This should be far more secure and privacy friendly than a Sim card of a cellular connection. Why isn’t this done more often? What are the Pros and Cons. I bet the price is similar as well.
This should be far more secure and privacy friendly than a Sim card of a cellular connection. Why isn’t this done more often? What are the Pros and Cons. I bet the price is similar as well.
90% of American commercial services that is.
Online services or many/most European services have more proper 2FA (TOTP, app-based, card reader OTP, etc…)
Can you name me an EU bank that doesn’t demand a phone number to signup?
Unfortunately, PSD2 doesn’t support TOTP and other strong 2FA solutions, so they all appear to require phone numbers. This is one area where EU is worse than US
My EU bank never ever used my phone number to verify anything. They only used it to contact me on some occasions. 2FA is done through their app.
Oh, right, their closed source app. Thats allowed. So it requires a phone.
So the OTP is still transmitted to satisfy the requirements of PSD2. But TOTP (a more secure system that doesn’t transmit the OTP at all) is not allowed.
That is a completely separate issue from the above commenter.
Also an issue, but indeed a separate issue from using unsecure SMS as TOTP.
I don’t follow. Banks are required to use insecure SMS for OTPs by PSD2