top | item 43982620

(no title)

fvrther | 9 months ago

The main reason banks adopt in-app TOTP is that most third-party TOTP apps historically didn’t offer cloud backups. And some third-party TOTP apps could leak the tokens because the banks don't own their code.

When users accidentally deleted these apps or switched devices, they often lost access to their TOTP tokens, leading to a flood of support requests. Banks tried to "fix" that by integrating TOTP directly into their own apps.

This allows bank a sort of token persistence (and user tracking, and being able to send push notifications, wanted or not).

discuss

No comments yet.