@skylar @eriner @sapphire I have worked on bank software as well, I had to help retire a non-PCI compliant payment infrastructure system in 2006 because it literally could not be converted to be compliant. We looked at the task and gave them options and it was decided to self-terminate a billion dollar a year business rather than change.

did you know that banks were tried to force to do two factor by law, they couldn't stop the law but they got lobbyists to water down the legal definition of two factor to be "two things you know" so include that stupid shit like "favorite color" as the second factor and that is why every bank does that.