Found from the login URLs - Unrestricted redirect vulnerability:

https://www.capitalone.com/redirect/?dest=https%3A%2F%2Fgoog...

Makes phishing links seems authentic.

Who wants to report it to them?

good catch. I reported it to abuse@capitalone.com

Think they'll understand?

yes

This is at least partially due to it being a bunch of different legacy systems from different companies. I have two completely separate accounts with Capital One (one from ING before they were bought out, and one for my Capital One credit card), with the same user name. I would hope that they're working on integrating the systems, but I can't imagine it being a simple task.

I'm in the same boat but my accounts are all integrated now. My car loan, credit card, 360 checking, and 360 savings.

This is what happens when no one wants to work in technology at old outdate financial services firm.

Your statement doesn't make any sense. A quick search of LinkedIn shows:

    2,798 results for capital one software engineer

It's a company with a $50bn market cap, and ostensibly stable 9-5 employment. This is more of a symptom of having a ton of different products where people weren't interested or weren't able to create a unified login system.

Chalk it up to 'bad' engineering practices if you want, but not that there's no one to work at these companies.

You realize people take jobs at companies they don't want to work for all the time, right? So your statement is the one that doesn't make any sense.

Also worth noting, Capital One recently bought the powerhouse design shop, Adaptive Path. I think they recognize the need for for better UX

It's organization debt or the difficulty of getting such a large organization to gather enough inertia to make a move.

I don't even think it's bad engineering practice. It seems like rather reasonable and efficient UI.

12+ separate logins is, imho, neither reasonable nor efficient.

This is so, so very wrong - Capital One is crawling with software engineers, they're considered way ahead of most other FIs with what they're doing. The history of Capital One is why this happened - it has acquired so many things and grown horizontally so quickly that they're struggling to catch up.

I don't get it.

there are 16 different sign in pages for consumer products alone.

And therefore...?

it bothers the minimalists

yep. I rather like it -- all in one page - just scan the page. not 6 levels deep of menus and clicking.

I suppose they could have a single drop-down box and a login button.

really bad UX?

I get it, this link is important because it's really bad user experience to have so many sign-ins for a single bank. They need to unify this stuff, obviously.

Also: great title.

Doesn't seem great for accessibility the fact that all the 'Sign In' links also have the same link title;

“title="Link opens in a new window"”

http://www.paciellogroup.com/blog/2012/01/html5-accessibilit...

It's worse than that. I have a Capital One credit card and a Capital One 360 (nee ING) savings account. They have seemingly completely separate logins, but changing the password for one changes the password for the other.

If you click "Sign In" for Canadian Credit Cards... https://www.capitalone.ca/sign-in/

It's turtles all the way down!

What a quality Hacker News post.