top | item 21204308

(no title)

erva | 6 years ago

My wife had the same thing happen to her but luckily our bank clearly says that this is a password reset pin code (don't share with anyone) type of message along with the pin code in the SMS. So, my wife refused to give it to the person on the phone.

A better sms password reset flow would be to first send a text asking "A password reset has been initiated. Was this you? Reply: YES or NO". Then after a YES confirmation they send the reset code along with the same big "Don't share with anyone on the phone" message.

discuss

No comments yet.