So, my bank just required me to set up 2FA, which is fine... except that they did not give me any recovery codes. Nor have they provided me with any obvious means to obtain any.
binaryphile π₯₯π΄β πΊπ² reshared this.
binaryphile π₯₯π΄β πΊπ² reshared this.
Jonathan Lamothe
•silverwizard
Jonathan Lamothe
•Jonathan Lamothe
•Oh hang on, it gets better.
Apparently signing into the app on my phone using biometrics seems to bypass 2FA. π€¦ββοΈ
(((David "Kahomono" Frier)))
•My bank required me to set up 2FA. Via SMS. Only method available! So I did, but I wrote to an old friend (who happens to be their chief data architect) explaining why SMS was not the way to go. She spoke to somebody, and sure enough they soon grew the ability to use an authenticator TOTP in addition to SMS. Only issue now is: NO WAY to remove SMS as a valid method.
At least it doesn't reject a GVoice number, which is way safer than a real SIM-based phone in the wild.
Jonathan Lamothe likes this.
Jonathan Lamothe
•(((David "Kahomono" Frier))) likes this.
(((David "Kahomono" Frier)))
•