HackerTrans
TopNewTrendsCommentsPastAskShowJobs

gtkspert

no profile record

comments

gtkspert
·el año pasado·discuss
You have to think of a Bank's threat model though.

Account compromise is one threat, but the use of valid accounts for money laundering is another. In my view the reason they "get it wrong" is because they don't want you to be able to automate transactions, as that makes money laundering easier...

Therefore, they don't want to use standard TOTP because that's easy to automate. Requiring SMS based 2FA is harder (but not impossible, use a modem or maybe a SMS service.) And requiring a special app is quite difficult to automate.
gtkspert
·el año pasado·discuss
Is there a way off Authy yet?