| ▲ | mvieira38 9 days ago | |||||||
With passwords, no account was even lost in the scenario for a recovery flow to start. An account recovery flow is only necessary because of the superfluous extra security, which will almost inevitably introduce more attack vectors than before (such as a social engineering attack through customer service) if the banks want to service customers like grandmas. | ||||||||
| ▲ | chimeracoder 9 days ago | parent [-] | |||||||
> With passwords, no account was even lost in the scenario for a recovery flow to start Given how common mandatory SMS 2FA is for banks, if thieves stole your unlocked phone, they have stolen your account too. | ||||||||
| ||||||||