

Verity Credit Union changes all member passwords to birthday + last four of SSN - EricButler
https://www.veritycu.com/

======
cdine
Has anyone else had experience with onlinkbank.com? That's the service which
Verity has switched to for their online banking, which uses a single domain
for all of their customers it seems (e.g. if You're with financial institution
X you access your online banking via <https://command.onlinebank.com/X/>)

It just looks sketchy, you have same-origin issues potentially, and their UI
is horrible leading me to believe they probably don't have high overall code
quality.

In addition to setting the passwords as described, they also make the user pad
their username with leading 0's because their app can't handle <8 char user
names. That's ridiculous on so many levels, I don't need to elaborate why
here.

~~~
EricButler
Not only that, but many people's default usernames included the last four of
their social, if not the entire thing!

