undefined | Better HN

0 pointsxkcd-sucks3y ago0 comments

I got halfway through the "Privacy.com" sign up process and discovered they wanted my online banking username and password to access funds, with some ridiculous alternative like mailing a paper check

0 comments

3 comments · 2 top-level

blamazon3y ago· 1 in thread

Yeah... that's FinTech. I find it soothing to consider how little I trust my bank with those credentials when I'm handing them over.

xkcd-sucksOP3y ago

At the very least one would expect the bank to be salting and hashing - PrivacyDotCom presumably has to keep the plaintext in some form in order to use them!

As a secondary concern, the bank has occasional 2fa, and definitely does some kind of anomaly detection. Primed by the ickiness of the user/pass request I just had a mental image of some hacky Selenium script on an AWS IP address filling out the login form and getting my online banking disabled proactively.

jiveturkey3y ago

privacy.com is just like VPNs. It's not private; you're "just" moving the pieces. That's not to say that these things aren't useful, but caveat emptor.

j / k navigate · click thread line to collapse