cross-posted from: https://slrpnk.net/post/15995282

Real unfortunate news for GrapheneOS users as Revolut has decided to ban the use of ‘non-google’ approved OSes. This is currently being posted about and updated by GrahpeneOS over at Bluesky for those who want to follow it more closely.

Edit: had to change the title, originally it said Uber too but I cannot find back to the source of ether that’s true or not…

  • Aceticon@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    7
    arrow-down
    1
    ·
    edit-2
    11 months ago

    Those little boxes are just a bit of hardware to let the smartchip on the smartcard do what’s called challenge-response authentication (in simple terms: get big long number, encode it with the key inside the smartchip, send encoded number out).

    (Note that there are variants of the process were things like the amount of a transfer is added by the user to the input “big long number”).

    That mechanism is the safest authentication method of all because the authentication key inside the smartchip in the bank card never leaves it and even the user PIN never gets provided to anything but that smartchip.

    That means it can’t be eavesdropped over the network, nor can it be captured in the user’s PC (for example by a keylogger), so even people who execute files received on their e-mails or install any random software from the Internet on their PCs are safe from having their bank account authentication data captured by an attacker.

    The far more common two-way-authentication edit: two-channel-authentication, aka two-factor-autentication (log in with a password, then get a number via SMS and enter it on the website to finalize authentication), whilst more secure that just username+password isn’t anywhere as safe as the method described above since GSM has security weaknesses and there are ways to redirected SMS messages to other devices.

    (Source: amongst other things I worked in Smart Card Issuance software some years ago).

    It’s funny that the original poster of this thread actually refuses to work with some banks because of them having the best and most secure bank access authentication in the industry, as it’s slightly inconvenient. Just another example of how, as it’s said in that domain, “users are the weakest link in IT Security”.

    • jagged_circle@feddit.nl
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      11 months ago

      You had me until banks are secure. Most banks use 2FA over SMS. All banks in the EU require a phone number for PSD2 requirements.

      With GPG and TOTP support, its been easier to secure s Facebook or google account better than 99% of bank accounts

      • Aceticon@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        4
        ·
        11 months ago

        I literally said 2FA over SMS is not secure because of weaknesses in the GSM protocol.

        It’s still more secure than username + password alone, but that’s it.