zerosleeps

Since 2010

NAB login

Friday 22 December 2017

Here’s the personal banking login page for NAB, one of the major banks in Australia:

Simple: a bit of branding, username and password fields, plus some decoration. It’s not a single-page webapp or anything, just a bog standard HTML form that results in a regular POST.

But man is it a trainwreck behind the scenes:

  • Hitting “Login” on NAB’s homepage opens the login page in a new, full screen, toolbar-less page. Try it on a 27-inch monitor…
  • Transfers over 1.3MB, including 10 individual CSS responses and 41 JavaScript responses (accounting for 1MB of the bandwidth). Forty one! For a dumb login page!
  • Sets a kick-in-the-pants away from 100 individual cookies

Oh, and they ask permission to track your physical location. I didn’t bother to find out whether NAB were asking or one of the dozens of other domains involved.

How does this happen? And how does it not get fixed? It’s been like this for years. I’d be ashamed of delivering something like this to customers, not because it really matters, but because of the negative message it sends about the level of care NAB puts into it’s customer-facing products.