this post was submitted on 20 Dec 2024
94 points (100.0% liked)

Cybersecurity

23 readers
21 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Rules

Community Rules

founded 2 years ago
MODERATORS
[email protected]
[email protected]
94
So, why do almost all banks, in the U.S. at least, only support the worst 2FA authentication method exclusively? And, this article doesn't mention SIM-swap attacks, which are unavoidable. It can't be (hear-me.social)
submitted 2 months ago by [email protected] to c/[email protected]
19 comments fedilink hide all child comments
 

So, why do almost all banks, in the U.S. at least, only support the worst 2FA authentication method exclusively? And, this article doesn't mention SIM-swap attacks, which are unavoidable. It can't be that difficult to support an authenticator app.

https://gizmodo.com/feds-warn-sms-authentication-is-unsafe-after-worst-hack-in-our-nations-history-2000541129

#Cybersecurity

you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 8 points 2 months ago (1 children)

A cynical thought: what if it's actually less risky to make 2FA someone else's fault when it fails, rather than worry about ever having to be held accountable for an insecure implementation they created.

[โ€“] [email protected] 3 points 2 months ago

Thats a good point.

I expect the courts would uphold that flavor of argument too (at least in the U.S.; I expect the same in other countries, but don't feel comfortable speaking for systems I'm not at all familiar with).