NIST has been saying since 2016 not to use SMS for MFA. It's always been horribly insecure.
this post was submitted on 20 Dec 2024
0 points (NaN% liked)
Technology
74073 readers
3112 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
The problem for me is that most Canadian Banks give you the choice of SMS or their shitty adware filled bank app that relies on Google Play Services and wont implement TOTP so I can use a true MFA app. And Im done with being forced to accept user policies I don't agree with to do shit, and most of all done with Google Play Services on my device 😑
Even Bank of America doesn't support MFA apps.
They support USB hardware tokens… but only for the website. Everything else is SMS which kinda defeats the point.
Annoyingly, other than Vanguard, they are the only financial institution to support USB FIDO tokens
in my experience, FIDO tokens suck. I have to around 10 times every time I use one to log in.
Are your USB ports broken? I've never had issues other than physical port problems
I don't think so. It was on three seperate computers. I also used two FIDO keys, both identical. Maybe they're of poor quality, so it could be that. Any recommendations on a reliable FIDO key?
No idea. I just use the yubikey ones. I have an old usb-a one and a newer small usbc one