The 2-factor SMS messages usually say: "Do not give this code to anyone! The bank will NEVER ask you for this code!".

The sideloading warning is much much milder, something like "are you sure you want to install this?".

JoshTriplett 6 hours ago | parent | next [-]

You'll then get more warnings if you want to give the sideloaded app additional permissions. And if they want to make the sideloading warnings more dire, that wouldn't be nearly as unreasonable.

▲

thefounder 6 hours ago | parent | prev | next [-]

the main issue is the bank using sms and OTP apps instead of something like passkeys and mandatory in bank setup.

▲

RobotToaster 4 hours ago | parent [-]

One of my banks uses a card reader and pin to log in, seems more secure.

	▲	microtonal 2 hours ago \| parent \| next [-]
		Pins can still be phished. Just make the phishing a live proxy resembling the real site. A fundamental difference with e.g. FIDO2 (especially hardware-backed) is that the private credentials are keyed to the relying party ID, so it's not possible for a phising site to intercept the challenge-response.
	▲	thefounder 43 minutes ago \| parent \| prev [-]
		That’s just as bad. You need to take out the human error out of the equation.

▲

hollow-moe 5 hours ago | parent | prev [-]

> The bank will NEVER ask you for this code!

> Please enter the code we sent you in the app.

lol, lmao even