HackerLangs
TopNewTrendsCommentsPastAskShowJobs

eairy

no profile record

comments

eairy
·2 tahun yang lalu·discuss
I'm security consultant in the financial industry. I've literally been involved in the decision making on this at a bank. Banks are very conservative, and behave like insecure teenagers. They won't do anything bold, they all just copy each other.

I pushed YubiKey as a solution and explained in detail why SMS was an awful choice, but they went with SMS anyway.

It mostly came down to cost. SMS was the cheapest option. YubiKey would involve buying and sending the keys to customers, and they having the pain/cost of supporting them. There was also the feeling that YubiKeys were too confusing for customers. The nail in the coffin was "SMS is the standard solution in the industry" plus "If it's good enough for VISA it's good enough for us".
eairy
·2 tahun yang lalu·discuss
[flagged]