Some baking apps want a lot of permissions, including privacy sensitive ones.
Maybe they should split themselves in a small, non-intrusive app that allows payment confirmation, and fatter (hopefully less intrusive than now) app for account management.
For now, I try to avoid these apps as they are single points of failures.
ING had a great TAN code system on paper. It hardly had any side-channel attack vectors, and by putting some copies in geographically distinct locations, you had good and safe back-ups too.
It looks like the successor is a single point of failure: only one scanner device per account holder is possible.
Let’s see what the future will bring.
Related:
- [WayBack] Roderick Gadellaa on Twitter: “@ingnl Ik begrijp dat jullie gaan stoppen met TAN codes. Juich ik toe, 2FA met sms is behoorlijk lek. Maar nu moet ik jullie app gaan gebruiken. Ik werp 1 blik op de permissions die jullie app wil en denk: Neen.… “
- [WayBack] ING Nederland on Twitter: “er blijft zeker een alternatief bestaan, meer hierover is via deze link te lezen: https://t.co/gSCwYUG2JM ^Sabrina… “
- Bevestigen met de ING scanner – ING – Mobiel en internetbankieren (cannot be archived, see [WayBack/Archive.is]
Opdrachten bevestigen in Mijn ING verandert. De TAN-code stopt. Mobiel bevestigen wordt de standaard. Heb je geen smartphone of tablet? Dan ga je een ING Scanner gebruiken.
- [WayBack] “Apps like Google Authenticator or 1Password are much more convenient and secure” One problem that I start to see more often is that a lot of governmen… – Roderick Gadellaa – Google+
- [WayBack] Major SMS security lapse is a reminder to use authenticator apps instead – The Verge: 26 million customer texts were exposed
–jeroen