Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Bank of America uses insecure driver's license numbers for 2FA (twitter.com/brucedawson0xb)
22 points by shaggie76 on Sept 9, 2022 | hide | past | favorite | 5 comments


Haha, at least their bot reacted to the username mention...


OTOH they do support hardware security tokens for 2FA, and even require them for some operations.


Hardware tokens without the ability to disable SMS / email is quite useless.

On the iPhone, with Face ID enabled, I still need to wait for the text. That on its own is incredibly stupid because it is a protected device. To unlock it I had to put in a pin / Face unlock, and for the app I had to do another face unlock.

And I cannot do yubikey on the iPhone. it MUST be sms / call.


> Hardware tokens without the ability to disable SMS / email is quite useless.

I agree. On a desktop it's possible to bypass the hardware token and use the SMS which cannot be disabled AFAIU.

> And I cannot do yubikey on the iPhone. it MUST be sms / call.

Huh, did not know that. Not even the nfc version works?


Better drivers license than social security numbers right?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: