Previous discussion from about a month ago with lots of comments: <a href="https://news.ycombinator.com/item?id=7009368" rel="nofollow">https://news.ycombinator.com/item?id=7009368</a>
I'd have to say that TD bank has the worst password reset I've ever seen. You just need the persons access card number, and be able to answer one of 3 question(what's my favorite book ect) and you get to change the password. Doesn't even notify the person.