Reply to post: D'oh !

Sealed with an XSS: IT pros urge Lloyds Group to avoid web cross talk

Gerry 3
Facepalm

D'oh !

The Halifax website has a very obvious weakness: the password characters entered via the drop down menu are displayed permanently rather than momentarily.

Their 2FA is also poor because it relies on an SMS. They've never considered that mobile numbers can easily be hijacked.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021