[maxgashkov]

btw, this paper card approach was replaced by physical hardware OTP tokens (lasting multiple years until they have to be replaced), it’s as secure as the supply chain (which is also a factor for paper cards), so I’m not sure why Korea still clings to this as tokens are obviously a net gain in ops cost

[kijin]

I dunno where you got the idea that South Korea still clings to paper-based number cards, but OTP tokens have been in use for the better part of a decade here. Nowadays you don't even need hardware tokens, since it's considered OK to replace them with mobile apps that use TPM to manage keys.

[maxgashkov]

I’ve got the idea from the parent comment obviously. It’s cool that the practice of paper cards is not as widespread as I thought after reading it.

[ravel-bar-foo]

Sorry about that. My bank still provides me with cards. I never asked about a OTP dongle and I don't want to enable mobile banking, so cards it is. But almost everyone in Korea (who isn't paranoid about a single compromised device) is now on mobile banking, rather than website banking.

[jszymborski]

The Canada Revenue Agency does something similar, where instead of TOTP they ask you to print a grid of alphanums and they ask you for combinations.

The only problem is I think they're only good for a couple months at which point you need to do verification by mailed token which is a royal pain in the ass

[zinekeller]

As pointed out, legislation detailing the exact measures needed to be done. I guess they copied over the idea of European TANs but they never found out about hardware OTPs.