The friction of changing bank accounts is high, and few people choose their bank accounts based on how easy the online authentication is. Unless a bank does this meaningfully much worse than their competitors (low bar) they have little incentive to fix it.
If you think TD is bad, try some European countries where there's only a handful of banks...
According to https://2fa.directory/us/#banking there are 3 banks in the US that support hardware 2FA (without limitations like requiring a Symantec token or only being available to "high risk" clients): BofA, Morgan Stanley, and Mercury.
Of these three, Mercury isn't really a bank, it's a non-bank financial institution (and as the bankruptcy of Synapse shows, putting your money into these services can be risky), Morgan Stanley has zero locations within a 1 hour drive (important for when I need cashiers checks or need to deposit checks that mobile apps can't handle), and BofA's interest rates are laughable.
There's no FDIC-insured bank which has decent savings accounts, physical branches near me, and supports proper hardware 2FA. The best I can get is savings, location, and (the bank's app-based) software 2FA.
There truly is no incentive for the banks to improve, and I don't think anything will unless congress forces their hands (which seems unlikely, given that the average person has never suffered an SMS 2FA-based attack on their finances and thus has no reason to write to congress about it).
tart-lemonade|9 months ago
Of these three, Mercury isn't really a bank, it's a non-bank financial institution (and as the bankruptcy of Synapse shows, putting your money into these services can be risky), Morgan Stanley has zero locations within a 1 hour drive (important for when I need cashiers checks or need to deposit checks that mobile apps can't handle), and BofA's interest rates are laughable.
There's no FDIC-insured bank which has decent savings accounts, physical branches near me, and supports proper hardware 2FA. The best I can get is savings, location, and (the bank's app-based) software 2FA.
There truly is no incentive for the banks to improve, and I don't think anything will unless congress forces their hands (which seems unlikely, given that the average person has never suffered an SMS 2FA-based attack on their finances and thus has no reason to write to congress about it).
AStonesThrow|9 months ago