Conversation

Notices

1. minute (mntmn@mastodon.social)'s status on Tuesday, 27-Feb-2024 01:59:46 JST minute

   i think the EU should pass legislation that enforces standards based 2factor auth (like totp/hotp) for banks, health insurance etc. it is absolutely unacceptable that people are _forced_ to buy android/ios smartphones to use critical services

   • Steinar Bang (steinarb@mastodon.social)'s status on Tuesday, 27-Feb-2024 02:08:28 JST Steinar Bang

     in reply to

     @mntmn My bank SBanken offered credit card sized scraping code cards as an option (not the only option, but an option).

     But then they were bought by the bank I had switched to SBanken to escape (back in 2004 or thereabouts)... and the analog 2Factor option went away.

     Not the only change I'm not happy with, but the one that annoyed me most, I think.

     On the morning commute everybody is sucked into their smartphones.

     Except the software developer (me) who reads a paper newspaper.

   • minute (mntmn@mastodon.social)'s status on Tuesday, 27-Feb-2024 02:45:54 JST minute

     in reply to

     • Lona Theartlav

     @theartlav all my banks are using apps now

   • Lona Theartlav (theartlav@hachyderm.io)'s status on Tuesday, 27-Feb-2024 02:45:55 JST Lona Theartlav

     in reply to

     @mntmn Wait, what are they using instead? Wasn't it all SMS? Or are apps mandatory somehow now?

   • mofumofu (mofumofu@mastodon.social)'s status on Tuesday, 27-Feb-2024 03:00:48 JST mofumofu

     in reply to

     @mntmn my bank in my home country has been using these for decades… in addition they offer an app… but the app still requieres the code from the token generator in addition to the regular password. In addition for some unusual transactions it will ask for an extra sms based OTP. We don’t have laws requiring banks to do that.

   • acb (acb@mastodon.social)'s status on Tuesday, 27-Feb-2024 03:48:47 JST acb

     in reply to

     @mntmn They have something like this in Sweden; it’s called BankID, and while most people use a mobile app, there is also (IIRC) a desktop implementation using a smartcard and a USB-powered reader.

   • zetabeta (zetabeta@mastodon.social)'s status on Tuesday, 27-Feb-2024 03:55:41 JST zetabeta

     in reply to

     @mntmn
     furthermore, apps may use push messages, which is bad if it is external push messages, like ios and google push messages.

   • Sibachian (beiz@mastodon.social)'s status on Tuesday, 27-Feb-2024 05:35:50 JST Sibachian

     in reply to

     @mntmn better yet, EU should pass legislation that requires all ID authentication software to be owned by the public, open source, and entirely system agnostic.

     it's insane that digital ID is privatized, mandatory, and yet only supported on android and ios - preventing european competition from entering the market.

     hell, windows should be banned from use within governments. why the hell is a foreign corporation paid billions of public money annually when we could use taxes to develop our own?

   • FrostBeast (frostchild@mastodon.social)'s status on Tuesday, 27-Feb-2024 09:11:10 JST FrostBeast

     in reply to

     @mntmn I agree with that as well, but also the world in general.

     mobile devices are barely more secure than windows devices.

     IE, not very.

   • MaybeMyMonkeys (maybemymonkeys@mastodon.social)'s status on Tuesday, 27-Feb-2024 13:41:43 JST MaybeMyMonkeys

     in reply to

     @mntmn does depend on how the services are delivered. Smartphones are cheaper and more versatile than PCs.