this post was submitted on 04 Apr 2024
1019 points (98.8% liked)

linuxmemes

20909 readers
1517 users here now

I use Arch btw

Sister communities:

Community rules

  1. Follow the site-wide rules and code of conduct
  2. Be civil
  3. Post Linux-related content
  4. No recent reposts

Please report posts and comments that break these rules!

founded 1 year ago
MODERATORS
poopsmith@lemmy.world
zephyr@lemmy.world
rtxn@lemmy.world
1019
Why don't banks like root on Android? (lemmy.world)
submitted 6 months ago by Waffelson@lemmy.world to c/linuxmemes@lemmy.world
188 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] MeanEYE@lemmy.world 58 points 6 months ago (16 children)

Because as per usual they don't understand security. I have started choosing my bank based on software they have. If software looks competent, that's my most significant influence.

They think rooted device = insecure device, but at the same time PC is even less secure and yet all the business users use them and more to the point have passwords written on a sticky note glued to the screen. My old bank at one point "upgraded" their software system and then started asking me for weird characters in password and then asked for maximum length which was the final sin I allowed them to commit. Left them that week.

[–] lemmyvore@feddit.nl 30 points 6 months ago (9 children)

My bank keeps their app up to date with all the latest anti-root stuff but allows passwords made of 5 digits. ¯\_(ツ)_/¯

[–] trafficnab@lemmy.ca 7 points 6 months ago (2 children)

Unless they've changed it very recently, Paypal still limits your password to 20 characters

[–] ozymandias117@lemmy.world 10 points 6 months ago (1 children)

Unless they’ve changed it very recently, Wells Fargo’s passwords are case insensitive

[–] trafficnab@lemmy.ca 6 points 6 months ago (1 children)

Air Canada's online account system required a 6 character password, which was secretly converted via T9 to 6 numbers on the back end, meaning "aaaaaa" and "bbbbbb" were effectively the same password, and this was only fixed in 2018

[–] 4z01235@lemmy.world 2 points 6 months ago (1 children)

That sounds like someone who topped out with highschool level programming tried to implement a hash algorithm.

[–] trafficnab@lemmy.ca 4 points 6 months ago

My personal theory is that it's a remnant of an old system that was only accessible by phone (hence the 6 digit pin), and they simply grafted an online component on top of it

[–] MeanEYE@lemmy.world 5 points 6 months ago (1 children)

Any service that limits maximum length of the password means they are not hashing them. Which is a scary proposition, especially for such a huge service.

[–] trafficnab@lemmy.ca 3 points 6 months ago (1 children)

That's normally my assumption too but surely PayPal has proper security, right? Right??

[–] MeanEYE@lemmy.world 2 points 6 months ago

It's possible that limit is either gone or vestige from a bygone age and they are hashing passwords properly now. Either way they do seem like they take security seriously.

load more comments (6 replies)
load more comments (12 replies)