So my bank asked me to check if my CC was already super secure. No idea why they need me to do anything to verify that, because… they are the ones who gave it to me?! But fine. Let’s do it.
I’m viewing this webpage fullscreen on my 24" 1440p monitor. There is a lot of screen estate. I receive the TAN. The amazing macOS feature doesn’t work, I have to copy & paste it like a neanderthal.1 I paste the TAN and click the only visible button on the page. The button that is right there next to the input. The form refreshes, no success notification, no redirect. Something is wrong. I quickly realize my mistake – the button says “Request new TAN”. Because for some reason that only the gods of webdesign can understand, the form has a scrollbar. And the actual submit button is hidden down there. Why?! If you suck so bad at basics like this, why should I believe you’re even remotely competent about security. Oh right, I shouldn’t.
If you send a TAN via SMS, please make it so that it’s possible to select it as a single word. Don’t add punctuation. We don’t have the technology yet to process such advanced data, and then I have to fight the smart AI while trying to manually select only the TAN and not the other characters with it. ↩︎