I wish. Every fucking bank has their own shitty app for 2FA instead of just using standardized and proven TOTP, no way around that.
Same about school apps the article mentioned since it’s connecting to their (one of many) proprietary system, no website for that.
And recently got into the home automation rabbit hole. Lots of devices that require their fucking app, sometimes with mandatory cloud account, just to connect! And people in reviews even praise how easy it is, it’s infuriating! I don’t need light bulbs connecting to the internet, thank you very much.
Ha, sucker, you think your non-Internet-connected lightbulbs make you safe? My Internet-connected lightbulbs have sent my online-car to wardrive your neighbourhood and sniff your Zigbee network!
…if you see my car please tell it to come back to me, I need to go to the shops…
I get emails from school, with a link that opens a 3rd party app, which only displays a link that opens in the default browser. I’ve asked the school to just send me direct links to the announcements, but they say they can’t. The site doesn’t require authentication, but the URLs have UUIDs so I can’t just guess what the link would be. The app is quite literally just a data exfiltration layer that does everything it can to make sure you can’t bypass it. Good luck getting any other parents to give a shit though.
They need to switch to Webauthn. SMS-based 2FA should’ve been big 10+ years ago, not today. I don’t really understand why this old style 2FA has been just now becoming popular lately.
I wish. Every fucking bank has their own shitty app for 2FA instead of just using standardized and proven TOTP, no way around that.
Same about school apps the article mentioned since it’s connecting to their (one of many) proprietary system, no website for that.
And recently got into the home automation rabbit hole. Lots of devices that require their fucking app, sometimes with mandatory cloud account, just to connect! And people in reviews even praise how easy it is, it’s infuriating! I don’t need light bulbs connecting to the internet, thank you very much.
Ha, sucker, you think your non-Internet-connected lightbulbs make you safe? My Internet-connected lightbulbs have sent my online-car to wardrive your neighbourhood and sniff your Zigbee network!
…if you see my car please tell it to come back to me, I need to go to the shops…
I get emails from school, with a link that opens a 3rd party app, which only displays a link that opens in the default browser. I’ve asked the school to just send me direct links to the announcements, but they say they can’t. The site doesn’t require authentication, but the URLs have UUIDs so I can’t just guess what the link would be. The app is quite literally just a data exfiltration layer that does everything it can to make sure you can’t bypass it. Good luck getting any other parents to give a shit though.
That’s the big one, sadly.
All of the banks I’ve used in the past utilize email or SMS for 2FA, which isn’t the most secure, but doesn’t require an app.
They need to switch to Webauthn. SMS-based 2FA should’ve been big 10+ years ago, not today. I don’t really understand why this old style 2FA has been just now becoming popular lately.