|
|
|
|
|
|
by MattGaiser
995 days ago
|
|
|
You could only have that if your bank account being emptied by someone knowing your password is your problem, not the bank's problem or employees forgoing 2FA carried the liability for their passwords leaking. If the bank has to be partially responsible for your access credentials and your workplace is going to get in trouble from you reusing a password, of course they are not going to let you have much freedom here. |
|
|
Firstly, before online banking existed fraud was quite common, and this dind't make banks unsustainable. And indeed, one of the key points that made people trust credit cards was that the bank had your back if someone emptied your account somehow. I once had fraudulent charges from a country thousands of kilometers away, on a card that I hadn't even used (so there was no chance it could be my fault). I just flagged them as fraudulent and the bank returned the money a few days later, no questions asked.
Secondly, even if you are a security expert with great password practices, do you really want your banking security be considered just your problem? What if one day your account is hacked through no fault of your own, because of some breach/hack of the bank's systems, and the bank denies it, giving you full responsibility? I think it's extremely dangerous to give banks the option to do that. Fraud should always be the bank's problem by default, unless they can prove that the user was negligent.
Thirdly, even if we accept the assumption that 2FA is needed for security, there are more ways to do 2FA that don't involve a smartphone - for example with a physical device, or with a coordinate card. The fact that most 2FA (at least where I live) is mobile-only, and even banks that used to offer other choices are now moving to mobile-only, is evidence that there is a motivation beyond security, they want to make smartphones mandatory.