##passwd: site traits #bank++

Posted on by tiger40490 rendered_on [ Thu, 6 Mar 2025 ] 12:53 UTC

k_passwd

See also

  • ##passwd: special sites
  • https://tanbinvest.dreamhosters.com/11453/noway2protect-against-remote-brute-force-hacker/

This is a loose guide on how to characterize various sites.. No perfectionist please.  “Enum” style classification is time-consuming, unnecessary, impermanent,,,.

“Site” := any authentication system, including smartphone.

xp [citi.sg,,,]: If you have already come up with a unique password for a site and use it long enough to build an “association”, then you can stick to that forever. However, there’s a risk of leak.

Considering the site_trait list, here are the most vulnerable sites, half ranked by AUM

  1. maybank khm .. has kill counter
  2. PNB.. has kill counter, and is set up on single device only. No 12H cooling off.
  3. BofA .. has kill counter + 2FA / 3FA [emailOTP, 6-digit ATM PIN]
  4. citi.NA .. has kill counter

— site_trait::restriction 🙂 2FA .. less dangerous (but still dangerous) to have a stock/shared password.
* Most banking sites use 2FA-on-logon.
* Many banking sites use 2FA-on-unrecognized-device .. Citi.NA, Robinhood,,,
— site_trait::restriction 🙂 kill counter .. a G2 crucial server-side protection. Financial sites are /trigger-happy/ and vigilant — would lock you out after a few failures. If a financial site lacks this feature, then it is inadequate, a sitting duck.

Smartphone has it.
— site_trait::restriction 🙂 12H cooling off after adding payee, account contact changes, transfer limit increase,,,
— site_trait::restriction 🙂 daily quota .. ATM card
— site_trait 🙂 passwd Dram-refresh  #Can help us remember other sites’ passwords 🙂
LAN passwd; Singpass; Poems;;;
— site_trait 🙂 easy passwd reset, with local /in-person/ support
eg: banks with local branches
.. in contrast, Many overseas webank/mobank are hard to reset 👎, like PNB, Maybank.khm.  See ##special sites’ pw/userid
eg: UChicago is better .. had received huge school fees from me, and has a decent IT department to service alumni network.

— site_trait: some require complex 👎 passwords, but luckily inaccessible from open internet[3] 🙂
tip: Use explicit hints
tip: Save more explicit hints in blog and recoll
— site_trait::restriction 🙂 [3] inaccessible from open internet
eg: ATM
eg: http://192.168.18.1 … eng xxxxxxxx !1
eg: mlphone
eg: mlp RSA pin
eg: personal or company computers
===== security traits /beyond/ password authentication
— site_trait::restriction 🙂 money lock
— site_trait::restriction 🙂 transfer to 3rdParty unsupported .. Poems (better double-confirm)
— site_trait 🙂 kill switch by self-service or 24h hotline
— site_trait: essential .. I tend to feel a large number (like 30) of sites are essential, but I had better pick no more than 10 as really critical, and think carefully about them.
* github: access; tampering
* overseas banks: access
* Rbh .. access;

Leave a Reply