And if you do, do you intentionally not use MFA (if it’s available) because you believe it should be those services making sure you are secure instead of you taking steps to make it harder to compromise your accounts?
Yep. We can discuss me using a second factor once they start designing their services better.
Payment on such sites is set to require approval via my bank (hardware token), I don’t care about the purchase history - so if somebody manages to breach the account and order something it’s entirely their problem, not mine. I’m aware they might close my account when confronted with that attitude, but I’m also fine with that.
so both sides have to take steps to secure a transaction
My passwords are stored locally encrypted, with the encryption key stored in a hardware token. The browser doesn’t have access to that. That’s already more than a lot of sites are doing for their security…
yet the minute you need to use a third party service, you let go and put everything on the service, KNOWING they are not doing a good job with it.
That’s exactly why I treat any 3rd party service as throwaway.