Comment by actionfromafar
10 hours ago
Apparently there are special auth apps storing things in secure-enclave-ish parts of the OS. Not a great match for websites.
10 hours ago
Apparently there are special auth apps storing things in secure-enclave-ish parts of the OS. Not a great match for websites.
No, that's just BS.
The web has a secure storage standard and OAuth + MFA is just as secure as anything your bank could cook up in an app. In fact, I'd be shocked if banks did a better job of security in their apps vs what browsers and standard auth flows provide.
Banks just like selling the idea that "if it's encrypted, it's secure". But trust me when I say this, bank security across the board absolutely sucks. The company I work with does financial data ingest and... yeah... There's more than a few institutions where we had to pull teeth to get them to send stuff through an encrypted transport (SFTP, for example, they want to just use FTP).
The OS/browser could give this capability to web apps via an API.
That would be a breeding ground for malware.
The capability to ...read their own keys that they set up?
You mean like the android play store already is?