Hacker News new | past | comments | ask | show | jobs | submit login

Are you absolutely sure about this (would love a reference)? Letting another party running code removes at least many layers of defence. I would not trust a bank which is doing that it's just a sign of gross incompetence.

2FA should at least in theory stop them from doing that. But if the script rewrites the page then maybe there are interesting ways around that.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact