[submeta]

> Companies standardized on email as notification system for "you got a message in the actually secure medium".

This is so ridiculous. I have to log in to a dozen different sites to download documents. And those sites are 2FA secured, so I have no means to automate. Of course these companies never heared of (REST) APIs. - This is such a step backwards.

[lrem]

Frankly, I prefer my bank and insurance to have minimal access surface.

[411111111111111]

But why don't they support just sending them to your email, gpg encrypted if sensitive? They'd still be secure and significantly easier to archive

I know it's for liability reasons, but annoying nontheless

[lrem]

That's an extra thing they could get wrong. Seeing how some banks cannot deal with copy-pasting my legal name correctly, I prefer to not give them anything else out of the ordinary.