I once tried to convince RBC that a https link did not provide security when the link was in a http page. Ian G On Mon, Jul 14, 2025 at 6:06 PM Eric Marceau via linux < linux [ at ] linux-ottawa [ dot ] org> wrote: > John, I agree with your perception of things! > > I buck every instance of 2FA that forces an App via SmartPhone, for the > simple fact that > > - I do not have a smartphone, > - I do not want a smartphone, and > - my landline is a more secure identifier that I am not a fraudster. > > If they want to send me a code, they need to send it to my Home Phone!!! > > If not, then my email is the only alternative. 🙂 > > > Eric > > > On 2025-07-14 18:37, Nash JC - NCF via linux wrote: > > I noticed that CIBC/Simplii announced that my email (with NCF) isn't from > a "company or > educational institution" so could not be used for 2FA codes. I haven't > actually used that, > preferring SMS or the 2FAS authenticator. When I contacted them, they now > say NO email > for sending such codes. They are wanting people to use push notifications, > which I can > see as a useful tool for some people, depending on their connectivity > status. > > In email exchanged, I get the feeling they recommend setting up push to > the SAME device > where their banking app is installed. > > Am I missing something, or is this a really stupid idea? I've always > considered the > central idea of 2FA is to have at least 2 completely independent channels > for verification. > > I note RBC makes a (very slight) mention of an "alternative" device. TD > even has a separate > 2FA authenticator app. I suspect a time-based one. They hint at separate > device. However, > I really think there's a lot of playing footsy with security in the web > pages. > > JN > > > To unsubscribe send a blank message to linux+unsubscribe [ at ] linux-ottawa [ dot ] org > To get help send a blank message to linux+help [ at ] linux-ottawa [ dot ] org > To visit the archives: https://lists.linux-ottawa.org > > -- ______________________________________________________________________________ Ian Earl Gorman | //www.gorman.ca/ | //web.ncf.ca/iegorman/ //github.com/iegorman/ | //www.linkedin.com/in/iegorman/