Looking at bank security is probably the saddest landscape around.
Most will ask you for a PIN at maximum and then tell you it's not possible to have stronger authentication because of "safety".
I wish there was stronger laws forcing banks to adopt stuff like that.
I wish there were laws making it the bank's problem if your account gets hacked. The security they choose to use is secondary, but you bet they'd be the most secure websites around if they were liable for the losses.
You won't probably get what you wish for: this is how it works in South Korea but the solution that the banks went is worse than SMS-OTP, where your bank is expected to monitor your computer (https://palant.info/2023/01/02/south-koreas-online-security-...).
stavros|2 years ago
zinekeller|2 years ago