[unethical_ban]

I have no idea, and I despise it. USAA and eTrade both have TOTP, exclusively with the shitty, non-backup-able Symantec VIP app. Break your phone? You're boned! Symantec VIP on those sites don't provide 2FA verification (the thing where the phone asks to confirm the number on the client-side) and it doesn't provide push notifications.

It's literally a worse version of regular TOTP. And they're in the minority even having 2FA!

[umbra07]

here you go! https://gist.github.com/jarbro/ca7c9d3eebba1396d53b4a7228575...

[Aaronn]

This works for Charles Schwab too!

[umbra07]

and fidelity!

[tekknik]

What could possibly go wrong using an open source project for authentication against your bank accounts? Where have we seen this before?

You best audit the shit out of that code if you actually use it. Every. time. they. update.