Banks. They screw us on interest rates, they screw us on fees and they screw us on passwords. Remember the old "bank grade security" adage? I took this saying to task almost a decade ago now but it seems that at least as far as password advice goes, they really haven't learned. This week, Commbank is telling people to use a password manager but just not for their bank password, and ANZ bank is forcing people to rotate their passwords once a year because, uh, hackers? Ah well, as I always end up lamenting, it's a great time to be in this industry! 🤣

References

1. Sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite
2. T2 tea got themselves scaled by a data breach (don't hate me, that's not my analogy!)
3. Piping Rock became the 4th victim of shopifyGUY (I wonder where he's finding those API keys?)
4. Lufthansa provided some advice on how not to get p(ra)wned (cool piece, but "Keepass is already installed on most devices" misses the mark by a long way)
5. Bank security is important, so why is Commbank telling people to keep their most important passwords in the least secure place?! (it just defines logic)
6. And while we're talking banks, why is ANZ mandating password rotation in the absence of suspicion of compromise?! (it's been many years since this thinking was flushed down the toilet)