, work HR systems, etc) would've made shitty decisions and required it to use their site. It would be like the old "you have to use IE 6" era
Banking site: We've implemented the Web Integrity API because security is important to us.
Also the banking site: Your password can only be six characters.
@ryper what? That's bizarre. Is this a US thing??
I'm in Canada and I haven't registered on a banking site recently, but I have definitely had stupidly low password length limits on banking sites in the past. The password from my old Bank of Montreal account that was last updated in 2015 is only 6 characters, and it's only numbers and letters; I would have definitely had 1Password generate a better password if the rules had allowed it.
Interesting. I'm in New Zealand and my bank passwords are all proper length and characterset. They also have 2FA.
I always thought it was just the US that has an antiquated banking system.
Tangerine used to have 4-6 digit PIN (no password) to access your online-only account.
Not sure if they still do. I believe so, though.
Various state and federal accessibility laws would've made that a very questionable decision for a lot of industries. Given that it would cost money simply to get programmers to implement and might lead to more costs from legal challenges I suspect a lot of sites like banks and the like would've avoided it.
Now when it comes to basically any news site, entertainment service, social media, online store, or anything else that makes extra money on ads and harvesting user data? Oh yeah, they'd implement it in a heartbeat.