If a bank isn’t able to implement a proper 2FA login there’s a ton of other security issues to worry about.
Exactly. Any organization whose MFA doesn’t work on Aegis, I take action to protect myself from their incompetence.
Lastly, I think by using their own implementation/app they prevent their customers from using compromised apps.
I’m sure they claim that. But I still recognize it as simple incompetence. They aren’t able or willing to hire someone with the Cybersecurity expertise to implement a relatively simple open specification.
Y’all are welcome to risk your money there. It’s probably insured anyway, right?
For me, that’s too much risk. Even if insurance makes me whole, getting robbed is a huge pain.
Exactly. Any organization whose MFA doesn’t work on Aegis, I take action to protect myself from their incompetence.
That’ll surely end their business. /s
I’m sure they claim that. But I still recognize it as simple incompetence. They aren’t able or willing to hire someone with the Cybersecurity expertise to implement a relatively simple open specification.
Just out of curiosity: What percentage of the population is capable of running Graphene/Aegis? What percentage, regardless of capability, is willing to do so?
Creators of popular OSS regularly warn about downloading their stuff elsewhere or pay for it. How do you think that would apply to any 2FA application?
Now think of how stupid the average person is, and realize half of them are stupider than that. (love some George Carlin). Given that even (very) stupid people have and need bank accounts: How would you implement an authentication that can’t easily be compromised to ripp off stupid people?*
* Let’s just assume that you, the lead developer, are not at all “incompetent”, quite the opposite. Also take into consideration that you need to keep cost down (hint: That means you want no one to call support because of 3rd party applications!).
The credit union mplements (purchases from a competent vendor) their own custom branded standards compliant MFA solution.
This is what competent organizations already do.
Because the app is standards compliant, experts use Aegis instead of the branded app. Everyone else sticks with the branded app.
Also because the app is standards compliant, provided by a specialized vendor, and occasionally being used in unusual ways by expert users, serious security mistakes are much less likely to happen, and less likely to only be noticed by attackers.
I don’t expect my credit union to tell me to use Aegis - I expect them to use a credible MFA vendor that interoperates correctly when I do use Aegis.
Exactly. Any organization whose MFA doesn’t work on Aegis, I take action to protect myself from their incompetence.
I’m sure they claim that. But I still recognize it as simple incompetence. They aren’t able or willing to hire someone with the Cybersecurity expertise to implement a relatively simple open specification.
Y’all are welcome to risk your money there. It’s probably insured anyway, right?
For me, that’s too much risk. Even if insurance makes me whole, getting robbed is a huge pain.
That’ll surely end their business. /s
Just out of curiosity: What percentage of the population is capable of running Graphene/Aegis? What percentage, regardless of capability, is willing to do so?
Creators of popular OSS regularly warn about downloading their stuff elsewhere or pay for it. How do you think that would apply to any 2FA application?
Now think of how stupid the average person is, and realize half of them are stupider than that. (love some George Carlin). Given that even (very) stupid people have and need bank accounts: How would you implement an authentication that can’t easily be compromised to ripp off stupid people?*
* Let’s just assume that you, the lead developer, are not at all “incompetent”, quite the opposite. Also take into consideration that you need to keep cost down (hint: That means you want no one to call support because of 3rd party applications!).
This is actually a solved problem:
The credit union mplements (purchases from a competent vendor) their own custom branded standards compliant MFA solution.
This is what competent organizations already do.
Because the app is standards compliant, experts use Aegis instead of the branded app. Everyone else sticks with the branded app.
Also because the app is standards compliant, provided by a specialized vendor, and occasionally being used in unusual ways by expert users, serious security mistakes are much less likely to happen, and less likely to only be noticed by attackers.
I don’t expect my credit union to tell me to use Aegis - I expect them to use a credible MFA vendor that interoperates correctly when I do use Aegis.