- I bank with Chase.
- My current password is long enough and not made of any known words, but it has no digits in it.
- www.chase.com recognizes machines you sign in from (cookie or browser fingerprint, I do not know).
- When I use a new machine or browser installation, they redirect to a page where I can get a verification code sent to me via text or email.
- When I click Send, they direct me to a page where I must enter the access code and my current password.
Nothing that special so far, simple 2-factor authorization. But wait for it.......
When I enter my access code and password, it rejects the password in browser side code because it does not have a number in it. They have implemented the new password policy in the UI, without making sure the customers have complied with the new policy. I can certainly work around this, but they are going to have some unhappy people over the next few months.
1 comment:
Huh. I didn't know about the two factor auth feature.
Post a Comment