The whole issue with banking apps must seem strange to people in some countries, and make perfect sense to people in other countries. My whole country rely on a 2FA app made by the banks. It’s in every aspect of society. Buying a bus ticket, booking a time for health care, doing taxes, applying for an apartment, signing contracts, all done with the same banking app. Only people with stallmanesque convictions manage without, with lots of effort. So far that app works on e/os/ and GrapheneOS, but not regular desktop Linux.
I agree, and it’s run by private companies who could just shut it down or use it in evil ways. Our government is maybe making a state owned solution, but it will take time.
2FA is the opposite of a single point of failure though. In order to impersonate you someone has to have access to your authentication device and your master password. There are no passwords to remember or get leaked/stolen, and you still have traditional identification and a physical backup in the form of codes or an authentication device.
In Sweden it’s like a minute of your time to set up a new phone, or at worst a trip to the bank if you lost your authenticator.
It also has a screen showing what information or authorization is being requested so that it’s much harder to get scammed.
I guess, but I’ve gone without BankID for about month previously. (It was my own fault for procrastinating multiple things.) You don’t need it; it’s just very convenient.
I’m having difficulty envisioning a malicious update. There’s a lot of transparency and regulations.
The whole issue with banking apps must seem strange to people in some countries, and make perfect sense to people in other countries. My whole country rely on a 2FA app made by the banks. It’s in every aspect of society. Buying a bus ticket, booking a time for health care, doing taxes, applying for an apartment, signing contracts, all done with the same banking app. Only people with stallmanesque convictions manage without, with lots of effort. So far that app works on e/os/ and GrapheneOS, but not regular desktop Linux.
Oh, that’s a terrifying single point of failure.
I agree, and it’s run by private companies who could just shut it down or use it in evil ways. Our government is maybe making a state owned solution, but it will take time.
If you’re in Sweden you’ll be glad to know Sverige-ID is coming this December.
Aha, didn’t know that, thanks. I hope it will work with free operating systems.
2FA is the opposite of a single point of failure though. In order to impersonate you someone has to have access to your authentication device and your master password. There are no passwords to remember or get leaked/stolen, and you still have traditional identification and a physical backup in the form of codes or an authentication device.
In Sweden it’s like a minute of your time to set up a new phone, or at worst a trip to the bank if you lost your authenticator.
It also has a screen showing what information or authorization is being requested so that it’s much harder to get scammed.
I think they meant that the single app by all banks can go down through backend crash, buggy/malicious app update, etc.
I guess, but I’ve gone without BankID for about month previously. (It was my own fault for procrastinating multiple things.) You don’t need it; it’s just very convenient.
I’m having difficulty envisioning a malicious update. There’s a lot of transparency and regulations.