For the past 15 years, F-Droidhas provided a safe and secure haven for Android users around the world tofind and install free and open source apps. When cont...
I don’t know about the US but on this side of the pond banks have their own 2nd factor apps. So to log in to a bank’s website you need an app - quite probably with play integrity.
Dang. Y’all need to pick better credit unions. MFA rolling token is an open standard. Any single app can support all of my (correctly implemented) tokens. I prefer Aegis, but they (correctly implemented MFA apps) all work.
I don’t want to trust my money to someone who can’t implement standards compliant MFA.
That sounds extremely inconvenient. Individual apps for 2FA? No thanks. I’m good with KeePass and Aegis, both open source, encrypted, and don’t require any extra hardware.
That’s crazy. Yeah in the rest of the world you can’t do shit on a bank website, it’s mostly just view only, and the rest is via the app. If it lets you do anything at all, it’ll require 2FA via the app.
You can transfer money from a savings account with one bank to another account with another bank just via tapping said bank account icon in the app, like you don’t even need the BIC/IBAN/AccNo/Name or any details, it knows where to go just because you have the app of the other bank, all you do is tap the icon.
I’m not even sure you can withdraw the money from the savings account without having the app of the target bank installed on the phone, signed into the target account.
Same way you can add a card to Google Pay by just tapping a button in the bank app, no details or anything required.
Frankly I don’t even know where any one of my bank cards are, I remember for a good while I had a credit card that I didn’t actually have physically because when you open the credit card account (which requires extra checks compared to what is default - debit cards) they don’t bother to ship the physical thing to you unless you explicitly ask for it (via an option in the app), since most people just use it only via Google Pay because everywhere is cashless and uses only NFC.
I didn’t realize at first but it meant that my “card” didn’t even have a PIN, because there was no way to physically have it, any large transactions are authorized in the app, everything else, including IRL is implicitly authorized by me unlocking my phone with my fingerprint, which is required to make NFC payments on Android. I think with Apple phones it’s required to open the app but for me since 2018 it’s been muscle memory to tap the fingerprint reader and slap the phone on the NFC reader on anything from the tube to the dodgy corner shop.
To get the actual card details it’s a relatively hidden submenu in the app, to add to Google pay is a giant button on the card icon in the app.
Convenient as hell but the sheer amount of privacy violations involved and info that must be gathered about the phone to do this in a compliant fashion makes me shudder.
Yeah, happened to me. I tried to go to one of the bank locations but they not so subtly told me to fuck off and call their customer service instead if for some reason I couldn’t use the ‘in-app help menu’. The entire concept of me losing access to it seemed alien to them, as it I was born into the app or some shit, idk how much they pay those ghouls to stand there and gaslight folks like that but I sure hope it’s a lot.
To restore it I had to call them and turned out I needed to know some kind of extra hidden secret “telephone banking” password after fighting past 10 people who could barely speak English. I didn’t know it ofc and like an hour later I was able to prove who I was.
I’ve been using a dedicated TAN generator for banking since I first made my account but I don’t doubt that’s going away at some point, since debit cards from the same bank already require an app for 3-D secure.
No, hardware TAN generator work fine. If the bank wants to force me to use proprietary snake oil it’s time for a new bank. Or using a dedicated old smartphone just for the app.
I don’t know about the US but on this side of the pond banks have their own 2nd factor apps. So to log in to a bank’s website you need an app - quite probably with play integrity.
Dang. Y’all need to pick better credit unions. MFA rolling token is an open standard. Any single app can support all of my (correctly implemented) tokens. I prefer Aegis, but they (correctly implemented MFA apps) all work.
I don’t want to trust my money to someone who can’t implement standards compliant MFA.
That would scare the daylights out of me.
That sounds extremely inconvenient. Individual apps for 2FA? No thanks. I’m good with KeePass and Aegis, both open source, encrypted, and don’t require any extra hardware.
In America, we’re lucky if our bank supports 2fa, let alone require an app for it
That’s insane, I have never heard of such a thing, but I’m in the US where most banks don’t even have non-sms second factor.
That’s crazy. Yeah in the rest of the world you can’t do shit on a bank website, it’s mostly just view only, and the rest is via the app. If it lets you do anything at all, it’ll require 2FA via the app.
You can transfer money from a savings account with one bank to another account with another bank just via tapping said bank account icon in the app, like you don’t even need the BIC/IBAN/AccNo/Name or any details, it knows where to go just because you have the app of the other bank, all you do is tap the icon.
I’m not even sure you can withdraw the money from the savings account without having the app of the target bank installed on the phone, signed into the target account.
Same way you can add a card to Google Pay by just tapping a button in the bank app, no details or anything required.
Frankly I don’t even know where any one of my bank cards are, I remember for a good while I had a credit card that I didn’t actually have physically because when you open the credit card account (which requires extra checks compared to what is default - debit cards) they don’t bother to ship the physical thing to you unless you explicitly ask for it (via an option in the app), since most people just use it only via Google Pay because everywhere is cashless and uses only NFC.
I didn’t realize at first but it meant that my “card” didn’t even have a PIN, because there was no way to physically have it, any large transactions are authorized in the app, everything else, including IRL is implicitly authorized by me unlocking my phone with my fingerprint, which is required to make NFC payments on Android. I think with Apple phones it’s required to open the app but for me since 2018 it’s been muscle memory to tap the fingerprint reader and slap the phone on the NFC reader on anything from the tube to the dodgy corner shop.
To get the actual card details it’s a relatively hidden submenu in the app, to add to Google pay is a giant button on the card icon in the app.
Convenient as hell but the sheer amount of privacy violations involved and info that must be gathered about the phone to do this in a compliant fashion makes me shudder.
Not so convenient when one loses their phone or service. Then get locked put of everything.
Yeah, happened to me. I tried to go to one of the bank locations but they not so subtly told me to fuck off and call their customer service instead if for some reason I couldn’t use the ‘in-app help menu’. The entire concept of me losing access to it seemed alien to them, as it I was born into the app or some shit, idk how much they pay those ghouls to stand there and gaslight folks like that but I sure hope it’s a lot.
To restore it I had to call them and turned out I needed to know some kind of extra hidden secret “telephone banking” password after fighting past 10 people who could barely speak English. I didn’t know it ofc and like an hour later I was able to prove who I was.
I’ve been using a dedicated TAN generator for banking since I first made my account but I don’t doubt that’s going away at some point, since debit cards from the same bank already require an app for 3-D secure.
No, hardware TAN generator work fine. If the bank wants to force me to use proprietary snake oil it’s time for a new bank. Or using a dedicated old smartphone just for the app.