Canada

9621 readers

1169 users here now

What's going on Canada?

Related Communities

🍁 Meta

🗺️ Provinces / Territories

🏙️ Cities / Local Communities

Sorted alphabetically by city name.

🏒 Sports

Hockey

Football (NFL): incomplete

Football (CFL): incomplete

Baseball

Toronto Blue Jays

Basketball

Toronto Raptors

Soccer

Main: /c/CanadaSoccer
Toronto FC

💻 Schools / Universities

Sorted by province, then by total full-time enrolment.

💵 Finance, Shopping, Sales

🗣️ Politics

General:
- Canada Politics
- FairVote Canada
Federal Parties (alphabetical):
- Animal Protection Party of Canada
- NDP
By Province (alphabetical):
- BC Greens

🍁 Social / Culture

Rules

Keep the original title when submitting an article. You can put your own commentary in the body of the post or in the comment section.

Reminder that the rules for lemmy.ca also apply here. See the sidebar on the homepage: lemmy.ca

founded 4 years ago

MODERATORS

otter

mp3

otters_raft

CRA now allows 2FA apps (infosec.pub)

submitted 1 year ago by [email protected] to c/canada

26 comments fedilink hide all child comments

What the title says. Before you had to choose either SMS / call via phone or a very clunky code grid.

you are viewing a single comment's thread
view the rest of the comments

[–] jadero 2 points 1 year ago (1 children)

Over the years, I've been with all the big Canadian banks and a couple of different credit union networks. They're all trash, in my opinion. I've sent security notices to all of them and never had a response, nor any evidence that they addressed the problems. TD just happens to be the place we landed after giving up on everyone else.

As for transaction downloads, I couldn't tell you. I gave up on ever having access to my data, so I just record it manually.

Security notice examples:

TD was running their SSL/TLS in a way that made them vulnerable to downgrade attacks.

A credit union finally upgraded their login page to allow a real password instead of just a 6-digit PIN. It took repeated complaints and some customer lobbying to get that, but the new page also blocked access to pasting and autofill, negating the utility of a password manager.

[–] axby 2 points 1 year ago (1 children)

Ah, I hadn’t heard of the SSL issue, thanks for sharing!

I’ve noticed that Tangerine only allows for a 6 digit pin, but I think they might also allow for a security question and SMS 2FA? I started signing up with them and gave up when they required a Canadian cell number (I hadn’t yet switched due to high costs, but recently they’ve become surprisingly reasonable—ignoring roaming) and I saw the 6 digit pin password requirement.

I think it was also BMO that a friend told me required a maximum 8 character password until very recently?

Anyway overall, thanks for reassuring my suspicion: I should just pick one of the banks and not let “perfect” (or even “decent”) be the enemy of “almost adequate but not great”.

[–] jadero 2 points 1 year ago

Also, for what it's worth, TD is not just the only bank I know of, but the only website I know of that allows for a user-generated username to be used for login. My TD username was generated by the password generator of my password manager :)

So they don't get it all wrong.