So what, let's not worry about it until after it's implemented when it's a 10,000 kg gorilla, instead of trying to nip it in the bud now? Is the world going to end tomorrow so lets just eat, drink and be merry for tomorrow we die?
Now is the time to fight this. It will impossible to unravel it once it's been implemented.
> Most banks have barely implemented 2FA, and when they have, they implement SMS.
One reason I slightly swallow my guilt at having a savings account with Goldman Sachs (marcus.com) is that they offer email-based 2FA. I closed my savings accounts at Chase when they enforced SMS-only 2FA.
BTW, I feel slightly less guilty about saving with these banks instead of my actual credit union after my brother-in-law (who has been in the CU world for decades) told me that if a credit union can't offer competitive savings rates, it means they are lacking in opportunities for significant local lending.
That's the problem. They do implement things, and they do them in the worst possible way.
My bank forces me to 2FA trough SMS when I connect from a new IP range. This means that I can't do any banking through them when I'm outside of my country.
I wish they just didn't implement any form of 2FA instead. That would be better than the current situation.
The only financial provider I have that supports anything other than backdoors is Vanguard with U2F support.
Shit, AMEX still lowercases your passwords before (hopefully) hashing them.
We got plenty of time for those mandates to occur ;)