In my country, we do. For starters, we use apps for authentication and notifications. We can debate whether web push is viable, but most banking apps simply do not rely on it. As for older people, I would rather they use an app than a website because it is far too easy to fall victim to phishing attacks, no matter how much we educate them.
OK continuing to play Devil's advocate: In my country my mom fell to a sophisticated spear phishing attack and whilst on the phone with the scammer and he leveraged her app's login to make it easier and more convenient to attempt to send her money via Zelle.
I wonder if there's really evidence to support that the app's protect you from phishing attacks.
I personally think notifications suck and are spam and not needed, and that we could make something new and better we don't have that today though. What do you use the bank authentication for in your country if you don't mind my asking?
I’m not sure about the formal evidence, but to me it’s quite straightforward. I installed the official banking apps on my parents’ phones and told them to use only those apps for banking. Nothing else.
If they use a website, they might mistype the URL or click on a fake link. They don’t really use bookmarks either. Even if they manage to reach the correct site or add it to their home screen, they still have to log in again each time they use it. The app removes all of that—they just tap one icon. Passkeys may improve web security, but they still have a long way to go for non-technical users.
Notification sucks, but overall I’m still in favor of it until we have something better. I’ve had to replace my credit card a few times due to fraud cases, and the same happened to my parents. Because we get instant notifications for every transaction or authentication attempt, we know immediately if something suspicious happens. That’s not really possible with web push, especially since our banks don’t support it.
Authentication is much better in the app as well. In the past, banks would ask lots of personal questions over the phone, which I’m no longer comfortable answering unless I made the call myself. With the app, the account is tied to one device, and biometric login makes it easy and secure. Any approval happens inside the app, which feels safer.
App is definitely not perfect, but for the majority of people (non-tech), it's just a lot easier and (unfortunately) safer for them.
Thank you. I had typed a response and hit hacker news post limits. So will just post I read this, and got a better understanding of this from this back-and-forth. Thanks.
I’m aware of the tweet that says otherwise, but until they update their legal documentation, it’s still not allowed.
> OAuth authentication (used with Free, Pro, and Max plans) is intended exclusively for Claude Code and Claude.ai. Using OAuth tokens obtained through Claude Free, Pro, or Max accounts in any other product, tool, or service — including the Agent SDK — is not permitted and constitutes a violation of the Consumer Terms of Service.
You cannot authenticate with anything but Claude Code and Claude.ai.
But you do not need to authenticate with Claude Agent SDK (even though you can using env variables).
When you authenticate with Claude Code (allowed), Claude Agent SDK works without any further authentication.
It's really annoying that people keep trying to make this complicated because the inevitable end result is that they remove authless usage of the Agent SDK and save themselves the headache.
I really hate Clawdb-Moltb-OpenC-NanoCode or whatever half-baked project the grifters are on this week for ruining a good thing for the rest of us.
Did you read the second part? The ToS explicitly says that using the Agent SDK with Pro/Max authentication is disallowed. There is no ambiguity or interpretation here.
You do not need to give Agent SDK any credentials (completely optional)
But honestly, this is the side of intentionally misunderstanding that's actually preferable so: "You're absolutely right! You can't use your subscription to build yet another vibeslop harness, please refrain from doing so."
The CLI needs work, or they should officially allow third-party harnesses. Right now, the CLI experience is noticeably behind other SOTA models. It actually works much better when paired with Opencode.
But with accounts reportedly being banned over ToS issues, similar to Claude Code, it feels risky to rely on it in a serious workflow.
Usually, it is already stated in their documentation (auth section). If a statement is vague, treat it as a no. It is not worth the risk when they can ban you at any time. For example, ChatGPT allows it, but Claude and Gemini do not.
Maybe I am missing something from the docs of your link, but I unfortunately don't think it actually states anything regarding allowing users to connect and use their Codex quota in third party apps.
From TFA: “OAuth authentication (used with Free, Pro, and Max plans) is intended exclusively for Claude Code and Claude.ai. Using OAuth tokens obtained through Claude Free, Pro, or Max accounts in any other product, tool, or service — including the Agent SDK — is not permitted and constitutes a violation of the Consumer Terms of Service.”
OpenAPI openly encourage users to use their subscription with their SDK and 3rd party tools like opencode, openclaw. Until they change it, they're still better than Anthropic subscription.
It is extreme cope from the Anthropic audience to claim its products and policies have shortcomings only because they are the best and that OpenAI would be as bad as they are if they were the ones in the lead
Fair point. What it really does for me is give me a better UX for having a bunch of parallel workstreams. I could achieve a similar effect thing with scripting, and maybe some clever ways of getting something like the sidebar for seeing the status of everything on a single pane. But Conductor packaged it up in a way that I found much improved over multiple Cursor or VSCode windows.
$20 is not useable, need $100 plan at least for development purposes. That is a lot of money for some countries. In my country, that can be 1/10 of their monthly salary. Hard to get approval on it. It is still too expensive right now.
Yeah it’s not obvious at first but a big project will cause usage to skyrocket bc of how much context it will stuff with reading files. I can use my $20 subscription’s 5 hour limit in mere seconds.
reply