Marcus bank just doesn't get it!
They keep insisting on using the email address as a login ID ignoring the very basic rules for security.
The email address is an easy ID to be found by hackers, the customers should be able to pick a unique user ID and have the capability of changing it in case it is compromised.
Only the cheap unsecure websites use email addresses as login IDs. I think we should expect better from a bank website.
This seems an indication that Goldman Sachs has an IT department made by incompetent people that are ignoring the basics of online security.
The canned excuse letter from Marcus Bank is that they have dual-factor authentication, that doesn't mean much, every bank has that, the problem is that they are ignoring the first basic security rule of using a unique ID instead of a public email address.
This bad practice has been going on for years since they took over the operations of the previous bank and made a lousy web site for Marcus Bank.
There were none of these security issues with the previous GE Capital online bank which had a much better website too.
Wake up Goldman Sachs or you will lose your customers.
Bottom Line: No, I would not recommend this to a friend