Hacker News new | ask | show | jobs
by c0l0 1059 days ago
The banking sector is EXACTLY where "cyber 'security'" and "compliance" will mandate for this to be implemented.

When I worked a bank at $oldjob, compliance mandated we had a full-blown anti virus engine (from Microsoft or McAfee, "at your option") deployed in quasi-ephemeral container images.

It does not have to be reasonable, it doesn't have to be a net positive - it just has to tick some box on some compliance sheet for this to be required, and I will never again be able to perform a banking transaction from my personal computer or degoogled phone again.
1 comments
delfinom 1059 days ago
Most banks have barely implemented 2FA, and when they have, they implement SMS.

The only financial provider I have that supports anything other than backdoors is Vanguard with U2F support.

Shit, AMEX still lowercases your passwords before (hopefully) hashing them.

We got plenty of time for those mandates to occur ;)

link
freedomben 1059 days ago
So what, let's not worry about it until after it's implemented when it's a 10,000 kg gorilla, instead of trying to nip it in the bud now? Is the world going to end tomorrow so lets just eat, drink and be merry for tomorrow we die?

Now is the time to fight this. It will impossible to unravel it once it's been implemented.

link
PaulDavisThe1st 1059 days ago
> Most banks have barely implemented 2FA, and when they have, they implement SMS.

One reason I slightly swallow my guilt at having a savings account with Goldman Sachs (marcus.com) is that they offer email-based 2FA. I closed my savings accounts at Chase when they enforced SMS-only 2FA.

BTW, I feel slightly less guilty about saving with these banks instead of my actual credit union after my brother-in-law (who has been in the CU world for decades) told me that if a credit union can't offer competitive savings rates, it means they are lacking in opportunities for significant local lending.

link
diego_sandoval 1058 days ago
> and when they have, they implement SMS.

That's the problem. They do implement things, and they do them in the worst possible way.

My bank forces me to 2FA trough SMS when I connect from a new IP range. This means that I can't do any banking through them when I'm outside of my country.

I wish they just didn't implement any form of 2FA instead. That would be better than the current situation.

link