• pinball_wizard@lemmy.zip
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    4 hours ago

    If a bank isn’t able to implement a proper 2FA login there’s a ton of other security issues to worry about.

    Exactly. Any organization whose MFA doesn’t work on Aegis, I take action to protect myself from their incompetence.

    Lastly, I think by using their own implementation/app they prevent their customers from using compromised apps.

    I’m sure they claim that. But I still recognize it as simple incompetence. They aren’t able or willing to hire someone with the Cybersecurity expertise to implement a relatively simple open specification.

    Y’all are welcome to risk your money there. It’s probably insured anyway, right?

    For me, that’s too much risk. Even if insurance makes me whole, getting robbed is a huge pain.

    • hessenjunge@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      3 hours ago

      Exactly. Any organization whose MFA doesn’t work on Aegis, I take action to protect myself from their incompetence.

      That’ll surely end their business. /s

      I’m sure they claim that. But I still recognize it as simple incompetence. They aren’t able or willing to hire someone with the Cybersecurity expertise to implement a relatively simple open specification.

      Just out of curiosity: What percentage of the population is capable of running Graphene/Aegis? What percentage, regardless of capability, is willing to do so?

      Creators of popular OSS regularly warn about downloading their stuff elsewhere or pay for it. How do you think that would apply to any 2FA application?

      Now think of how stupid the average person is, and realize half of them are stupider than that. (love some George Carlin). Given that even (very) stupid people have and need bank accounts: How would you implement an authentication that can’t easily be compromised to ripp off stupid people?*

      * Let’s just assume that you, the lead developer, are not at all “incompetent”, quite the opposite. Also take into consideration that you need to keep cost down (hint: That means you want no one to call support because of 3rd party applications!).