John, I agree with your perception of things!
I buck every instance of 2FA that forces an App via SmartPhone, for the
simple fact that
* I do not have a smartphone,
* I do not want a smartphone, and
* my landline is a more secure identifier that I am not a fraudster.
If they want to send me a code, they need to send it to my Home Phone!!!
If not, then my email is the only alternative. 🙂
Eric
On 2025-07-14 18:37, Nash JC - NCF via linux wrote:
I noticed that CIBC/Simplii announced that my email (with NCF) isn't
from a "company or
educational institution" so could not be used for 2FA codes. I haven't
actually used that,
preferring SMS or the 2FAS authenticator. When I contacted them, they
now say NO email
for sending such codes. They are wanting people to use push
notifications, which I can
see as a useful tool for some people, depending on their connectivity
status.
In email exchanged, I get the feeling they recommend setting up push
to the SAME device
where their banking app is installed.
Am I missing something, or is this a really stupid idea? I've always
considered the
central idea of 2FA is to have at least 2 completely independent
channels for verification.
I note RBC makes a (very slight) mention of an "alternative" device.
TD even has a separate
2FA authenticator app. I suspect a time-based one. They hint at
separate device. However,
I really think there's a lot of playing footsy with security in the
web pages.
JN
To unsubscribe send a blank message to linux+unsubscribe [ at ] linux-ottawa [ dot ] org
To get help send a blank message to linux+help [ at ] linux-ottawa [ dot ] org
To visit the archives: https://lists.linux-ottawa.org