| > nothing that requires an end-user to understand PKI None is needed, how hard it’s for a bank handing over physical tokens to the customers when they open an account or mailing them to existing ones? - You can loose them? Sure, just like any smartphone or even government ID, but the process after to replace is what will make you careful next time. - They can be stolen? Same as above - They can be used in banks or even for online banking, just tap it with your NFC enabled phone (yubico is an example) - They can be used by someone else? Sure, just like your phone. - However, no sim-swap attacks or similar, so in theory it’s better given no negligence from the users which is always the biggest risk anyway, but overall it’s an improvement. >and also would not impede a lawful (and for the purposes of this conversation: ethically necessary) police wiretap. Why would the police wiretap a banking verification, they can wiretap the transaction at the banks if they are legally authorized. |
(yes, i'm talking about every modern..ish credit and debit card)