|
|
|
|
|
|
by xgb84j
1147 days ago
|
|
|
This is how I think it roughly works where I live: You get a per-user token directly at the bank or via mail (not email, but a physical envelope). Your banking app can use this token once to get a secret key. Secret key + user name + password allows you to use the banking app. Any way to circumvent this requires app isolation to be broken somehow. |
|
|
Also, I wouldn’t personally describe an out-of-band token delivery / exchange mechanism like that as “actually trivial” for apps to do.