undefined | Better HN

0 pointsstef2511y ago0 comments

You could do it for him. Google Authenticator is great. My bank uses 2FA but it's on some fiddly little calculator device that I never have with me.

Some sites (Coibase) do 2FA with text message which is also great.

0 comments

seriocomic11y ago

> My bank uses 2Fa but it's on some fiddly little calculator device that I never have with me.

I left my bank for this very specific reason (HSBC Aust)

Grrr

dingaling11y ago

Conversely I stay with my bank ( Nationwide ) because they use the device...

learnstats211y ago

Your bank has not done this for your benefit and it hasn't done it in a way that benefits you. They've done it to pass on (to you) the liability for any fraudulent activity.

From http://www.cl.cam.ac.uk/~sjm217/papers/fc09optimised.pdf:

"We reverse engineered the UK variant of card readers and smart cards and here provide the first public description of the protocol. We found numerous weaknesses that are due to design errors such as reusing authentication tokens, overloading data semantics, and failing to ensure freshness of responses. The overall strategic error was excessive optimisation. There are also policy implications."

"The move from signature to PIN for authorising point-of-sale transactions shifted liability from banks to customers; CAP introduces the same problem for online banking. It may also expose customers to physical harm."

Meanwhile, I switched to a bank that uses SMS as a second factor and only where it's necessary: I don't need to use an inconvenient calculator.

j / k navigate · click thread line to collapse