Quote:
Originally Posted by Izzle
I see. I have RBC set up where it will text me a code, which I then enter into the app.
Other websites that I usually frequent have something similar. Either they text me a code or they email me after I put in my password. I typically use my phone to access my email for the code. When I access Gmail on the computer, my android phone asks me to click "yes, it's me" before giving me access to Gmail on the computer.
|
The problem with the "texted code" syndrome is that it is the cheapest form of what they like to call Multi-Factor Authentication. It is known better as Two-Step Authentication...and is considerably at risk to a SimSwap.
As soon as someone performs a SimSwap on your phone account they have access to your actual phone number...and any code sent to it. So if your PC (or phone) get compromised, and then the attacker swaps sims....you're pooched. Banks don't care....they'll blame you and leave you to hang.
An Authenticator App is certainly better than a texted code...for anything.
Another approach is to start an account at voip.ms and create an SMS account that is NOT attached to your phone, and which can either send an message to your email or another phone (or both). I have friends doing this while out of the country without regular phone access.
And, FWIW, TD has finally issued an Authenticator App as well for their regular banking. Some banks ARE wising up.