> I think we all know the answer to that question :)
May I ask-- for those not in the know --that what is it? :) From your comment I'd infer that username/password, but that hasn't been the case for many years, at least at the banks I use (in Europe).
If he's using headless Chrome then it's likely form filling. I.e. just automatically typing in the answers to the authentication prompts on the pages as you'd normally do when you log in. Most banks, even those with TOTP or alternate MFA methods, allow you to login with standard authentication details to get access to statements and not make any changes.
May I ask-- for those not in the know --that what is it? :) From your comment I'd infer that username/password, but that hasn't been the case for many years, at least at the banks I use (in Europe).