Hacker News new | past | comments | ask | show | jobs | submit login

OTOH it's much better if you're authorizing single operations.

My bank in Poland has a scheme where it sends me a one time password together with some details on every mutating operation I do (e.g. on a transfer it sends the amount and account number of the target account).

Then you travel to a country where your mobile provider isn't working and all of a sudden you can't buy an airline ticket. SMS verification is also a terrible user experience.

All banks in Sweden have a similar scheme. It sends a token and a description to your phone on any mutating or authenticating operation, you input your code, and it signs the token and sends it back to the bank.

The BankID app? Most banks also have hardware TOTP tokens.

True, most banks have both. But the hardware tokens seem to be dying, slowly.

Personally I consider the transaction description a pretty killer feature of Mobilt BankID compared to the hardware tokens.

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact