0

I was about to signup for ebanking solution, but then noticed their instructions for forgotten password are: Create a new account.

So there's no option to reset your password, just a suggestion to create a new account. No mention of what happens with the old account.

My concern is - does this hint at insecure or flawed app design? Would I be better off not to sign up? Is there any reason why password reset would be handled this way?

Improve this question
1
  • What are the exact instruction and context? What kind of credentials are used to create the account? If these are the same account credentials as used for the current account than this might not actually be a new account but just an activation of the existing one with a new password. Also, the bank might not offer an online reset of the password for security reasons but instead requires you pass through the full security process necessary for a new account, which might involve getting a letter from the bank to the registered address. But all of this is just speculation due to lack of context Commented Aug 16, 2024 at 15:27

1 Answer 1

Reset to default
1

Yes I would say this is insecure design. After all, ability for a user to change their password is requirement 2.1.5 of the OWASP ASVS.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.