What the title says. Before you had to choose either SMS / call via phone or a very clunky code grid.

  • jadero
    link
    fedilink
    arrow-up
    2
    ·
    4 months ago

    Over the years, I’ve been with all the big Canadian banks and a couple of different credit union networks. They’re all trash, in my opinion. I’ve sent security notices to all of them and never had a response, nor any evidence that they addressed the problems. TD just happens to be the place we landed after giving up on everyone else.

    As for transaction downloads, I couldn’t tell you. I gave up on ever having access to my data, so I just record it manually.


    Security notice examples:

    TD was running their SSL/TLS in a way that made them vulnerable to downgrade attacks.

    A credit union finally upgraded their login page to allow a real password instead of just a 6-digit PIN. It took repeated complaints and some customer lobbying to get that, but the new page also blocked access to pasting and autofill, negating the utility of a password manager.

    • axby
      link
      fedilink
      arrow-up
      2
      ·
      4 months ago

      Ah, I hadn’t heard of the SSL issue, thanks for sharing!

      I’ve noticed that Tangerine only allows for a 6 digit pin, but I think they might also allow for a security question and SMS 2FA? I started signing up with them and gave up when they required a Canadian cell number (I hadn’t yet switched due to high costs, but recently they’ve become surprisingly reasonable—ignoring roaming) and I saw the 6 digit pin password requirement.

      I think it was also BMO that a friend told me required a maximum 8 character password until very recently?

      Anyway overall, thanks for reassuring my suspicion: I should just pick one of the banks and not let “perfect” (or even “decent”) be the enemy of “almost adequate but not great”.

      • jadero
        link
        fedilink
        arrow-up
        2
        ·
        4 months ago

        Also, for what it’s worth, TD is not just the only bank I know of, but the only website I know of that allows for a user-generated username to be used for login. My TD username was generated by the password generator of my password manager :)

        So they don’t get it all wrong.