If anything, they'd eventually deny access from desktop, forcing everyone to login via the fully manages mobile devices without any user freedom.
Some banks are already getting there btw, as their preferred 2fa is a companion app... One small step away from making that the only option, effectively denying access to anyone without a locked down mobile device.
You can apply for an HSBC Global Money Account if you have: […] The HSBC UK Mobile Banking app (Global Money is only available via the app)
From https://www.hsbc.co.uk/current-accounts/products/global-mone...
What are you doing that you need to use your banking app daily?
It seems like a once a month affair. Pay the bills, take some cash out of the account, and you're done. Online shopping just needs a credit card, no apps required.
Any limitations to access to banking is serious f**ed. Makes me want to use cash.
The app is required for two-factor authentication.
I requested it after they updated their Android app to have a check for pin-code enablement. Sailfish OS doesn't report it via the Android AppSupport system, so it was blocked before I grabbed an older build via Aurora and disabled it from updating. If it ever stops working, I'll only use the token. Once that stops working, I will switch banks.
And I have to agree, sadly. We've been inching towards that over the years, and it's entirely possible banks cease providing regular web access to their accounts (which this would necessitate).
But I think there will always be at least some banks that will have web frontend, so you'll just have to be pickier.
When I complained repeately that this was forcing me into an American or Chinese ecosystem, they said that no one cares and I'm a minority :-(.
For the desktop, you need the phone for the 2FA.
Ah, and it can only be installed in one device at the same time :D Don't have your phone available? Bad luck for you
I neither like nor understand this restriction. It makes device failure / loss / theft a much more difficult experience to recover from than it would otherwise be. The device should be throwaway. I specifically keep old phones in case something happens to the new one.
WhatsApp is probably the stupidest example of only being able to be on a single device (but I'm forced to use WhatsApp for one specific purpose, so I already resent it). Signal does the same thing, so maybe it's related to the E2EE that WhatsApp licensed from Signal...
that's not really an artificial limitation but a design choice. They don't store your messages, only deliver them. Once the message is on your device, it's gone from their servers, like old POP3 mail.
As is with all two factor, but don't point that out, or the "but muh security" bros will shout you down.
Google started doing this for Gmail. To use Gmail on my laptop, I need to approve it with Gmail on my phone. I never signed up for this. I’m now afraid if I delete the Gmail app from my phone that I’ll lose access to my email.
I hate the direction “security” is taking us. It’s done in the name of security, but it feels more like blackmail to get and keep the company app on your phone.
One huge fear I have no is breaking my phone while away from home and getting locked out of everything.
I was on vacation several years ago and broke my phone (the only time I’ve ever done that), and got lucky in several ways. I had a 2nd work phone with me. I was able to use that to call an Uber to get to an Apple Store; I was lucky to be in a city with an Apple Store. Then I got lucky again that I was able to talk Apple into giving me a replacement right there instead of a repair, they happened to have a single phone in stock to do that with. Then I got lucky yet again when I went to set it up, because I had an iPad with me by dumb luck, which was able to do my Apple 2FA that I didn’t sign up for.
If I go somewhere with just my 1 phone and no second device… I’m thinking I need to setup and bring a bunch of recovery codes, which has its own risks. My plan would be to cryptically write them down and put them in a money belt, as if those got into the wrong hands I’d be screwed.
I really don’t know what people do who only have a phone and nothing else. It seems they would always have this risk.
Thankfully I don't actually rely on PayPal for anything serious, but there are artists whose commission I like to pay, and being able to actually pay them would be nice. :/
Phone apps are generally significantly more trusted because of the fact you can’t install malware that steals the session token, and they can do a Face ID check before any risky operations.
If this actually goes through, there will be no option in the mobile OS market for an OS that both:
a) allows the installation of apps without any contractual relationship with any party, and
b) allows the use of mainstream and secure apps like banking