Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
zx8080 10 hours ago

The biggest problem is banking system. "Don't want - no bank for you". That's the problem.

Hackbraten 4 hours ago | parent [-]

Let them know. Write a letter to the CEO. And vote with your wallet and switch banks if you can. There's always a bank willing to offer you a non-app 2FA scheme.

gorgolo 2 hours ago | parent | next [-]

Banks don’t do this because of profit. They do it because of decades of laws pushing in this direction. Anti-money laundering, know your customer, digitalised currency, abandoning cash, preventing tax evasion etc… it’s been getting more extensive over time.

Hackbraten an hour ago | parent [-]

None of the things you mentioned inherently require the user to own (and babysit) an expensive general-purpose computing device produced by tracking-obsessed adtech giants and with software obsolescence built into the product.

brabel 2 hours ago | parent | prev [-]

Do you think banks are using attestation gratuitously? It helps prevent a lot of fraud. You are opposing something that saves people’s savings every day just because you think it takes “freedom” away from a few hobbyists. Do you even have a phone that does not support hardware attestation or is all this posturing about something hypothetical?

xinayder 40 minutes ago | parent | next [-]

Can you show me examples where locking down an OS has prevented fraud in banking?

Honestly, if the only way to secure your banking system is by locking down users' devices, there is something really bad going on at your end, security-wise. Your system should be secure even without locking down user hardware.

Hackbraten 27 minutes ago | parent [-]

One of the threat models is that a fraudster tricks a non-technical user into installing malware, which then manipulates the user interface so that next time the user tries to send money to Bob, it actually goes to Mallory. That's a legitimate concern, and one of the causes why PSD2 mandates that all 2FA devices must have a display that shows the user where they're about to send the money and how much.

Hackbraten an hour ago | parent | prev [-]

> Do you think banks are using attestation gratuitously?

What I'm claiming is that banks have the freedom of offering their customers 2FA other than smartphone apps.

> Do you even have a phone that does not support hardware attestation or is all this posturing about something hypothetical?

All the phones I own, including my daily driver, run some flavor of Debian. None of them support hardware attestation.

I'm in Europe, bound by PSD2, and own a couple of cheap, certified chip-and-TAN devices so I can do banking.