home | list info | list archive | date index | thread index

Re: 2FA on same device as application that is to be secured?

  • Subject: Re: 2FA on same device as application that is to be secured?
  • From: "Ian E. Gorman" <iegorman [ at ] gmail [ dot ] com>
  • Date: Tue, 15 Jul 2025 01:19:55 -0700
I once tried to convince RBC that a https link did not provide security
when the link was in a http page.

Ian G

On Mon, Jul 14, 2025 at 6:06 PM Eric Marceau via linux <
linux [ at ] linux-ottawa [ dot ] org> wrote:

> John, I agree with your perception of things!
>
> I buck every instance of 2FA that forces an App via SmartPhone, for the
> simple fact that
>
>    - I do not have a smartphone,
>    - I do not want a smartphone, and
>    - my landline is a more secure identifier that I am not a fraudster.
>
> If they want to send me a code, they need to send it to my Home Phone!!!
>
> If not, then my email is the only alternative. 🙂
>
>
> Eric
>
>
> On 2025-07-14 18:37, Nash JC - NCF via linux wrote:
>
> I noticed that CIBC/Simplii announced that my email (with NCF) isn't from
> a "company or
> educational institution" so could not be used for 2FA codes. I haven't
> actually used that,
> preferring SMS or the 2FAS authenticator. When I contacted them, they now
> say NO email
> for sending such codes. They are wanting people to use push notifications,
> which I can
> see as a useful tool for some people, depending on their connectivity
> status.
>
> In email exchanged, I get the feeling they recommend setting up push to
> the SAME device
> where their banking app is installed.
>
> Am I missing something, or is this a really stupid idea? I've always
> considered the
> central idea of 2FA is to have at least 2 completely independent channels
> for verification.
>
> I note RBC makes a (very slight) mention of an "alternative" device. TD
> even has a separate
> 2FA authenticator app. I suspect a time-based one. They hint at separate
> device. However,
> I really think there's a lot of playing footsy with security in the web
> pages.
>
> JN
>
>
> To unsubscribe send a blank message to linux+unsubscribe [ at ] linux-ottawa [ dot ] org
> To get help send a blank message to linux+help [ at ] linux-ottawa [ dot ] org
> To visit the archives: https://lists.linux-ottawa.org
>
>

-- 
______________________________________________________________________________
Ian Earl Gorman | //www.gorman.ca/ | //web.ncf.ca/iegorman/
//github.com/iegorman/ | //www.linkedin.com/in/iegorman/