I've noticed my bank doing shenanigans in order to prevent password managers from working well. It appears to be JS scripts that uppercase or lowercase the input field after posting but before the browser saves it. So it perpetually looks like I'm updating my password when I'm not. It literally just got populated by the browser.
What is the deal with banks being actively hostile to password managers?
One bank specifically I have to deal with will:
- Not allow you to paste a username/password (ctr+c/ctrl+v, right click disabled)
- Lastpass autofill doesn't work
- If the page loses focus, both user/password inputs are cleared, you get to start all over.
There is also a very small subset of special characters that are allowed.
If you do not reset your password as often as they'd like, you have to agree to waive any responsibility for any issues with your account before logging in.
SMS 2FA required, there's no other 2FA option.
After entering your 2FA code, the "proceed" and "cancel" buttons are the exact same shape and color and I've hit the wrong one multiple times, in which case there is also SMS 2FA cool down and you have to wait 15 mins to start all over again.
It's absolute insanity and every time I have to login its an adventure.
