[prashnts]

The banks (BnP, CdE) I use ask you to confirm in their apps, and have never seen this before! Not to say this isn't legit -- I can completely imagine this happening.

That said, I absolutely also hate having only a choice of a 6 digit pin on a UI that's intentionally designed to disallow any password manager usage. Plus they shuffle the inputs, make you change pin every n-usage/n-days. I really don't get the rationale other than it maybe avoids screen scraping, or keylogging?

[seszett]

La Banque Postale also asks you to confirm in their app, what we see here is the case when someone has not activated the in-app confirmation (called "certicode", uses another password that is different from the account password).

Apparently just SMS is not deemed secure enough by law, so they have to have another authentication factor, and the only other factor they have if you haven't activated certicode is the regular account password.