Log In
Register
Topic RSS
Facebook
Twitter
Email this4:04 pm
March 30, 2022
Offline
Tangerine now requires 12 character passwords.
1:55 pm
March 15, 2019
Offline
BK said
Tangerine now requires 12 character passwords.
Is that only for new customers?
1:59 pm
September 24, 2019
Offline
COIN said
Is that only for new customers?
I am a long time client started with ING Direct. I had to make up a new password with Tangerine about a week ago. They said to use the old number password with bank card.
2:12 pm
April 21, 2022
Offline
COIN said
Is that only for new customers?
No, it has been an option in the settings menue for several months, just that they are randomly notifying clients to create a new 12 character password. There's nothing to stop any other client that has yet to be notified from changing to it now. For those clients, it's optional until it isn't.
8:34 pm
April 14, 2021
Offline
I was just forced to create a new PW for Tang. It simply would not allow me to proceed, otherwise. I retain the old 6-digit code for phone transactions.
5:48 am
October 13, 2011
Offline
This one hasn't made it to the promo page yet (for any admin who might see this).
7:30 am
April 21, 2022
Offline
mr P. Pincer said
This one hasn't made it to the promo page yet (for any admin who might see this).
Which " one " are you referring to? Usually when there's something new, folks here are quick to comment on it, if it's worthwhile.
9:09 am
January 3, 2009
Offline
BK said
Tangerine now requires 12 character passwords.
It's not the size of the password, it's how you use it.
By requiring larger and more complex passwords, most peoples accounts will actually be less secure, but this, 2FA etc etc are all more effective ways to protect their bottom line by avoiding paying the cost to have proper and secure infrastructure, while at the same time putting the blame on the user for not having a good password or for not keeping their information secure. It's win win for the business.
3:07 pm
October 13, 2011
Offline
JohnnyCash said
Which " one " are you referring to? Usually when there's something new, folks here are quick to comment on it, if it's worthwhile.
I was referring to the topic of this thread. An admin has added this new promo to the promo page now 🙂 Thanks!
3:15 pm
April 21, 2022
Offline
mr P. Pincer said
I was referring to the topic of this thread. An admin has added this new promo to the promo page now 🙂 Thanks!
Hmm, seems Tangerine is very selective on whom they'll target these days, in other words, hardly anyone wins the lottery anymore.
3:53 pm
April 27, 2017
Offline
phrank said
It's not the size of the password, it's how you use it.
By requiring larger and more complex passwords, most peoples accounts will actually be less secure, but this, 2FA etc etc are all more effective ways to protect their bottom line by avoiding paying the cost to have proper and secure infrastructure, while at the same time putting the blame on the user for not having a good password or for not keeping their information secure. It's win win for the business.
Shorter and simple passwords can be easily decrypted by algorithms, so… Not really.
The problem is usually at client’s side and that’s what 2FA is for. Security infrastructure is still needed; its not an either or.
6:37 am
March 15, 2019
Offline
JohnnyCash said
Hmm, seems Tangerine is very selective on whom they'll target these days, in other words, hardly anyone wins the lottery anymore.
I haven't seen an offer (except maybe one) from Tang (and Simplii) since forever.
12:42 pm
November 18, 2017
Offline
mordko: Shorter or simpler passwords cannot be decrypted since there no encrypted password for a cracker to work on. They can be more easily "brute-forced," though, by trying all possible configurations. But long before even a simple password can be found that way, one would hope the banking systems would notice the massive number of tries. Many will stop at 3 to 5 tries and say call the bank to unlock the freeze.
I NEVER got an offer from Tangerine while a client. When I called in and begged, they'd either offer half what others would get, even then sometimes wanting a promise I'd keep a lot of cash in there - $85K on the last occasion.
RetirEd
2:20 pm
April 27, 2017
Offline
RetirEd said
mordko: Shorter or simpler passwords cannot be decrypted since there no encrypted password for a cracker to work on. They can be more easily "brute-forced," though, by trying all possible configurations. But long before even a simple password can be found that way, one would hope the banking systems would notice the massive number of tries. Many will stop at 3 to 5 tries and say call the bank to unlock the freeze.I NEVER got an offer from Tangerine while a client. When I called in and begged, they'd either offer half what others would get, even then sometimes wanting a promise I'd keep a lot of cash in there - $85K on the last occasion.
At 1B guesses/sec a lower case 6 character password takes 0.3 seconds to “crack” at most. Leaked credentials can be deciphered on offline machines without alerting the bank.
8:03 am
November 18, 2017
Offline
mordko:
Leaked credentials can be deciphered on offline machines without alerting the bank.
Huh? Sure, those billions of combinations can be run through quickly, but the computers responding to them are just as fast! And how does one know if one has found the password "on offline machines" without having the bank's machines respond?
More and more systems are being configured to stop after a few trials, or increase the response delays with each trial. My home computer, running Linux, is configured to take longer and longer with each wrong password.
RetirEd
10:37 am
April 21, 2022
Offline
RetirEd said
mordko:Leaked credentials can be deciphered on offline machines without alerting the bank.
Huh? Sure, those billions of combinations can be run through quickly, but the computers responding to them are just as fast! And how does one know if one has found the password "on offline machines" without having the bank's machines respond?
More and more systems are being configured to stop after a few trials, or increase the response delays with each trial. My home computer, running Linux, is configured to take longer and longer with each wrong password.
In most cases, cracking the password is one thing, figuring out the username that goes with it is another.
Please write your comments in the forum.