It depends, are you a man in the middle site, collecting and selling everything about everyone who is going through you? Then you don't want to have to bother with pesky HTTPS. You may even want to provide a telnet service.
I was applying to work for a bank. Their front page looks good, but the part to apply for jobs and manage your bank account is poorly made. It is a big bank in Brazil and there aren't many banks around here. The only reason I can think of is pure insane greed, since is good business for a bank to at least appear to have a good website that goes beyond the first page.
Sounds about right. Banks are terrible like that simply because they can have the state come down on anyone that bothers them like a ton of bricks. And then take out insurance to cover any theft that affects them. Or just say it was their customer's money that was stolen instead.
Oh, security and design of online banking systems is horrible. Mine uses what has to be the worlds easiest captchas for bot prevention, and, before entering PW, makes you answer one of your security questions.... which are then used for PW reset. And of course its the same useless security questions you see everywhere (though they have the option to add your own, thankfully). The one good thing is that I can configure it so that I get an email every time someone logs into the online portal.
I do, I use a password manager for everything that I keep on an encrypted USB stick, and treat security questions as passwords. But that doesn't mean that the majority of their customers will.
17 comments
7 u/pyres 30 Apr 2017 17:51
It depends, are you a man in the middle site, collecting and selling everything about everyone who is going through you? Then you don't want to have to bother with pesky HTTPS. You may even want to provide a telnet service.
7 u/Torchhead [OP] 30 Apr 2017 17:59
I was applying to work for a bank. Their front page looks good, but the part to apply for jobs and manage your bank account is poorly made. It is a big bank in Brazil and there aren't many banks around here. The only reason I can think of is pure insane greed, since is good business for a bank to at least appear to have a good website that goes beyond the first page.
14 u/Datawych 30 Apr 2017 18:22
What. The. Fuck.
0 u/Plavonica 30 Apr 2017 21:58
Sounds about right. Banks are terrible like that simply because they can have the state come down on anyone that bothers them like a ton of bricks. And then take out insurance to cover any theft that affects them. Or just say it was their customer's money that was stolen instead.
0 u/Donbuster 01 May 2017 13:19
Oh, security and design of online banking systems is horrible. Mine uses what has to be the worlds easiest captchas for bot prevention, and, before entering PW, makes you answer one of your security questions.... which are then used for PW reset. And of course its the same useless security questions you see everywhere (though they have the option to add your own, thankfully). The one good thing is that I can configure it so that I get an email every time someone logs into the online portal.
0 u/TheCompanionCube 01 May 2017 14:41
Pro tip on security questions: treat your answers like passwords. What is your moms maiden name? Nk13+awR
0 u/Donbuster 01 May 2017 16:21
I do, I use a password manager for everything that I keep on an encrypted USB stick, and treat security questions as passwords. But that doesn't mean that the majority of their customers will.
2 u/NassTee 30 Apr 2017 19:05
Then you shouldn't want to work there.
2 u/Atasas 30 Apr 2017 19:57
minor, next to nothing scripting error... moving along!
1 u/AmaleksHairyAss 30 Apr 2017 22:24
Before you move along you should leave a snarky one liner so we all know how cool you are.
1 u/Zaimiel 01 May 2017 14:47
Why would we hire you if we cant read your traffic? /s
0 u/OhRutherfordBehave 30 Apr 2017 19:11
Whats there to know about HTTPS?
0 u/mbenbernard 03 May 2017 15:34
I'm curious to know - what site is that?