[Mediterraneo10]

In many countries, all banks are moving towards apps that require Google Play Services and passing Safety Net. (And a diverse ecosystem of "credit unions" is a USA-specific thing.) Banks are phasing out other means of 2FA like code cards or code calculators, and expecting all customers to have an Android or Apple phone.

[scintill76]

I’m not sure credit unions’ tech is diverse, anyway. I’ve noticed some of their online banking sites look like different themes of the same software. So it wouldn’t surprise me if the apps are the same, so eventually the base vendor will push SafetyNet or w/e and all credit union apps will then require it.

[elric]

That's obviously a stupid move by those banks. And if you think so too, you should point it out to them. Your bank is unlikely to read HN (hah!), but they are commercial institutions and some of them might even listen to their customers.

[Mediterraneo10]

No, this was actually a pretty reasonable and expected move on the part of the banks. They realized that providing code cards or code calculators to customers represented a expense that very few customers in our modern age were taking advantage of, and so they discontinued those programs. I love my LineageOS Android phone and I also own a PinePhone now, but come on, let's be reasonable and admit that we are so tiny a minority of customers that we don’t matter to banks.

[elric]

Sure, it's an expense, but it's one that provides actual security. Instead of this "it runs on a phone and google says it's secure"-nonsense. Banks know people's phones rarely get updated.

When I started using online banking in what must have been 1997 or so, I accessed the bank using a browser, client side certificate and a passphrase. It seems like ever since then, security has steadily declined in favour of "ease of use". Which rubs me the wrong way, because we really should have increased the ease of use of security instead!