@onfy @wallhackio Works for me, I guess (though I insisted on getting a separate "TAN generator" device instead of using smartphone because smartphones were a mistake and also I don't trust them not to block LineageOS)

@vaporeon_ @wallhackio my experience, you get phone (sms or sometimes voice) authentication codes, or a proprietary app that explicitly doesn't use any standard type of 2fa and can't be substituted for a program of your choice

and that probably doesn't work if you have a custom rom or rooted phone (might test this once my phone isn't a timebomb)

@onfy @wallhackio So your bank doesn't have the "dedicated separate device" option? Like one of these things: https://de.wikipedia.org/wiki/Datei:SmartTAN_optic-Gadget.jpg

@vaporeon_ @wallhackio i can't afford one (?) but no. i've never even seen one of those though it most resembles an interac reader to me

@vaporeon_ @wallhackio ...i should note, an interac reader is what you'd find at a store where you pay, though they are used for authentication in a strange way

@vaporeon_ @wallhackio usually here, you can't use your card for online payments until you make a physical purchase using the card reader with your card's chip and pin

so using the reader is used for verification that you possess your card (mostly relevant when the bank mails you a new card, in case the mail is intercepted... which has more potential to happen now that it's being outsourced to random 3rd parties!)

@vaporeon_ @wallhackio like seriously a few months ago mom needed a new card, and it was delivered by the equivalent of a doordash driver who just tossed it on the porch. lots of opportunity for theft there

@onfy @wallhackio The model that I have apparently costs 23€. The bank website shows me a QR code on the computer, then I stick my card into this device and I use it to scan the QR code, and the device generates a 6-digit number (the TAN) which I then enter on the website, so that it lets me log in.

@onfy @wallhackio I believe you can also have models which don't use QR codes, and also there's a way to get the codes on paper, I think? No clue how that works... The device that I have works with QR codes...

@vaporeon_ @wallhackio hardly matters anyway, only site i can think of that had real 2fa was stripe, which i'm not allowed to use anymore, so it's irrelevant...

(i was using a program on my computer for the 2fa codes)

@onfy @wallhackio So your bank does not have 2FA?

@vaporeon_ @wallhackio they have a shitty app and phone codes (which are compulsory)

@onfy @wallhackio Ugh

I'm so glad that at least this bank allows me to do it without phone at all, just with this device

@vaporeon_ @wallhackio whenever you use phone codes you also get a popup that says "download our authentication app!"

@onfy @wallhackio How does that work? How can a code sent by SMS make phone display a pop-up?

@vaporeon_ @wallhackio flow:
website prompts for code
receive code
enter code
after entering code site says "download our app for a faster experience" or whatever, button to download app, tiny button to dismiss popup
finally you get to access your account

@onfy @wallhackio Oh
So it's the website being nasty and displaying pop-ups...

@vaporeon_ @wallhackio the internet was a mistake

@vaporeon_ @onfy I have never heard of this before, I have no idea if my bank has one

@wallhackio @vaporeon_ TAN might be a system exclusive to europe, the banks there give a lot more of a shit (low bar for the usa indeed)

@wallhackio @vaporeon_ @onfy i have never heard of this befur and i am immensely jealous