Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Spains banks (I’ve used two so far) simply use your ID number which is used in a lot of places and not considered secret and enforces a 4 digit password.

It’s an absolute joke.



I wondered once about this, but it kind of make sense from the point of view of usability.

Unlike any webservice, you usually have very few attempts to make a successful login before getting locked out, so even if it's four digits, the odds of a successful brute force attack are very low


I suppose so, I just find it funny really that my bank has less password requirements than most (if not all) online services I use


Bank Of America requires to tell them a 2FA code sent over SMS, when SMS literally says:

   <#>BofA: DO NOT share this code. We will NEVER call you or text you for it.
No, it wasn't scam, seen that process physically visiting a branch on agent's display multiple times.


My bank does that for in person visits but you key in the code on a PoS style keypad at their desk


Most banks in Spain require physical presence in the branch for 2fa


You mean to set up a second factor, they require you to go into a branch?




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: