I’m lucky my banking app works (GrapheneOS), as it’s now requiring 2FA with the app anytime I login on the browser. Can’t use an actually secure form like TOTP. At least they now allow passwords over 8 characters (yes, serious).
(Meme in comments)
This post is against Rule 6, but I’ll leave it up this time since there are a decent amount of discussion here now.
[email protected], please remove the image when you can. You can post it in the comments.
At least they now allow passwords over 8 characters (yes, serious).
Are you 100% certain they don’t just truncate your password to 8 characters?
I’ve seen a website that silently truncated my password during a password reset, but then wouldn’t truncate it during login. It took me a while to figure out why my password never worked.
Name & shame please
What, do you think banks have the money for storing all those extra unnecessary characters? MS Access databases are only so powerful.
I hate this so much!
My bank is like that and another horrible thing is that after you choose your password (which can be long and complex) you need to choose a 6 DIGIT restore code incase you forgot your password…
Why is is my BANK so bad at security??
And they all develop their own shitty app for 2FA (the lazy ones just rebrand SecureGo as their own - you still have to install all of them separately) instead of using the 15 year old TOTP standard. The latter is good enough for tiny companies like Google and Amazon but what do they know about itsec, right?
Heath Ledger started banking here in the year 2000. Only movie producers have debit cards right and all actors are on a cash only basis and actors are cannibals that rob and eat their prey.
I mean you all weren’t ripping or watching Hollywood movies on the internet right? Because that’s just a cheap way for producers to store things so there isn’t giant dvd and vhs recording machines. Taking up space in print shops. Printing t shirts just went on because that blonde chick in ten things I hate about you did acting as a source of income and because it was an art but she preferred real art but didn’t see selling statues as a source of income or steady income. Sometimes large durable good purchases weren’t supported in capitalism. So it was T shirt printing and that genre of music that took place during those years. They’d all run around stabbing and killing all these other people as like a cult. The world was somewhat French back then.
And simulations are just used for movie production so that actors don’t miss their cues or start eating things and robbing and killing each other on the set.
Heath Ledger is kidnapped not dead, if he didn’t die as his stage name or other self then hepatitis b does this to him, and that’s why there was glucose in Mountain Dew and potassium in everything else as a preservative and no one could really eat natural foods or supposedly natural cheeses and butter. And that’s one thing I hate about you.
sorry, what ?
Magisk plus DenyList luckily works for my banks. Couldn’t imagine not having a rooted phone.
Beat the main purpose of GrapheneOS. Open the phone to a broad lot of security issues.
What are the security issues? Rooted just means the potential to give trusted apps root access. Of course, if you give an app root access that you trust but is then abusing that trust and being malicious, yes it’s a security issue. But if you don’t do that, the simple fact of having a rooted phone should have no security change in any way. (Ok, except for potential bugs in Magisk/su or whatever)
GrapheneOS is made by diva developers who frankly should not be trusted. “We only allow Google phones to run our OS!” as if they don’t have a backroom deal with Google.
Proove us that you can get better security while remaining able to be fully modified with other phones and brands. https://www.privacyguides.org/en/android/#divestos
Privacy Guides has a bit of a sordid history of their own diva behaviour.
Just higher standards.
Nah they’ve been accused of biases.
Graphene only works for Pixel phones, and I don’t want a Google device.
thats fair. device support is a major downside of GOS. but, remember: its not really the fault of the OS, as it requires a lockable/unlockable bootloader, which only pixel phones provide (at least in terms of mainstream phones). blame the OEMs like samsung
There are a ton of unlockable bootloaders. On my OnePlus that’s a matter of flipping a switch in the settings.
which only pixel phones provide (at least in terms of mainstream phones)
Mainstream phones? Pixel is a smaller market share than Motorola, and Motorola has unlockable bootloaders, and lineage supports a fair number of them.
I thought Google owned Motorola, but I missed the sale to Lenovo ten years ago.
Lenovo owns Motorola. Lenovo being chinese is somewhat a security risk.
Non-rooted phones are just like iPhones. Ewww…
Agree, don’t get why you are being downvoted.
🚨 Improper use of meme format 🚨
wait really? :/
I’m pretty sure panel 2 and panel 4 should have the same text
deleted by creator
TOTP is not secure
What’s wrong with TOTP?
Phishable. Use FIDO2 (webauthn) with user verification (pin, fingerprint)
I moved to a bank that allows non google phones and let my previous bank know why I left.
Why are you licensing your comments
Because they think it matters. Same as people posting on Facebook some legalese saying “Facebook doesn’t have the rights to my stuff.”. They think that by slapping a copyright “claim” on their stuff that they supercede the agreements of the platform and somehow protect their comments from being scrapped by bots/advertisers, etc. All it really does is add a little “this guy is probably a sovereign citizen type” sign to every post they make.
