[Phui3ferubus]

> TOTP Support: Let users use any standard authenticator

How many of them allow to generate a code related to specific operation (provide a context for what is being "confirmed")? This is the EU requirement that killed everything but SMS and bank mobile apps.

[878654Tom]

And I love that requirement. I do banking on my desktop and to confirm the transfers I get a push notification from a third-party application (ItsMe, so not a banking mobile app) with all the information I have entered.

I can confirm the transaction from a complete separate device while doing a second check if all details are correct.

[Detrytus]

The requirement per se is not the biggest problem. Implementation by different banks is. In my country I have several bank accounts.

One bank allows me to install mobile app on up to 5 smartphones, all I need is connect the smartphone to the Internet (e.g. through Wi-Fi).

Another bank allows me to have up to 3 smartphones, but identifies them by phone number, so it forces me to have 3 difrerent SIM cards

Yet another bank will only allow me to have mobile app only on one device. To activate on another device I need to receive SMS code, and if I lose my SIM card I need to show up at a branch in person.

[creer]

Plus the "app" was written by clowns and doesn't really work for any reasonable idea of "work".

[lxgr]

And that's to say nothing about what happens when changing phones...

[paipa]

Oh, so that's why some services have separate codes for login and transacting. Didn't know it was an EU regulation.

Still better than in-house crap.

[creer]

Although to be fair this EU requirement tends in practice to make things yet still more cumbersome - requiring multiple authentications in one online banking session.