this post was submitted on 04 Apr 2024
1020 points (98.8% liked)

linuxmemes

21378 readers
1304 users here now

Hint: :q!


Sister communities:


Community rules (click to expand)

1. Follow the site-wide rules

2. Be civil
  • Understand the difference between a joke and an insult.
  • Do not harrass or attack members of the community for any reason.
  • Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
  • Bigotry will not be tolerated.
  • These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
  • 3. Post Linux-related content
  • Including Unix and BSD.
  • Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.
  • No porn. Even if you watch it on a Linux machine.
  • 4. No recent reposts
  • Everybody uses Arch btw, can't quit Vim, and wants to interject for a moment. You can stop now.
  •  

    Please report posts and comments that break these rules!


    Important: never execute code or follow advice that you don't understand or can't verify, especially here. The word of the day is credibility. This is a meme community -- even the most helpful comments might just be shitposts that can damage your system. Be aware, be smart, don't fork-bomb your computer.

    founded 1 year ago
    MODERATORS
     
    you are viewing a single comment's thread
    view the rest of the comments
    [–] davidgro@lemmy.world 8 points 7 months ago* (last edited 7 months ago) (2 children)

    Web browsers.

    Edit: Nevermind, I don't know what this even is.

    [–] Chewy7324@discuss.tchncs.de 10 points 7 months ago (1 children)

    At least in the EU web browsers don't allow for authenticating transactions (beyond a limit of e.g. 30€). Either an additional authenticator app or a standalone card reader is mandatory.

    Luckily my banking apps work flawlessly on GrapheneOS and even microG, likely because of they care about the bootloader being locked again.

    [–] davidgro@lemmy.world 2 points 7 months ago (1 children)

    I guess I don't know what you mean by "authenticating transactions".

    [–] Chewy7324@discuss.tchncs.de 7 points 7 months ago (1 children)

    Online transactions require a second factor which displays the actual amount to be transferred. This works by either an app which receives the transaction data (recipient, how much) over the network, or a device which takes the bank card and is used to scan something similar to a qr code. The device then displays the transaction data.

    This makes sure a fraudulent site can't easily change the amount or the recipient of a transaction, even if they somehow made an identical website (or close enough).

    For remote transactions (e.g. online payments), the security requirements go even further, requiring a dynamic link to the amount of the transaction and the account of the payee, to further protect the user by minimising the risks in case of mistakes or fraudulent attacks.

    https://www.ecb.europa.eu/press/intro/mip-online/2018/html/1803_revisedpsd.en.html

    It's not perfect, especially with people using a banking app and the second factor app on the same device for convenience sake.

    [–] davidgro@lemmy.world 2 points 7 months ago

    Interesting. If they do that in the US some day, I would absolutely much rather buy that device than unroot my phone.

    [–] rollingflower@lemmy.kde.social 5 points 7 months ago (2 children)

    Not for authentication. No idea if this is not a thing, but banks here in Germany all have their weird proprietary TOTP app that checks if your device is rooted or now even if it is a "Google certified OS".

    You can use some weird hardware device instead with the obvious drawbacks.

    [–] SmoothLiquidation@lemmy.world 4 points 7 months ago (1 children)

    My favorite thing is when banks don't allow passwords that have spaces in them or are more than 12 characters long.

    Honestly there should be a standard of what security means, like how passwords are stored and how TOTP is implemented, and if a bank doesn't implement it then THEY are responsible for any "identity theft" that happens on their site, not the users.

    [–] rollingflower@lemmy.kde.social 2 points 7 months ago

    Looking at you, fucking Paypal.

    Or yes, my bank wanting only numbers not even letters.

    Literally the only passwords I dont have in Firefox.

    [–] MonkderDritte@feddit.de 3 points 7 months ago* (last edited 7 months ago)

    all have their weird proprietary TOTP app

    But don't support standards like WebAuthn or even FIDO 2.