Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> SIM-swapping has been a tactic used. Adding difficulty for fraudsters to trick unsophisticated banking customers is a valid security layer.

You fight SIM-swapping by outlawing the moronic practice of using SMS for anything security sensitive. Not by blocking user modified OSes.



What's the alternative that regular people will understand how to use and not get locked out of?


TOTP is pretty standard. Give the user backup codes and just use normal recovery methods. For most things that might be email. For a bank it's probably identity verification.


The vast majority of Vietnamese I know do not have an email account.

So that would be a dumb thing for a Vietnamese bank to use as a recovery method.


Email shouldn't be recovery for bank anywhere, you go to the bank for that. But TOTP is so user-hostile that I can see it causing too many recovery requests for the bank.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: