Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
stop68025yI dont like the additional security requirements too. Its so slow because the system was designed to send all transaction at a specific time once a day. Everything else is grown.
-
endor56665y@stop don't get me wrong, I'm all in favor of security. But I want a proper implementation, not this bullshit that my bank is doing.
Security questions stopped being a thing a decade ago, and they've implemented their own app for TOTP instead of telling people to use an already existing one (like Google Authenticator or Authy or whatever).
I can't even check my bank account right now, because I'm forced to add a security question to my account, but whenever I try it fails with some "unknown error", so I'm stuck in this limbo until they fix their shit.
It's so ridiculous, because doing things properly would be both safer and *easier*, but for some fucking reason it's as if nobody in the banking sector has never even heard of modern security implementations.
It doesn't even make financial sense, because rolling your own security systems is so much more complicated than using something that already exists and is battle-tested.
So what's the fucking point of all this crap? -
stop68025y@endor i need an tan at every login, regardless of accessing over web or HBCI/FINTS. Security issues are not PSD2 compliant because the password/PIN and security issues both come from the Knowledge category. It should be something from the category possession (HBCI card or debit card with card reader as tan generator) or biometrics. I have an tan generator with usb access and an psd2 compatible banking-program that can talk with the generator. So i need only 4 clicks to authorize the transaction at the generator.
-
endor56665y@stop yeah, tell that to my bank. They specifically introduced security questions as a mandatory recovery option *for* the PSD2 update.
And it doesn't even work properly. They're so stupid. -
For me the only things that has changed is that I need a TAN for signing in (not just for executing transactions) unless it's a recognized device (like the app on my phone). There are no security questions nor have there been.
Related Rants
Whoever came up with the PSD2 can get fucked up their ass by all the cocks in the world combined.
Whoever fucked up the new security implementations so bad can get fucked up their ass by all the spiked, rusty, aids-contaminated metal poles in existance.
And whoever allowed all this to happen and approved it should take all the nukes in the world, shove them all up their worthless holes, and detonate them all at once.
Fuck you.
Die in a fire.
Sincerely,
Someone who's failing harder and harder every day to not lose faith in what little good there is in humanity.
rant
security questions
minutes to load a page
psd2