| ▲ | const_cast a day ago | |
There are numerous TOTP services that we know are perfectly secure. They should just use one of those. These banks are assholes. They're trying to get you to download the app for advertising, marketing, and data collection purposes. Not security. | ||
| ▲ | tomatocracy a day ago | parent [-] | |
This is in part driven in turn by regulations like PSD2 in the EU requiring "Strong Customer Authentication". Most banks seem to have decided that a TOTP-style challenge does not meet the requirements of the regulation (this may even be an explicit ruling, I don't know). | ||