UBports Robot Logo UBports Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    The banking situation

    Scheduled Pinned Locked Moved Support
    28 Posts 13 Posters 5.3k Views 4 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
      Reply
      • Reply as topic
      Log in to reply
      This topic has been deleted. Only users with topic management privileges can see it.
      • D Offline
        domubpkm
        last edited by

        It is more than likely that no bank will invest a penny in software or a secure authentication solution for UT : they are making investments that affect the masses, not minorities.

        1 Reply Last reply Reply Quote 0
        • KenedaK Offline
          Keneda
          last edited by

          I used to access my bank account with morph, and it worked well.
          But since some months now, they added a 2FA login with a code sent by SMS.
          Problem is morph acting like i don't enter anything in the code field, resulting in failure due to "wrong code".

          What can i do?

          2015-2023 : Meizu MX4 ☠️⚰️✝️
          2023-2024 : Nexus 5 ☠️⚰️✝️
          2024-***** : FPOS Fairphone 5 waiting UT for freedom 😉
          🇲🇫🇬🇧

          D 1 Reply Last reply Reply Quote 0
          • D Offline
            domubpkm @Keneda
            last edited by domubpkm

            @keneda On the other hand, I am quite surprised that the sms authentication window doesn't work for you. Is the issue linked to your bank or specific to your MX4 smartphone... As idon't have this problem on BQ E5 HD.

            Edit : If you haven't already done so, I advise you to disable uadblock completely to see if this solves the problem.

            T KenedaK 2 Replies Last reply Reply Quote 0
            • T Offline
              tera @domubpkm
              last edited by tera

              What @Emphrath describes sounds like similar recent requirements i got for Government Cloud related security accesss where SMS is not acceptable anymore for 2FA: https://www.okta.com/resources/whitepaper/configuring-okta-for-fedramp-compliance/

              Some colleagues mentioned banks will have to transition soon/one day 😞

              Edit: see table at the top of the following page, SMS is considered "moderate" security: https://www.okta.com/resources/whitepaper/configuring-okta-for-fedramp-compliance/

              1 Reply Last reply Reply Quote 0
              • E Offline
                Emphrath @cliffcoggin
                last edited by

                @cliffcoggin Well actually that's what I'm going for in the discussiobs with my bank now, but they seemed to imply something truly scornful like: "this is for old people" and also it seems it works only for checking ur bank account. I'll look into other banks. @Flo This kind of secure environment surely can be replicated in UT, no ?

                1 Reply Last reply Reply Quote 0
                • FlaF Offline
                  Fla
                  last edited by Fla

                  I am facing a similar situation. I created an account in a bank and then received a letter asking me to download the HID Approve application on the Play Store or App Store.
                  I am then supposed to scan the QR code they send me to initiate the app, which will then give me a code each time I want to access my bank account.

                  Interestingly, they also gave me an ID, a code invitation and the "Service Address" which is taurus.pbgate.services:443/HIDCAF in case of "Manual synchronization".

                  Here is the content of the QR code btw: {"ver":"v4","url":"taurus.pbgate.services:443/HIDCAF","uid":"XXX","did":"XXX","dty":"DT_TDSV4","pch":"CH_TDSPROV","pth":"AT_TDSOOB","sec":"","pss":"XXXX"}

                  I searched a bit and found this gnome app which proposes a lot (probably around 500) of providers (@Emphrath maybe yours is in). Unfortunately, no trace of my bank or "HID".

                  Still, as I have the information to connect to the server, I feel like something can be done from our side to solve this problem.

                  E D 2 Replies Last reply Reply Quote 0
                  • E Offline
                    Emphrath @Fla
                    last edited by

                    @fla sadly, no qr code for me. Just the bloody app.

                    1 Reply Last reply Reply Quote 0
                    • D Offline
                      domubpkm @Fla
                      last edited by

                      @fla said in The banking situation:

                      a lot (probably around 500) of providers

                      Can you put the link of supported providers ? I can't find it. Thank you

                      FlaF bodqhrohroB 2 Replies Last reply Reply Quote 0
                      • AppLeeA Offline
                        AppLee
                        last edited by

                        Bank apps probably use TOTP or HOTP that should be no secret to give us (customers) an alternative way to generate this one-time-password so we can configure Authenticator-NG accordingly.

                        If I'm correct HOTP uses Android secure environment so this might be an issue for us.

                        But compliant solutions exist that we can use on UT, banks just don't like to be transparent about the technical solution they use.

                        E 1 Reply Last reply Reply Quote 0
                        • E Offline
                          Emphrath @AppLee
                          last edited by

                          @applee But the thing is they don't have to release any code at all ! I guess you can publish proprietary software on the openstore, can't you ?

                          flohackF 1 Reply Last reply Reply Quote 0
                          • flohackF Offline
                            flohack @Emphrath
                            last edited by

                            @emphrath You could, yes. At least we would find a way, there is no technical limitation.

                            My languages: 🇦🇹 🇩🇪 🇬🇧 🇺🇸

                            1 Reply Last reply Reply Quote 0
                            • flohackF Offline
                              flohack @cliffcoggin
                              last edited by

                              @cliffcoggin EU made it so that banks can choose which 2FA they offer. Some German banks still deliver physical devices as an alternative (which you have to pay), then my house bank still uses SMS.

                              But 95% of all banks in Austria moved to Android/iOS Apps, they are the cheapest form for them, no device, no SMS to pay for. The user pays for himself basically 😉

                              So I must say, I cannot really change to another bank, and hope that mine will not stop SMS codes soon...

                              My languages: 🇦🇹 🇩🇪 🇬🇧 🇺🇸

                              E 1 Reply Last reply Reply Quote 0
                              • Josele13J Offline
                                Josele13
                                last edited by Josele13

                                Is it possible that Morph can connect to a 2FA authentication key to validate with the bank?

                                Or would the banks not accept it?

                                https://mightygadget.co.uk/yubico-launches-lightning-compatible-hardware-2fa-security-key-the-yubikey-5ci/

                                https://www.yubico.com/

                                Regards...

                                Xiaomi Redmi Note 9 pro
                                Oneplus Nord 100
                                Xiaomi Redmi Note 7
                                Nexus 5
                                Bq E4.5 Ubuntu edition .... is dead

                                1 Reply Last reply Reply Quote 0
                                • G Offline
                                  Giiba
                                  last edited by

                                  Wouldn't it be possible for banks to do this the same way so many sites do? We have two authenticator apps on the store for UT, they work fine for Mozilla, Google, and other sites that do 2FA.

                                  I'm able to use my bank's website through Morph to do my banking without issue.

                                  flohackF 1 Reply Last reply Reply Quote 0
                                  • flohackF Offline
                                    flohack @Giiba
                                    last edited by

                                    @giiba Somebody told the banks that if its not executed in a trusted, secured environment its not safe. So, a web TOTP or whatever will not be accepted. And they have a point with that. The Secure Execution Environment in Qualcomm SoCs is much better than doing nothing. Also signed app, signed OS, signed everything xD

                                    My languages: 🇦🇹 🇩🇪 🇬🇧 🇺🇸

                                    1 Reply Last reply Reply Quote 0
                                    • E Offline
                                      Emphrath @flohack
                                      last edited by

                                      @flohack well, after some calls with my bank it seems i'm going with one of these physical gadgets ^^

                                      1 Reply Last reply Reply Quote 1
                                      • FlaF Offline
                                        Fla @domubpkm
                                        last edited by

                                        @domubpkm I didn't find the list either, but I still have the app installed, tell me the one you are looking for and I'll confirm to you if it's there.

                                        1 Reply Last reply Reply Quote 0
                                        • bodqhrohroB Offline
                                          bodqhrohro @domubpkm
                                          last edited by

                                          @domubpkm https://2fa.directory/

                                          LakotaubpL 1 Reply Last reply Reply Quote 0
                                          • KenedaK Offline
                                            Keneda @domubpkm
                                            last edited by

                                            @domubpkm
                                            Sorry for such late answer...
                                            Disabling uAdblock worked for website, however, soon they'll force customers to use their banking app to pay online so, i'll be in this "banking situatiin" the OT thread describes.

                                            2015-2023 : Meizu MX4 ☠️⚰️✝️
                                            2023-2024 : Nexus 5 ☠️⚰️✝️
                                            2024-***** : FPOS Fairphone 5 waiting UT for freedom 😉
                                            🇲🇫🇬🇧

                                            D 1 Reply Last reply Reply Quote 0
                                            • LakotaubpL Offline
                                              Lakotaubp @bodqhrohro
                                              last edited by Lakotaubp

                                              @bodqhrohro Hello and welcome to UBports. Just a quick point, posting a link without any explanation looks a bit like spam. You might also find this link useful https://ubports.com/meet-the-community

                                              1 Reply Last reply Reply Quote 0
                                              • First post
                                                Last post