HackerTrans
トップ新着トレンドコメント過去質問紹介求人

gtkspert

no profile record

コメント

gtkspert
·昨年·議論
You have to think of a Bank's threat model though.

Account compromise is one threat, but the use of valid accounts for money laundering is another. In my view the reason they "get it wrong" is because they don't want you to be able to automate transactions, as that makes money laundering easier...

Therefore, they don't want to use standard TOTP because that's easy to automate. Requiring SMS based 2FA is harder (but not impossible, use a modem or maybe a SMS service.) And requiring a special app is quite difficult to automate.
gtkspert
·昨年·議論
Is there a way off Authy yet?