Message-ID: <63167987@news.ausics.net>
From: not@telling.you.invalid (Computer Nerd Kev)
Subject: Re: A small puzzle.
Newsgroups: comp.os.linux.misc
References: <teu5k0$2m0ub$1@dont-email.me> <6312b2b1@news.ausics.net> <teul8i$2pjku$2@dont-email.me> <iasbui-dau.ln1@Telcontar.valinor> <tevhjq$2sj5d$2@dont-email.me> <8focui-1t4.ln1@Telcontar.valinor> <LKOQK.191098$Ny99.104781@fx16.iad> <tf1qpu$36tbh$1@dont-email.me> <0hgeui-l0d.ln1@Telcontar.valinor> <631534e8@news.ausics.net> <tf3d3f$3bkih$1@dont-email.me> <631553e5@news.ausics.net> <659hui-beu.ln1@Telcontar.valinor>
User-Agent: tin/2.0.1-20111224 ("Achenvoir") (UNIX) (Linux/2.4.31 (i586))
NNTP-Posting-Host: news.ausics.net
Date: 6 Sep 2022 08:34:47 +1000
Organization: Ausics - https://www.ausics.net
Lines: 50
X-Complaints: abuse@ausics.net
Path: csiph.com!news.bbs.nz!news.ausics.net!not-for-mail
Xref: csiph.com comp.os.linux.misc:35597

Carlos E.R. <robin_listas@es.invalid> wrote:
> On 2022-09-05 03:41, Computer Nerd Kev wrote:
>> The Natural Philosopher <tnp@invalid.invalid> wrote:
>>> On 05/09/2022 00:29, Computer Nerd Kev wrote:
>>>> Carlos E.R. <robin_listas@es.invalid> wrote:
>>>>>    - 2FA codes for using the bank on the computer. For this, you need to
>>>>> install the bank app on the phone, because SMSs are not considered safe
>>>>> enough.
>>>>
>>>> I hope mine doesn't go that way because I'm not going to keep an
>>>> up-to-date (it would need to be if I'm trusting apps to run
>>>> securely) smartphone just for that. In fact they only started doing
>>>> 2FA SMS codes this year. I had an old mobile number linked to that
>>>> account - had to go in and sort that out in person. That account is
>>>> only used for online payments anyway.
>>>>
>>>> My 'dumb' phone is only used for SMS and voice calls, and both are
>>>> rare. It's bare-bones online functionality died ages ago when
>>>> everything went HTTPS, and I prefer to use a landline so I don't
>>>> give its number out unless I have no other choice.
>>>>
>>> You can conceal your mobile phone number.
>> 
>> No I mean I don't tell people my mobile number so that I'm not
>> obliged to use it, I only want people to call on the landline. It's
>> only turned on when I want to use it anyway. PayPal will call up a
>> landline for their verification code system, but the bank insists
>> on a mobile number.
> 
> And they will eventually insist on a smartphone.

I only use the account for about a dozen transactions a year at the
moment. Given that smartphones cost hundreds and go unsupported
after a few years, factoring that cost in would make the cost per
transaction (currently $0 if I do everything right and it doesn't
involve currency conversion) much higher.

I previously used a pre-paid credit card which emailed a code for
2FA, so maybe I would try switching back to that again and see
whether websites have stopped rejecting payments from it. Or is
email 2FA considered insecure as well in this hypothetical?

Actually I think trying to second-guess the future behaviour of a
bank that's only just brought in SMS 2FA is a stretch, regardless
of what's happening overseas (and has apparantly been happening
quite differently for many years in some places).

-- 
__          __
#_ < |\| |< _#