Honestly it blows my mind that my bank doesn’t support TOTP, they used to support email but recently removed that, they do support mobile push to their app so I usually use that but when you want to sign into the mobile app? Have to use SMS can’t very well push notify the app being signed into, no choice, very silly.
Xbox has all of microsoft behind it, and they linked xbox accounts with microsoft accounts many years ago, allowing them to leverage all the security tools they’re making for themselves and corporate customers of Azure/Entra. They also effectively have infinite money.
Banks, surprisingly, do not. They also are often using third party systems under the hood for things like online access to your account. Those third parties tend to have less money than a bank.
Laws can’t keep up with tech developments in security, and getting all your ducks in a row to be legally covered in the finance industry is a fucking nightmare.
Lastly, banks (and companies) don’t stay afloat by spending money on things that aren’t necessary. Until it shows a significant impact through a breach or in customers leaving specifically for the reason of lackluster MFA options, and until that impact is easily communicated to the executives, trying to fight for some budget to improve shit is an uphill battle.
I am so so glad that the closest my work gets to customers, legal, or anything regulatory is data rentention policies.
Really?
My banks use the best 2fa I’ve seen so far. You have a card-reader which generates a code based on some input values related to the transaction and the physical chip on my bank-card.
(Although they have been pushing PuhsTan (app on phone) a lot recently :/)
My bank (German, just like needanke’s probably is) requires that exact 2FA method once every 3 months or whenever you login via an unrecognized device. Also for every transaction you make and when you want to check bank statements more than 1 month in the past.
I am a software developer at a big bank. The hoops we are forced to jump to just do our jobs are ridiculous.
We resorted to using buggy and laggy remote development environments through a slow VPN.
It’s a miserable life, but at least the pay is good.
And yet you all are still using SMS two factor authentication. Why does my Xbox video game account have better security than my money?
Honestly it blows my mind that my bank doesn’t support TOTP, they used to support email but recently removed that, they do support mobile push to their app so I usually use that but when you want to sign into the mobile app? Have to use SMS can’t very well push notify the app being signed into, no choice, very silly.
Xbox has all of microsoft behind it, and they linked xbox accounts with microsoft accounts many years ago, allowing them to leverage all the security tools they’re making for themselves and corporate customers of Azure/Entra. They also effectively have infinite money.
Banks, surprisingly, do not. They also are often using third party systems under the hood for things like online access to your account. Those third parties tend to have less money than a bank.
Laws can’t keep up with tech developments in security, and getting all your ducks in a row to be legally covered in the finance industry is a fucking nightmare.
Lastly, banks (and companies) don’t stay afloat by spending money on things that aren’t necessary. Until it shows a significant impact through a breach or in customers leaving specifically for the reason of lackluster MFA options, and until that impact is easily communicated to the executives, trying to fight for some budget to improve shit is an uphill battle.
I am so so glad that the closest my work gets to customers, legal, or anything regulatory is data rentention policies.
One is designed to securely collect and keep as much of our money as possible, and the other is just a bank.
Simple, it’s not a priority for them.
They care more about their stupid emails than about your money.
Really? My banks use the best 2fa I’ve seen so far. You have a card-reader which generates a code based on some input values related to the transaction and the physical chip on my bank-card.
(Although they have been pushing PuhsTan (app on phone) a lot recently :/)
To log in to your account online?
My bank (German, just like needanke’s probably is) requires that exact 2FA method once every 3 months or whenever you login via an unrecognized device. Also for every transaction you make and when you want to check bank statements more than 1 month in the past.
https://en.wikipedia.org/wiki/Transaction_authentication_number#ChipTAN_/_Sm@rt-TAN_/_CardTAN