Why are my video games and email more secure than my bank?

[GWestphal]

My email and video games use two factor authentication. Why is it that my bank password is limited to fewer than 14 characters and can't start with a number or a symbol and does not have two factor auth?

GG Banks...

 

[OverVolt]

Because no one is dumb enough to try and steal your bank information. The bank will undo the transactions, and the person will go away for a long long time.

Times bank has been hacked: 0

Times game accounts have been hacked:2

Times email has been hacked :1 (for one of said games)

My email had one-click amazon ordering, etc. They totally ignored it and used it to recover my game passwords. They LURRVVVEEEE dem vidya games. Seriously the biggest security risk ever is playing a Blizzard game.

 

[GWestphal]

Do you have two factor auth on your gmail account?

 

[Crono]

Because video games only have digital protection while banks have criminal investigation teams and the FBI going after those who steal.

 

[OverVolt]

For starters I would have to be using gmail so I guess not.

 

[dighn]

banks also tend to you lock you out after 3 tries. brute forcing/password guessing is usually unfeasible. if your password is compromised or easy to guess, longer doesn't help you.

 

[shortylickens]

I dont know. But lets blame the government so they have an excuse to drain a trillion dollars from us and offer piss-poor protection in return.

 

[Red Squirrel]

Two factor authentication would probably cost too much to consider the fees you pay to the bank compared to the fees you pay to a game like WoW. An RSA token cost's a good 80 bucks last I checked. Competitors maybe a bit less, but still need to buy an RSA appliance or equivalent, and overall it makes an extra infrastructure to support. Then all the dumb people who can't figure out how to enter their pin + securid etc... So add a whole help desk just for that one feature.

Though I definitely would welcome such a feature for a bank. At the very least though they should at least have brute force protection. I just use a super long password, something like 30 digits and it's stored in a AES256 encrypted data file and it gets copy and pasted. Someone would need to hack my computer or my network while I'm loading the page to get the password.

Never login to your bank using an untrusted network and never store your password in a way someone could get it. Do not reuse the password for anything else either, since lately there seems to be lot of sites that get hacked and lot of these sites are storing user passwords in plain text.

 

[0roo0roo]

because the bank is probably using some old system behind that front end which is why it has such stupid restrictions on passwords

the bank factors in loss as part of doing business, it takes this loss and covers it by raising rates for customers, you pay for their laziness. like it or not thats why.

why do companies lose all those passwords and personal data? no real criminal or financial penalty thats why.

redsquirrel you give the banks way too much credit, and also ..they aren't poor either, they can afford it. they do what they can get away with. ever wonder why credit card rates are so high, i'm not talking interest but what they charge retailers, its because they have an effective monopoly. they set their rates back when data was very expensive, they had modems on telephone lines and the rest, internet was nothing back then, but their rates are basically unchanged to this day. its no different from how the wireless companies charged ridiculous rates for text messages for the longest time, cost per kb more than communicating with the space station even, its all because they were in a market that was lacking competition and so they could.

 

[OutHouse]

Because no one is dumb enough to try and steal your bank information. The bank will undo the transactions, and the person will go away for a long long time.

Times bank has been hacked: 0

Times game accounts have been hacked:2

Times email has been hacked :1 (for one of said games)

My email had one-click amazon ordering, etc. They totally ignored it and used it to recover my game passwords. They LURRVVVEEEE dem vidya games. Seriously the biggest security risk ever is playing a Blizzard game.

WTF??

 

[OutHouse]

An RSA token cost's a good 80 bucks last I checked.

there are digital version of token generators. i have 3 on my android.

 

[GWestphal]

I have 2 smartphone based authenticators and an RSA token only costs $10. But there is not excuse not to at least offer the option.

 

[Crono]

I have 2 smartphone based authenticators and an RSA token only costs $10. But there is not excuse not to at least offer the option.

They offer RSA tokens if you have large sums of money in your account... or some such condition. I know I used a couple for work a few years ago when I was doing bookkeeping for a gas station company.

EDIT: Looked like this, not sure if they are RSA:

 

[Demo24]

Probably don't care as much about the end user. Now for businesses and other agencies they do. I had to re-setup an account at BOA for an accountant recently, they had a pretty neat certificate setup going on there.

 

[Phoenix86]

banks also tend to you lock you out after 3 tries. brute forcing/password guessing is usually unfeasible. if your password is compromised or easy to guess, longer doesn't help you.

Brute force attacks are (generally) done offline vs. the encrypted password. Once the password is known they go to the actual login screen and use it.

There's about 0 reason for banks to not offer 2 factor auth. via smartphones. Physical tokens are unnecessary.