So, why do almost all banks, in the U.S. at least, only support the worst 2FA authentication method exclusively? And, this article doesn’t mention SIM-swap attacks, which are unavoidable. It can’t be that difficult to support an authenticator app.
#Cybersecurity
@[email protected] Honestly, it’s a “reach” reason. most people have a phone capable of receiving texts or a voice message (An actual call). Not everyone has a smartphone (or the technical chops to get a legitimate OTP app and setup TOTP). Is that an excuse to NOT offer TOTP or other better MFA options? No it isn’t, but then they probably decided to not pay the extra 10c per user for the additional auth option. Cost/benefit analysis, with security not even being a part. If you want your banks to support more robust auth, hound the financial regulators to start making it a requirement.