The short form is that we pulled our plans ahead based on all the great feedback we received this week and implemented exactly what we should have done months ago. We used bcrypt. We used bcrypt. We used bcrypt. We used bcrypt. We used bcrypt. We used bcrypt. We used bcrypt. We used bcrypt. We used bcrypt.
The more complex piece is the identity verification tools we implemented. We previously used passwords as a crutch to determine with some certainty if the person on the other end of the phone was really the account holder. In retrospect that was just dumb, and my fault and my team has reminded me of that many times in the past 48 hours since the issue was initially raised here.
So again, thanks for all the feedback and holding us to a high standard so that we could get the the place where we should have been all along.
The more complex piece is the identity verification tools we implemented. We previously used passwords as a crutch to determine with some certainty if the person on the other end of the phone was really the account holder. In retrospect that was just dumb, and my fault and my team has reminded me of that many times in the past 48 hours since the issue was initially raised here.
So again, thanks for all the feedback and holding us to a high standard so that we could get the the place where we should have been all along.