this post was submitted on 23 Feb 2024
56 points (98.3% liked)

Canada

7203 readers
398 users here now

What's going on Canada?



Communities


🍁 Meta


🗺️ Provinces / Territories


🏙️ Cities / Local Communities


🏒 SportsHockey

Football (NFL)

  • List of All Teams: unknown

Football (CFL)

  • List of All Teams: unknown

Baseball

Basketball

Soccer


💻 Universities


💵 Finance / Shopping


🗣️ Politics


🍁 Social and Culture


Rules

Reminder that the rules for lemmy.ca also apply here. See the sidebar on the homepage:

https://lemmy.ca


founded 3 years ago
MODERATORS
 

What the title says. Before you had to choose either SMS / call via phone or a very clunky code grid.

you are viewing a single comment's thread
view the rest of the comments
[–] jadero@lemmy.ca 2 points 8 months ago (1 children)

Over the years, I've been with all the big Canadian banks and a couple of different credit union networks. They're all trash, in my opinion. I've sent security notices to all of them and never had a response, nor any evidence that they addressed the problems. TD just happens to be the place we landed after giving up on everyone else.

As for transaction downloads, I couldn't tell you. I gave up on ever having access to my data, so I just record it manually.


Security notice examples:

TD was running their SSL/TLS in a way that made them vulnerable to downgrade attacks.

A credit union finally upgraded their login page to allow a real password instead of just a 6-digit PIN. It took repeated complaints and some customer lobbying to get that, but the new page also blocked access to pasting and autofill, negating the utility of a password manager.

[–] axby@lemmy.ca 2 points 8 months ago (1 children)

Ah, I hadn’t heard of the SSL issue, thanks for sharing!

I’ve noticed that Tangerine only allows for a 6 digit pin, but I think they might also allow for a security question and SMS 2FA? I started signing up with them and gave up when they required a Canadian cell number (I hadn’t yet switched due to high costs, but recently they’ve become surprisingly reasonable—ignoring roaming) and I saw the 6 digit pin password requirement.

I think it was also BMO that a friend told me required a maximum 8 character password until very recently?

Anyway overall, thanks for reassuring my suspicion: I should just pick one of the banks and not let “perfect” (or even “decent”) be the enemy of “almost adequate but not great”.

[–] jadero@lemmy.ca 2 points 8 months ago

Also, for what it's worth, TD is not just the only bank I know of, but the only website I know of that allows for a user-generated username to be used for login. My TD username was generated by the password generator of my password manager :)

So they don't get it all wrong.