Share this page!

Madhu Menon Profile picture
Twitter logo
29 Nov, 11 tweets, 4 min read
Kotak Bank has a "new" Netbanking interface they want me to try.

But it does not support password managers or pasting passwords.

I won't use it. It's an asinine design decision.

You want people to reuse passwords? GAH!
My passwords look like this: 6&uEsN@7Cspci5^UAR*g
What usually happens when I post something like this is that some member of their "social media team" who does not understand anything about security or UX calls me up, listens to my feedback and tells me "feedback will be passed on to development team". And nothing happens.
And if Kotak Bank makes this design the default interface, I will immediately move my business elsewhere. This kind of thing would just be too painful for me to use. I'm not about to start using a password from elsewhere.
Why is disabling password pasting bad?

It prevents password managers that generate random passwords (more secure).

People will then reuse passwords they've used elsewhere.

You should never reuse passwords.

Why not reuse passwords? Keep reading...
Because websites are regularly breached. Passwords and hashes dumped in the open. (Subscribe to @haveibeenpwned)

If you use the same password for your bank as you used on example.com and that's breached, somebody potentially has a login they could try on your bank.
Password managers have features to generate completely random long passwords like T6gZ*b3#Xnyb&2PAnod7 (I just generated that in BitWarden). It remembers it for you. It's almost certain to not be someone's password or the same as you used elsewhere.
The password manager remembers the password for you (and it's encrypted). You just have to remember one master password to unlock your vault.
By disabling pasting passwords and denying the use of password managers, what Kotak Bank has done is force people to remember a less secure password.

Because nobody will remember XVYi*pbkueVc2Sy93v&!

They will use something shitty like Madhu2000!

(Yes, not *all* people.)
In the process, Kotak Bank has just made their banking significantly less secure.

Read this by @troyhunt - The only secure password is the one you can’t remember
troyhunt.com/only-secure-pa…
Also this: The “Cobra Effect” that is disabling paste on password fields
troyhunt.com/the-cobra-effe…

(A solution to a problem that actually makes the whole thing a lot worse.)
Heck, the National Cyber Security Centre in UK recommends allowing people to paste passwords: ncsc.gov.uk/blog-post/let-…

#security #ux

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Madhu Menon

Madhu Menon Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @madmanweb

Madhu Menon Profile picture
29 Nov
OK, it's definitely a problem with ACT but the way they responded to this tweet was hilarious.

1) Somebody calls to check if I'm home because they think this is a network connectivity issue. (It's not.)
2) Next, somebody calls and asks if he can take remote control of my system. Hahaha! No fucking way, I say. (I was more polite.)

3) Then he asks me to change my DNS provider. It's already using NextDNS so that's pointless.
4) Then we try to work out the issues by first using NSLOOKUP and then TRACERT, both of which work.

At this point, I ask him if it's working on *his* end because lots of people using ACT can't load squarespace.com either. And it's a very popular web hosting company.
Read 4 tweets
Madhu Menon Profile picture
1 Sep
OK...I'm going to type out my recipe for Chicken Ghee Roast. I should probably blog it but nobody reads blogs these days, so what the heck.

Long thread coming up...
Overview of Chicken Ghee Roast recipe.

Basic steps:

1) Make spice paste
2) Marinate chicken
3) Fry paste in lots of ghee
4) Add chicken
5) Cook till chicken is done
6) Reduce spice paste till it starts caramelising and sticking to chicken
Step 1: Spice paste

INGREDIENTS
Byadgi chillies - 15
Coriander seeds - 1 tbsp
Fennel seeds - 1 tsp
Cumin seeds - 1/2 tsp
Peppercorns - 2 tsp
Methi seeds - 1/2 tsp
Cloves - 3
Salt - 2 tsp
Jaggery - 2 tsp
Tamarind paste - 1-2 tbsp (check tartness)
Garlic cloves - 10
Ginger - 1/2"
Read 22 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get email notifications when new thread is out from this Author!

Check out other threads from this Author!

Read all threads by @madmanweb