So, why do almost all banks, in the U.S. at least, only support the worst 2FA authentication method exclusively? And, this article doesn’t mention SIM-swap attacks, which are unavoidable. It can’t be that difficult to support an authenticator app.
#Cybersecurity
A cynical thought: what if it’s actually less risky to make 2FA someone else’s fault when it fails, rather than worry about ever having to be held accountable for an insecure implementation they created.
Thats a good point.
I expect the courts would uphold that flavor of argument too (at least in the U.S.; I expect the same in other countries, but don’t feel comfortable speaking for systems I’m not at all familiar with).