Comment by vbezhenar
4 months ago
My bank had website which I can log in and just use. It does not force me to install anything. I need to type username, password and SMS code, that's about it.
4 months ago
My bank had website which I can log in and just use. It does not force me to install anything. I need to type username, password and SMS code, that's about it.
Every org doesn't provide that choice. If your child's activities class only communicates via an app and that is the only option in a given radius, rejecting that will mean you child doesn't get to do their activity. There are other examples that are more way more serious and make avoiding installing apps infeasible.
Because your bank isn't even trying to be secure, relative to what's considered industry standard.
Be grateful while it lasts.
Why do you think their bank "isn't even trying to be secure"?
Because SMS is not considered a secure 2FA mechanism anymore, and hasn't been for a while. If that's the default for that bank, and not GP going out of their way to pick a legacy access path, then they're about a decade behind what's considered industry standard -- which today is querying a second factor not just per login, but also per important operations (money transfers, dispositions, changes in settings), with the second factor being by default a smartphone with hardware and software integrity verified via remote attestation.
9 replies →