irelephant [he/him]@programming.devM to iiiiiiitttttttttttt@programming.devEnglish · 2 days agoSimple security testprogramming.devimagemessage-square26fedilinkarrow-up1514arrow-down16
arrow-up1508arrow-down1imageSimple security testprogramming.devirelephant [he/him]@programming.devM to iiiiiiitttttttttttt@programming.devEnglish · 2 days agomessage-square26fedilink
minus-squarerothaine@lemm.eelinkfedilinkEnglisharrow-up23·1 day agoTangential rant: how did we get to a world in which shit like Plaid and Teller exist? The first rule of security is don’t tell people your password. The second rule of security club is DON’T FUCKING TELL PEOPLE YOUR PASSWORD. “We need to link your bank account” Ok “Put your password to your bank account in this little JavaScript widget” Bro??? What? To my fucking bank account? Arguably the most important password I have? “We promise we won’t log it” Oh, well ok then, as long as you pinky promise, I guess How is this considered NORMAL?! And now there’s some sites that won’t even let you do the “old way” of making tiny deposits! They demand that you use Plaid! AAAAHHH CRAZY PILLS
minus-squareSirQuack@feddit.nllinkfedilinkEnglisharrow-up8·1 day agoAgain, SEPA zones winning with PSD2 banking connections, which natively connect to your bank, and hands over an access token. It’s effectively oauth with a bank API and some strict requirements such as mTLS on the api calls.
Tangential rant: how did we get to a world in which shit like Plaid and Teller exist?
The first rule of security is don’t tell people your password.
The second rule of security club is DON’T FUCKING TELL PEOPLE YOUR PASSWORD.
“We need to link your bank account”
Ok
“Put your password to your bank account in this little JavaScript widget”
Bro??? What? To my fucking bank account? Arguably the most important password I have?
“We promise we won’t log it”
Oh, well ok then, as long as you pinky promise, I guess
How is this considered NORMAL?!
And now there’s some sites that won’t even let you do the “old way” of making tiny deposits! They demand that you use Plaid!
AAAAHHH CRAZY PILLS
Again, SEPA zones winning with PSD2 banking connections, which natively connect to your bank, and hands over an access token.
It’s effectively oauth with a bank API and some strict requirements such as mTLS on the api calls.