| ▲ | actionfromafar 10 hours ago | ||||||||||||||||||||||
Apparently there are special auth apps storing things in secure-enclave-ish parts of the OS. Not a great match for websites. | |||||||||||||||||||||||
| ▲ | cogman10 9 hours ago | parent | next [-] | ||||||||||||||||||||||
No, that's just BS. The web has a secure storage standard and OAuth + MFA is just as secure as anything your bank could cook up in an app. In fact, I'd be shocked if banks did a better job of security in their apps vs what browsers and standard auth flows provide. Banks just like selling the idea that "if it's encrypted, it's secure". But trust me when I say this, bank security across the board absolutely sucks. The company I work with does financial data ingest and... yeah... There's more than a few institutions where we had to pull teeth to get them to send stuff through an encrypted transport (SFTP, for example, they want to just use FTP). | |||||||||||||||||||||||
| ▲ | coldtea 6 hours ago | parent | prev [-] | ||||||||||||||||||||||
The OS/browser could give this capability to web apps via an API. | |||||||||||||||||||||||
| |||||||||||||||||||||||