So we have an HSA with a local bank. It's a standard savings account as far as the bank is concerned.
Well, I forgot my password for their online banking and clicked the forgot password link. They had me put in my username and hit submit. The system then emailed me my existing password!! Not a link to reset it. Not a temporary password. My actual password!
Does this seem like a horrible security practice to anyone else? Should I push for switching banks (my work uses them solely for HSA accounts)? File a complaint with the bank? Am I overreacting?