Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Keep up the fight. I've tried this with banks, who are keen on forcing Android/iPhone apps on everyone. Should hopefully be easier to get a public entity to provide non-proprietary 2fa implementations.


To be fair, it’s easier and more convenient to just tell the user to download their own app than having to set up any other 2FA service.

Authentication has been a solved problem for decades but no bank is going to ask the general public to use their SSH keys.


The question is whether something standard like TOTP is also offered as an option (regardless of how "dark-patterny" it is to get to the option --- I've seen services that will heavily push their own app, but if you look carefully you'll see TOTP too, often disguised as "Google Authenticator" or something else that doesn't explicitly say TOTP but actually is.)

Authentication has been a solved problem for decades but no bank is going to ask the general public to use their SSH keys.

Nor ask them to put their smartcard in the reader, although many banks will already have given one to their customers...


British banks issued EMV card readers and used them for authentication from around 2005 to 2010, 2015-ish.

It looks like some still provide this to customers who can't use other methods.


Your bank allows apps? Luxury!




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: