I’m lucky my banking app works (GrapheneOS), as it’s now requiring 2FA with the app anytime I login on the browser. Can’t use an actually secure form like TOTP. At least they now allow passwords over 8 characters (yes, serious).
(Meme in comments)
This post is against Rule 6, but I’ll leave it up this time since there are a decent amount of discussion here now.
lseif@sopuli.xyz, please remove the image when you can. You can post it in the comments.
At least they now allow passwords over 8 characters (yes, serious).
Are you 100% certain they don’t just truncate your password to 8 characters?
What, do you think banks have the money for storing all those extra unnecessary characters? MS Access databases are only so powerful.
I’ve seen a website that silently truncated my password during a password reset, but then wouldn’t truncate it during login. It took me a while to figure out why my password never worked.
Name & shame please
Magisk plus DenyList luckily works for my banks. Couldn’t imagine not having a rooted phone.
Beat the main purpose of GrapheneOS. Open the phone to a broad lot of security issues.
What are the security issues? Rooted just means the potential to give trusted apps root access. Of course, if you give an app root access that you trust but is then abusing that trust and being malicious, yes it’s a security issue. But if you don’t do that, the simple fact of having a rooted phone should have no security change in any way. (Ok, except for potential bugs in Magisk/su or whatever)
Graphene only works for Pixel phones, and I don’t want a Google device.
thats fair. device support is a major downside of GOS. but, remember: its not really the fault of the OS, as it requires a lockable/unlockable bootloader, which only pixel phones provide (at least in terms of mainstream phones). blame the OEMs like samsung
There are a ton of unlockable bootloaders. On my OnePlus that’s a matter of flipping a switch in the settings.
Non-rooted phones are just like iPhones. Ewww…
Agree, don’t get why you are being downvoted.
🚨 Improper use of meme format 🚨
🦴💥 Bone Hurting Juice detected 💥🦴
wait really? :/
I’m pretty sure panel 2 and panel 4 should have the same text
THIS MOTHERFUCKER MEMED WRONG
I moved to a bank that allows non google phones and let my previous bank know why I left.
Why are you licensing your comments
Because they think it matters. Same as people posting on Facebook some legalese saying “Facebook doesn’t have the rights to my stuff.”. They think that by slapping a copyright “claim” on their stuff that they supercede the agreements of the platform and somehow protect their comments from being scrapped by bots/advertisers, etc. All it really does is add a little “this guy is probably a sovereign citizen type” sign to every post they make.
TOTP is not secure
What’s wrong with TOTP?
Phishable. Use FIDO2 (webauthn) with user verification (pin, fingerprint)