It all depends on your risk profile as to whether this type of authentication is sufficient. Sites doing anything remotely involving money are at greater risk of being hit therefore their security needs to account for this. Putting passwords on the internet which is equivalent to having details you use for authentication in public records, would be a bit silly.
I don't buy the argument that a security system you need to lie on is not a good one. Security is an onion, it comes with many layers you can't assure a third party service easily so you've got to add layers to that onion, even if that means being a liar.
That said security is also a trade off with the lowest common denominator - user.
I don't buy the argument that a security system you need to lie on is not a good one. Security is an onion, it comes with many layers you can't assure a third party service easily so you've got to add layers to that onion, even if that means being a liar.
That said security is also a trade off with the lowest common denominator - user.