On 2016-07-01 09:08, Uzair Shamim wrote:
On 06/30/2016 08:09 AM, Carlos E. R. wrote:
On 2016-06-29 21:41, Uzair Shamim wrote:
On 06/29/2016 03:34 PM, Carlos E. R. wrote:
It is usually done with numerical pins, and these have to pass a check at creation time. Not the login pin, but the one used on operations.
Ah okay, I thought you meant the passwords to login :) The real thing that would help banks is using 2FA but it doesn’t seem like any in my country care about that, they are too busy being stuck in the 90s (https://twofactorauth.org/).
Now that I think, I think I have seen it with that second pass, that you get on the phone via SMS.
Ah but 2FA over SMS is not so great (still better than no 2FA though)! https://www.wired.com/2016/06/hey-stop-using-texts-two-factor-authentication...
I can't read it. I get a banner: "Here’s The Thing With Ad Blockers" That's is, they use intrusive commercials, I block them, and they retaliate by not displaying the content. So I click on the "book" icon. Yes, of course, if they convince your supplier to change the phone number, you are sold. Huh, hacking into SS7! That's very dangerous. I wondered why they didn't do it before. They need placing "towers", though. Yes, interesting article. I have seen one bank issue the 2FA with an android APP. Now Iknow why. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)