So, why do almost all banks, in the U.S. at least, only support the worst 2FA authentication method exclusively? And, this article doesn’t mention SIM-swap attacks, which are unavoidable. It can’t be that difficult to support an authenticator app.
#Cybersecurity
because its also the most convenient and people are stupid and incapable of handling authenticator apps. plus auth apps are a maintenance burden between phone switching. overall 2fa was a poorly thought out concept to begin with from a end user perspective.
honestly the whole concept of modern 2FA is retarded when you can essentially get the same thing from ssh keys with passwords. (👋 @ passkeys which as basically that renamed)
I understand SSH keys with passwords, but I don’t understand passkeys yet because most of what I’ve read has been layman explanations of them.
Since you made the comparison, could you explain what passkeys actually are, or point me to a decent source that’ll explain it not like I’m 5? Lol
SSH keys are a public and private keys that you can use to sign and verify messages back and forth. passkeys are literally the same thing. the only difference is passkeys are unique per site and you store them in an encrypted file that you only need a single password to access vs an ssh key the passwords are per key pair.
essentially the passkey is used to sign a bit of metadata and then the service verifies that metadata matches the user via the public key on file in their system. but otherwise they’re functionally the same thing as ssh keys.