top | item 47095158

(no title)

Aerroon | 9 days ago

2FA is a requirement in Europe. I can't log into my bank account without my phone being able to run the app.

discuss

xprnio|9 days ago

But 2FA is moot if it’s the same device as your bank app, is it not?

rightbyte|9 days ago

Yes. Please tell my bank that.

clhodapp|9 days ago

It is in the specific case that you don't have biometric or PIN login set up on the device and you use a password manager that doesn't require authentication. In that case, the only factor is "something you have". Otherwise, it is still a multi-factor authentication because the device itself still represents "something you have", and your device unlock represents "something you know" or "something you are".

naniwaduni|8 days ago

Nearly all the security value of 1fa is that it keeps your users from picking the own passwords.

hunterpayne|8 days ago

The "app" is probably a web page written in JS. Rarely its a native app in either Kotlin or Swift but then you have to maintain 2 different apps in 2 different languages with 2 different OSes for the devs. So unless the app really specifically requires something special, its just a web page. Even (and especially) your banking app.

dheera|9 days ago

2FA and Google SafetyNet are two completely different things. Your banking app can implement 2FA without SafetyNet.

heavyset_go|9 days ago

It's Play Protect and Play Integrity now, not SafetyNet, in case anyone wants to look it up

Markoff|9 days ago

I would stop using bank requiring phone app to do banking, simple as that, both my main EU accounts use sms verification codes and extra password, which is fine with me. If they will require an app, they will lose customer.

debazel|9 days ago

So what are you going to do when all of them requires it?

master-lincoln|8 days ago

2fa does not mean smartphone. There are other variants too