So, my bank just required me to set up 2FA, which is fine... except that they did not give me any recovery codes. Nor have they provided me with any obvious means to obtain any.
My bank required me to set up 2FA. Via SMS. Only method available! So I did, but I wrote to an old friend (who happens to be their chief data architect) explaining why SMS was not the way to go. She spoke to somebody, and sure enough they soon grew the ability to use an authenticator TOTP in addition to SMS. Only issue now is: NO WAY to remove SMS as a valid method.
At least it doesn't reject a GVoice number, which is way safer than a real SIM-based phone in the wild.
Jonathan Lamothe
in reply to Jonathan Lamothe • •silverwizard
in reply to Jonathan Lamothe • • •Jonathan Lamothe
in reply to silverwizard • •Jonathan Lamothe
in reply to Jonathan Lamothe • •Oh hang on, it gets better.
Apparently signing into the app on my phone using biometrics seems to bypass 2FA. 🤦♂️
(((David "Kahomono" Frier)))
in reply to Jonathan Lamothe • • •My bank required me to set up 2FA. Via SMS. Only method available! So I did, but I wrote to an old friend (who happens to be their chief data architect) explaining why SMS was not the way to go. She spoke to somebody, and sure enough they soon grew the ability to use an authenticator TOTP in addition to SMS. Only issue now is: NO WAY to remove SMS as a valid method.
At least it doesn't reject a GVoice number, which is way safer than a real SIM-based phone in the wild.
Jonathan Lamothe likes this.
Jonathan Lamothe
in reply to (((David "Kahomono" Frier))) • •(((David "Kahomono" Frier))) likes this.
(((David "Kahomono" Frier)))
in reply to Jonathan Lamothe • • •