It's 2025–Why Are Banks Still Getting Authentication So Wrong?
a year ago
- #banking
- #authentication
- #cybersecurity
- TD Bank's reliance on SMS-based 2FA locked the author out of their account while traveling abroad.
- SMS-based 2FA is insecure, vulnerable to interception, SIM swapping, and phishing attacks.
- Proprietary OTP apps from banks like TD offer marginal security improvements but poor usability.
- Modern authentication should include passkeys, TOTP support, hardware security keys, and secure recovery paths.
- Banks' outdated authentication methods harm users and undermine trust, with no improvements seen over years.
- The article calls for banks to adopt better, user-friendly authentication standards.