|
|
|
|
|
|
by dalke
814 days ago
|
|
|
> How do they protect against phishing? The same way they minimize the vulnerability when running on an exploited Windows machine? Even if I log in, via a MITM attack, all they can do is read my account history. Actually making changes requires further authorization. When I make a payment the screen asks me to confirm the amount I'm about to pay. The same applies to other security sensitive changes. Still, you make a very valid point, and I thank you for pointing out the flaw in my understanding. I still have a very deep distrust about centralizing identification, payment, and apps on a single device, and strongly dislike the inability to have physically very distinct trust levels. |
|
|
That’s a good answer, too, especially of that custom message can be large enough to display the name & amount. Anything to jar people out of the “I thought I was sending $100 to the cable TV company, not $6,000 to someone in India” autopilot state.
I generally agree with your larger point and wish that banks would make it easier to do things like setup a Yubikey and require it be used on any transaction over a certain amount. I’ve never in my life needed to make a large transaction where I wouldn’t have been able to grab a token from my safe to approve it, and at some point delay becomes a security feature since it give the bank staff time to do things like call you and make sure you really intended to do something.