Curses, Symantec. Won't someone think of the poor penguins?
guigirl last edited by
@Catweazle What, wait, huh? You mean ... do stuff in an analogue way? Euw!
IBM... they have both feet firmly lodged in the big banks
Here the banks were all running OS/2 well, until close to 2010...
forcing their customers to use a specific security software
Well they say they "Recommend you use..." as they use the same system... As the consumer, if something happens to an account, one doesn't want be holding the muddy end of the stick.
Catweazle last edited by
@guigirl , YESSS and most of the money under the mattress
I personally don't use any business or institution that requires installation of Microsoft Windows or an Android app that relies on Google Play Services / is only available in the Play store.
The only way we can persuade institutions to support other platforms is to vote with our feet. It's an inconvenience at times but the alternative is to surrender and compromise your own principles and choice.
Years ago my bank recommended Trusteer and it brought my Losedows system to its knees and was almost-impossible to remove, whilst simultaneously never being clear on what exactly it did. I think it also clashed with the antivirus I was using at the time, and when faced with a choice of anything or Norton, anything else wins hands-down for me all day long.
I never have a problem with software availability on AOSP or various flavours of Linux. There's a tool to do everything I need. Anything that's not available I don't miss.
My bank uses SMS 2FA, and whilst it's more vulnerable than a proper 2FA app such as Aegis, I'm happy to use it as it's still more secure than no 2FA at all. As was pointed-out further along this thread, they'd have to get both your login credentials AND initiate a SIM swap on your phone. In short, you'd have to be targeted specifically - in which case getting-in to your online banking will only be part of your worries.
Another thought I've had, that may be of use: My bank also allows me to use a card reader as 2FA - you put one of your bank cards in it, enter your pin and the code on screen, and then type the code that the card-reader says back in to the web site. One solution might be to activate your bank account with a SIM card that you only use for that bank and nothing else, and always leave at home in a safe place - and then use your card/card-reader as your main form of 2FA. If the phone number is unique to your bank, it's less likely that a crook would get hold of it and try to initiate a SIM swap.
Regarding mobile apps, the latest updates of my bank's app won't work without Google Play Services, so I've stopped using it and now solely use the web site. Additionally, I noticed that Exodus Privacy gives their app a pretty terrible score for analytics, ads and trackers. Why a bank would include such security-risks in their own app is beyond me. There should be no third-party code in such a security-critical program.
IMHO nothing is worth the drop in security, privacy and freedom that you suffer by installing Microsoft Windows, Apple iOS or an Android build that still contains Google Mobile Services. A "security" solution that requires such things, requires you to lower your security.