

Reverse engineering my bank's security token - Ecio78
http://blog.valverde.me/2014/01/03/reverse-engineering-my-bank%27s-security-token/

======
junto
Previous discussion from about a month ago with lots of comments:
[https://news.ycombinator.com/item?id=7009368](https://news.ycombinator.com/item?id=7009368)

------
soperj
I'd have to say that TD bank has the worst password reset I've ever seen. You
just need the persons access card number, and be able to answer one of 3
question(what's my favorite book ect) and you get to change the password.
Doesn't even notify the person.

~~~
nwh
On the polar opposite, my bank couldn't work out CSRF tokens and so just
blanket bans any use of the navigation. Use that back button? Logged out!

------
jrockway
Ah yes, RuntimeException for random application-level errors. Always a great
practice.

