1Password Writes Open Letter to Banks, In Response to Recent TD Canada SNAFU


Last week TD Canada’s social media team on Twitter provided some really, really bad password advice, in response to a customer’s concern their latest iOS update removed the option to paste in the password field.

Essentially, a member of the bank’s social media team suggested to the customer “your password should be committed to memory rather than using a password mgr.” Ouch.

Screenshot 2015 03 20 12 31 14

Of course, thanks to this SNAFU (the tweet has since been deleted; the social media team’s names and faces have been removed), a social media firestorm ensued and everybody quickly jumped on TD Canada for providing horrible advice.

While this was the result of one misinformed social media employee who clearly didn’t understand how password managers like 1Password works (and probably feels terrible), the damage was done.

TD Canada did  follow up with customers to note they are working to address the lack of paste in the password field and that the “use of a password manager”, which gives hope for integration with popular password managers like Canada-based 1Password.

AgileBits, the makers of 1Password, today wrote an open letter to banks about how easy it can be to integrate their API into existing banking apps. Below is a snippet:

Many of the ‘security measures’ you have put into place serve only to make it much more difficult for those of us who rely on password managers. Password managers are not your enemy here. In fact, encouraging the use of trusted password managers will do more for your users’ security than any of the measures you currently have in place.

You have an awesome opportunity here. Take the time to educate your users on the value of true security. Encourage users to adopt long, random, and unique passwords that never need to be stored in their brains. Make it easy for password managers to store and fill these secure passwords for your users (in web browsers as well as in mobile apps).

For users that utilize long, complex passwords full of unique characters and numbers, the TD Canada iPhone app has become useless right now, as logging in is impossible without looking at your password and manually inputting it, an absolute burden (#firstworldproblems).

Let’s hope TD Canada and other banks consider integrating password managers such as 1Password into their app. Tangerine’s iPhone app uses Touch ID as a way to authenticate, why can’t other banks too?


  • z

    That’s what TD gets for hiring idiots to mange their social media account. I really can’t believe a large corporation will hire and continue to employ “SB”, someone who can’t spell out “thx”, “ur” [although he/she uses “your” two words later], and “mgr”. Not sure if TB is just trying to be “hip” by likely having some young lowly paid student running their social media account, because to me it just looks plain unprofessional for a company like this to tweet without proper use of English. /rant

  • Anthony

    I assume they’re probably just trying to do the best they can with Twitters character limit.

  • Chris

    If you’re going to call someone out for proper use of English, might be a good idea to check your own over. TB!!!

  • AnArcticMonkey

    Welcome to new marketing, you have 140 characters.

  • ipostic

    I think people are slightly overreacting here. Are we judging the whole TD by someone’s stupid mistake? Social media for customer relations is somewhat of a new concept and it’s hard to regulate it with bunch of policies of what to say and what not to say. Too much policies will result in general useless responses. Too few policies will result in fuck ups like this one. /SB screwed up and now TD is in damage control mode, but seeing some responses about the bank being “morons” and someone leaving bank because of it? Common. TD hires those who are willing to work these probably not so attractive jobs as social media customer service. I doubt there is a line up of highly skilled people applying to talk on Twitter. But that’s just my opinion.

  • Greenlimecrush

    I was so frustrated a few months ago whe the CIBC mobile app did the same thing with disabling paste in the password field. They have since brought it back. Now if they’d only integrate with TouchID.

  • Russell Porter

    What’s the big deal. Remember your passwords. That is the best practice.

  • shuriken48

    It’s not just TD, my father and mother have accounts with Desjardins & BNC and they were also told not to use Lastpass because it was not secure to do so and this is on a computer as well as on their iPhone. 🙁

  • lol

    Z you ignorant slut

  • Lame

    What a lame post

  • moz

    Sorry but I must disagree. I have a little bit more than 50 completely different passwords and some of those account are sometime not used for an extended period of time (resulting in password being forgotten). Best practive is to reset your password every once i a while. With all those complex passwords that are not reused remembering is not feasible anymore.