undefined | Better HN

0 pointsrsync4mo ago0 comments

Is this true?

The old, standard RSA number generator token key ring device is not permitted in Europe for authorizing bank actions ?

0 comments

fph4mo ago

Precisely. You can use and old-style hardware token that only generates numbers to log in, but not to authorize an operation such as a money transfer.

The requirement is called "dynamic linking" (the 2FA code must be tied to the specific transaction) and the relevant regulation is PSD2.

miahi4mo ago

There are "simple" hardware tokens that allow for that - you have to enter the amount and part of the destination IBAN and they generate a 2FA number based on that + probably the same number generator it uses for logins.

j / k navigate · click thread line to collapse

0 comments

fph4mo ago

Precisely. You can use and old-style hardware token that only generates numbers to log in, but not to authorize an operation such as a money transfer.

The requirement is called "dynamic linking" (the 2FA code must be tied to the specific transaction) and the relevant regulation is PSD2.

miahi4mo ago

j / k navigate · click thread line to collapse