It seems to me that part of the problem is overreliance on phones as computing devices. A lot of things, like banking, are best done on an actual computer. We have become too dependent on phones.
Maybe we have this view because when we refer to computers we see a more open ecosystem that’s not found in the mobile phone era. I want that same liberty with my phone.
When the word “sideloading” has disappeared, I think then we have known something has changed.
I’m not sure how it works the way where you live but where I live, the way the banking apps are implemented completely violate MFA. They rely on SMS verification which is absurd since if you’re phone is already compromised, no doubt your SMSes are too. There’s no true multi-device authentication in place and this has led to a huge number of victims being scammed after their devices get compromised by a phishing attack.
The desktop and phone are both insecure, proper security should not have all your eggs in one basket.
Well, yes. But then again, I would trust my GrapheneOS phone not getting compromised over 3 linux devices. MFA is not some ultimate solutions and it is a pain to use.
I mean sure, but that’s not the case for the majority of the user base of these banking apps. Is it the most secure? No but it’s way better than it is right now.
So what is the case for most users? Are normal android phones getting compromised (in a way true 2FA would help) often enough it is an issue? I honestly haven’t seen any statistic regarding this and anecdotally I don’t know anyone whose internet banking was compromised. Whether on phone or desktop.
Yep I absolutely refuse to put any banking apps on my phone. The only thing that has access to my bank is me physically going there or logging into their website via my own computer. Fuck any app that asks for access to my bank account including autopay services thorugh third parties.
The only third party serive I use for payments is paypal and that only goes to my credit card.
It seems to me that part of the problem is overreliance on phones as computing devices. A lot of things, like banking, are best done on an actual computer. We have become too dependent on phones.
Maybe we have this view because when we refer to computers we see a more open ecosystem that’s not found in the mobile phone era. I want that same liberty with my phone. When the word “sideloading” has disappeared, I think then we have known something has changed.
Your phone has likely much better security for your banking apps than your computer, unless you run really niche setup like QubesOS.
I’m not sure how it works the way where you live but where I live, the way the banking apps are implemented completely violate MFA. They rely on SMS verification which is absurd since if you’re phone is already compromised, no doubt your SMSes are too. There’s no true multi-device authentication in place and this has led to a huge number of victims being scammed after their devices get compromised by a phishing attack.
The desktop and phone are both insecure, proper security should not have all your eggs in one basket.
Well, yes. But then again, I would trust my GrapheneOS phone not getting compromised over 3 linux devices. MFA is not some ultimate solutions and it is a pain to use.
I mean sure, but that’s not the case for the majority of the user base of these banking apps. Is it the most secure? No but it’s way better than it is right now.
So what is the case for most users? Are normal android phones getting compromised (in a way true 2FA would help) often enough it is an issue? I honestly haven’t seen any statistic regarding this and anecdotally I don’t know anyone whose internet banking was compromised. Whether on phone or desktop.
Yeah, SIM swaps are a concern too.
The phone is not insecure because of all eggs on basket.
You say “security” I say “a bug that won’t let me log in”. Which is it?
Which is the point. Why do we need this security when the most virus riden PC can access my banking website.
That’s a good point, time to ban banking websites and only allow people with locked-down phones to bank.
There are no banking apps on my computer.
no it’s not. takes me 2 seconds to log in into my banking up in my phone. anything basic will take a few taps to do (eg transfer money).
Yep I absolutely refuse to put any banking apps on my phone. The only thing that has access to my bank is me physically going there or logging into their website via my own computer. Fuck any app that asks for access to my bank account including autopay services thorugh third parties.
The only third party serive I use for payments is paypal and that only goes to my credit card.
Yeah guess what happens when access starts to be app-only?