I find it bizarre and frustrating that email providers support 2fa but none of the banks I use do...

· · Web · 3 · 0 · 1

@emacsen hah, mine does by making you append the 2fa code in the password field. It’s so bad.


Okay that's much worse than mine. Here they just insist on using SMS as if it's a good 2fa...

@emacsen yeah my Austrian bank used to do that too; these days they let you tap a notification on your smartphone. Much better.

@emacsen One thing I've realized is that any software or web site made by a company where the software/web site isn't their core business is going to be terrible.

Plus banks are experts at pushing the costs of fraud off onto other people. If your account gets compromised, there's a good chance it will cost them practically nothing. And even if it does it just goes into one big "fraud" bucket that they just charge back to their "customers" in the form of higher fees and lower interest on savings

@emacsen The bank I use (HSBC) has required it for years.

@emacsen Used to be a one-time code generator widget, now a phone app doing the same. To log in, I have to enter username, password, and 6-digit code valid for 30 seconds. The app needs authentication to generate a valid code. I have no idea how secure it actually is, but it could be decent.


The six digit code is an OTP. It's not as secure as FIDO, but it's the right way for sure.

BTW there are Free apps instead of using theirs.

Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!