- BennettRookieCO2 Saver
The bunq account can only be secured with a 6 digit numeric PIN, by today's standards that is not remotely secure.
I would like to set a longer random password and copy it from my Password manager when needed.
More secure Passwords
JakobProdigy
@Bendodroid#220738 To login on a new device, as long as you're not restoring from a previous backup of your old phone, you need to click on a magic link sent via SMS / e-mail. An attacker cannot just access your account by just having your 6 digit PIN, they would also need full access to your device. This makes bunq's system more secure than most other online banking environments that aren't based around only giving access to trusted devices.
bunq used to also have longer passphrases (at least for certain situations) earlier, but they didn't give a lot more security in the real world and only led to a lot of people forgetting them and losing access to their own accounts. Of course with a password manager that probably wouldn't happen, but I think bunq's trying to find a way of authentication that doesn't allow people to shoot themselves in the foot.
- BennettRookieCO2 Saver
@Jakob-Y#220764 But still, if someone were to gain access to my email account, they now only have to guess 6 numerical digits. I would like the option to make them guess 40 random digits. A lot less likely to guess right before hitting rate limits.
And let’s assume, for the sake of argument, that the rate limit implementation or something else in the software backend has a bug giving an attacker unlimited tries. If the password check still works, guessing 40 random characters makes it a LOT harder to gain access to an account. I understand that people lose access to passwords, but I would like to at least have the option.