A. your country

ur a meem

>burger
>username, password

Username/password is all any application should ever ask of its users. Provided you don't use stupid passwords there is no need for 2FA or any of the other retarded security schemes.

UK.
Username, answer to a question and random letters from a password to access basic account.
To move money or pay something you have not paid before then you need a secure token from an app (different password)

>answer to a question
This is terrible security on the bank's behalf.

a. Finland
2.Enter username and password
Then second verification by already printed codes in a card where you look key (password) for the lock
>soft
Nothing mandatory, just use the browser, but you could get more out of when installing a application to your phone to sperg your money situations

Its a not a mothers maiden name style question.

All the site says is :
Username:

memorable answer:

Characters 4,12,15 from password:

>uk
>terrible security
See >petition.parliament.uk/petitions/131215
Britbongs are fucken dumb

>Characters 4,12,15 from password:
This is very questionable security. Either they're storing passwords in plaintext (dear god...), or they're storing a salted hash of each character in the password.

Netherlands
A device that generates code for each action (e.g. logging in, transaction, deposit) you make through the banking website.

Most banks allow you to log in using username/password or phone authentication through your MAC address. You have to change your password every few months or so.

Pic related, one of those devices.

we have these in the uk too

As opposed to burgers username plus password?

Anyway as i said this only gives very basic account access.
To do anything else you need a token from a registered smartphone app which involves another different password.

I may ask about password security and hashing now you have mentioned it though.

>Characters 4,12,15 from password:

What the fuck? Does this mean they're storing plain text passwords?

Better question: why the fuck aren't they asking for the full password?

Most seem to require a certificate or a hardware keygen.

I was here to laugh at your terrible online petition system which every can do from different countrys.
Hell even (((((North Koreans)))) participated to this

a. México
2. Gotta go to the main office and request the feature, they make you sign a bunch of stuff and give you a hardware authentication device. Log in with password + authentication device.

A. Not US
B. Website, use/pass and token, depending on the bank and if it's a personal account. If it is a company account, user/pass token and in some cases also annoying piece of shit verisign certificate that only works on IE10/11.

Mobile apps in general are shit.

>or they're storing a salted hash of each character in the password.

Isn't that pointless?

If you have the character hash + salt you could crack the character in under a second. The full password in seconds.

>What the fuck? Does this mean they're storing plain text passwords?
They can also be storing a salted hash of each individual character, but I don't know if they would do that due to storage limitations.

What bank is this?

i am forced to use javascript to identify me

A. Germany

B. I got some wierd-ass device that looks like a calculator I'm supposed to use to get a code for every transaction. The login into banking account is either a 12 digit password or though an ID card scanner.
But before that I have to read through 10 pages of crap and sign in 3 places.

I never went through with it, the unsigned papers and the device still lie around somewhere in my room.

Instead I just linked it to my paypal.

1. two password, one you type and the second you have to clic on randomly placed digits.
B. paying online require a second auth with your phone

>France
>Enter bank account number and 6-digits password on a virtual keyboard, or use the app with a 4-digits password.

>Bulgaria
>Create certificates, no fucking way to make it work on my phone, ublock and NoScript would completely wreck the website, thousands of possible actions, including paying power and heating bills.
>Have to fill out a paper form to make a money transfer.

1) password
2) random digit of my pin
Every transaction: tan from list, which was send by mail
Banks can store the secondary password in plain text but additionally they have other means to prevent fraud.
At least here their insurance covers everything, if you account was breached.

>Finland
>A web browser
>Username (that you cannot choose yourself) and a pin (four digits)
>A single use code from a code card issued to you by the bank
If it were anything less I would be extremely paranoid to use it.

Welcome to Cred Forums! Enjoy your stay.

a. Norway
2. Javascript enabled browser, OTP generator

All the banks use the same authentication flow, but backed by different banks. Sort of like OpenID.

Once you have a secure bank login from one bank, you can use the same login to access government services or to sign up for another bank.

It's actually pretty awesome. Beats the shit out of my BankOfAmerica with SMS 2fa.

> Brazil
> account agency and number
> two six digit passwords, one to use online and you need the atm one to make transactions
> on smartphone sms token and a one device only token certificate similar to 2step authentication that can only be activated by the sms token
> on windows needs token and a shitty warsaw program installed

Hahaha I can't believe it! Chinks come here to figure out how to hack bank accounts xD

>Austria
>a 12 character username
>a 5 character PIN, can be changed for a digital signature, password or both

To actually withdraw money, you have to enter a number sent to you via SMS which is valid for only 5 minutes.

>Salted hash of each individual character
Nigger what. That'd be insecure as hell and cracked within minutes unless you use a different salt for every single user and character.

Only Brazil use Warsaw.
I can't understand that shit. Also JVM qtf