Bank resetting customer passwords to SSN's en masse - have they thought this through?

Most such mechanisms force you to click a link in an email, no? A cracker now needs your email as well — are you telling me the bank doesn’t even adopt this simple safeguard?

My bank required me to telephone in (using a separate verbal password) when online password was reset :slight_smile: , though I think they now have an online automation to do it. :dubious: