El Fri, Mar 19, 2021 at 09:33:09AM -0400, f...@centromere.net deia: > > I recommend the following: > > 1. Physically visit the bank, look the teller in the eye, and complain > vociferously (yet respectfully), > 2. Use cash while you still can, > 3. Build a strong community who understands what's at stake, > 4. Shop locally, and > 5. Pray. >
Yes, even 2FA with SMS requires you to have a phone and a contract with a telco. What was so wrong about that system they used before of a code card that the bank gave the customer and then a code at a diferent coordinate was used for each transaction ? Make it bigger (a booklet), or add manual pseudosteganography or pseudocrypto and be done with it. Now they move it to a device that hasn't physical security (because people carry it around with them when they go around, so it's easily lost or stolen), hasn't logical security (because phones are jailed and people install all sort of dubious apps, and it's all proprietary stuff most often) and has no network security (because SMS, when they use that, have been broken, and because SIMs are stolen with just social engineering). Whatever is used for 2FA should be practical to leave at home (you don't need to bank on the go, not always, anyway), something you can use with no matter what device or network (public library if you don't have internet at home) and as simple as possible to avoid vulnerabilities. If they want to replace the code card (or code booklet) with a small device, ideally something like Precursor with free software, that might be acceptable, but even that looks too complex. The whole idea of credit cards where you need to give your credentials to your counterpart and then keep watching if the charge is wrong to revoke it (and the merchant keeps watching whether the payments received are revoked) is backwards. The seller should give you an invoice with bank details and amount due and you should start a transfer with your bank. Or better yet, something like GNU Taler. The Big Brother risks will be there anyway with any clearing house, be it SEPA transfers, credit cards, GNU Taler or anything. Only cash can avoid that, because cryptocoins create more problems than they solve, even with banks competing so hard to create the most problems that they may one day force me to reconsider it... But to pretend to install code in your systems or even have your phone number is just to erode your privacy, not to secure anything. And, Jure Varlec: no, I don't think yours was a rant. It's a very reasonable complaint even if I can't help you about it, unfortunately. _______________________________________________ Discussion mailing list Discussion@lists.fsfe.org https://lists.fsfe.org/mailman/listinfo/discussion This mailing list is covered by the FSFE's Code of Conduct. All participants are kindly asked to be excellent to each other: https://fsfe.org/about/codeofconduct
