This is not how password managers work @banksa...https://twitter.com/BankSA/status/1042631452158902272 …
-
-
- 12 more replies
New conversation -
-
-
Let's be clear --
@banksa is taking bizarre and intentional steps to prevent the use of strong passwords. In addition to an indefensible 12-character limit, this code serves the sole purpose of thwarting password managers: https://ibanking.banksa.com.au/InternetBankingResources/ibank2/javascript/screen/logonCrypto/logonCrypto.js … -
So it's not just "not support" -- it's "take exceptional steps to defeat." And there's really no way to get from one to the other. They're being user-hostile and explicitly promoting bad security practices. Either one should be enough to make customers move their money.
-
Incidentally, if you haven't read the code I cite above, you should do so. It's laughable in many ways. For example, it uses AES to encrypt a replacement cipher
, and includes the AES key and ciphertext in the calling page
.
It also forces your password to all lowercase.
End of conversation
New conversation -
-
-
Yeah. They don’t need to do anything extra. They just need to stop doing stupid shit that breaks things that would otherwise work.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
