94

So, why do almost all banks, in the U.S. at least, only support the worst 2FA authentication method exclusively? And, this article doesn't mention SIM-swap attacks, which are unavoidable. It can't be

posted
by
Avatar
Jerry Lerman@hear-me.social
in
Avatar
cybersecurity@fedia.io
19 comments
hidereport

So, why do almost all banks, in the U.S. at least, only support the worst 2FA authentication method exclusively? And, this article doesn’t mention SIM-swap attacks, which are unavoidable. It can’t be that difficult to support an authenticator app.

https://gizmodo.com/feds-warn-sms-authentication-is-unsafe-after-worst-hack-in-our-nations-history-2000541129

#Cybersecurity

Sort:
HotTopControversialNewOld
You are viewing a single thread.
View all comments View context
Avatar
pivot_root@lemmy.world
8 points

A cynical thought: what if it’s actually less risky to make 2FA someone else’s fault when it fails, rather than worry about ever having to be held accountable for an insecure implementation they created.

permalink
report
parent
reply
Avatar
DahGangalang@infosec.pub
3 points

Thats a good point.

I expect the courts would uphold that flavor of argument too (at least in the U.S.; I expect the same in other countries, but don’t feel comfortable speaking for systems I’m not at all familiar with).

permalink
report
parent
reply

Cybersecurity

!cybersecurity@fedia.io

Create post

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Rules

Community Rules

  • Be kind
  • Limit promotional activities
  • Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Community stats

  • 863

    Monthly active users

  • 63

    Posts

  • 173

    Comments

Community moderators