Is the Wells Fargo Mobile App Anti-Security?
It is always interesting to me how banking apps, both web and mobile, specifically making a smartphone or tablet app very hard to use if you use a password with high entropy (see this Wikipedia article on password strength and especially “Entropy as a measure of password strength“).
Since I use a password manager (LastPass) with literally hundreds of sites in my ‘vault’, I use very strong passwords. They are comprised of upper/lowercase letters; numbers; special characters; and are ones that make it simple to have quite strong passwords for anything that matters (and they’re all different!).
So what do I have to do on my iPhone? Open my LastPass vault app; login to LastPass; find my Wells Fargo account; touch it and, in the popup, choose “Copy Password”; and then open the Wells Fargo app and choose the Password field; then choose “Paste”.
EXCEPT THE WELLS FARGO APP DISALLOWS PASTING A PASSWORD IN THE PASSWORD FIELD!
The problem is this: There is NO way I could ever remember my password since it is so long and contains so many characters of different types. Curiously the Wells Fargo app also disallows pasting anything in to the Username field…so I can’t even do a workaround by pasting my high entropy password temporarily in to the Username field and then typing it in the Password field.
Get your shit together Wells Fargo. With this app developed this way you are DISCOURAGING THE USE OF STRONG PASSWORDS!
Of course, they do say on their website here that, “We take your privacy and security very seriously. Read about why our mobile banking services are secure. Learn more…” but I’m not going to dumb-down my password to use their mobile app.