grep jason_

Example NaN Of Poor Security Practices

I needed some specific bank statements from my bank to send to someone else for a transactional record. 🏦

How The Process Went

  1. Called my bank to request the specific statements as pdfs. (yep. called.) ☎️

  2. My bank said they would send me the encrypted pdfs via email and send me the password separately via the online banking communication system. Ok cool, that's easy enough. Also, thanks for not sending my personal banking info as clear text through email! 📧 🔐

  3. Received the emails in my email, and they opened right up.. No password needed. Hmm. Ok, well, I guess they forgot to actually encrypt them..? Nice. 🤷‍♂️

  4. I forwarded the pdfs along to the party that needed them and assumed I was done. I then got a reply from them asking for "the password to unlock the pdfs." WTF?! 🔓

No idea what they used to "encrypt the pdf" but apparently that security only goes as far as the Windows operating system and does absolutely nothing when it comes to viewing the pdfs on a Mac via Preview, Quick Look, PDF Expert, or any other pdf viewer you can think of. 🤦‍♂️

As usual, security is given the least emphasis and lowest budget when it comes to securing our personal data. 😡