Last week TD Canada’s social media team on Twitter provided some really, really bad password advice, in response to a customer’s concern their latest iOS update removed the option to paste in the password field.
Essentially, a member of the bank’s social media team suggested to the customer “your password should be committed to memory rather than using a password mgr.” Ouch.
Of course, thanks to this SNAFU (the tweet has since been deleted; the social media team’s names and faces have been removed), a social media firestorm ensued and everybody quickly jumped on TD Canada for providing horrible advice.
While this was the result of one misinformed social media employee who clearly didn’t understand how password managers like 1Password works (and probably feels terrible), the damage was done.
TD Canada did follow up with customers to note they are working to address the lack of paste in the password field and that the “use of a password manager”, which gives hope for integration with popular password managers like Canada-based 1Password.
@eric_tucker Hi Eric, we're working 2 address the issue preventing password copy/paste & the use of a pw manager. Stay tuned 4 updates
— TD (Canada) (@TD_Canada) March 20, 2015
AgileBits, the makers of 1Password, today wrote an open letter to banks about how easy it can be to integrate their API into existing banking apps. Below is a snippet:
Many of the ‘security measures’ you have put into place serve only to make it much more difficult for those of us who rely on password managers. Password managers are not your enemy here. In fact, encouraging the use of trusted password managers will do more for your users’ security than any of the measures you currently have in place.
You have an awesome opportunity here. Take the time to educate your users on the value of true security. Encourage users to adopt long, random, and unique passwords that never need to be stored in their brains. Make it easy for password managers to store and fill these secure passwords for your users (in web browsers as well as in mobile apps).
For users that utilize long, complex passwords full of unique characters and numbers, the TD Canada iPhone app has become useless right now, as logging in is impossible without looking at your password and manually inputting it, an absolute burden (#firstworldproblems).
Let’s hope TD Canada and other banks consider integrating password managers such as 1Password into their app. Tangerine’s iPhone app uses Touch ID as a way to authenticate, why can’t other banks too?