How is this legal? This has to be the most insecure login method I’ve ever seen. They removed the password from my account without consent and have no way to go back to requiring a password. Literally all an attacker has to do it gain control of either my phone/email and brute force a 4 digit pin. I’m going to have to change banks because of this.

Oh also I posted this on the bad version of Lemmy and the mod tried to claim that this method of auth is actually more secure than a password, posted a Wikipedia article about passkeys, and then locked the post… In no reality is it at all possible that this is more secure than a password.

So stay away from One Finance if you value your money

  • Dr. Wesker
    link
    fedilink
    English
    10
    edit-2
    9 months ago

    I don’t think that person that commented on your reddit post accurately understands the article they linked. From your description this doesn’t seem like passwordless auth.

    • @[email protected]OP
      link
      fedilink
      English
      89 months ago

      Well technically there is no password… but it’s not what passwordless auth is supposed to mean

      • key
        link
        fedilink
        English
        109 months ago

        It’s password and MFA with your Pin acting as a super duper insecure password.