Path: ...!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail From: Frank Slootweg Newsgroups: comp.mobile.android Subject: Re: Codes sent by text message Date: 13 Mar 2024 18:47:02 GMT Organization: NOYB Lines: 31 Message-ID: References: <1xkfdi6umcwrp.dlg@v.nguard.lh> <1p9miiflsgdlw$.dlg@v.nguard.lh> X-Trace: individual.net /cgk91ud6A94vNZT9Di+Lg92bpuI7C5lSz6C7YZ7+G0m/Ho98z X-Orig-Path: not-for-mail Cancel-Lock: sha1:6yaCIGTeyFWqckzDRjUeeaGeJk0= sha256:9MjEG/FGkq0SdOeIrZLhIbgX9t/Z+If/sul27ZHgeSk= User-Agent: tin/1.6.2-20030910 ("Pabbay") (UNIX) (CYGWIN_NT-10.0-WOW/2.8.0(0.309/5/3) (i686)) Hamster/2.0.2.2 Bytes: 2559 VanguardLH wrote: [...] > I resist putting a bank app on my smartphone. Anyone that has physical > access could get into my account using the . My banks app says "Secure > your account with a 4-digit passcode or biometric on supported devices." > Sure wish the PIN were longer, like at least 8 digits, and more like a > password where I can use alphanumeric characters, capitalization, and > non-alphanumeric characters. Or to use both a PIN *and* biometrics > (fingerprint sensor). I don't use a bank app on my smartphone either. No need, on-line banking on my laptop works just fine (with the bank's hardware TOTP device). *If* you use a bank app, of course you don't only have to protect the bank app with PIN/password/biometrics, but first of all have to protect the whole phone with PIN/password/biometrics. So your scenario of "Anyone that has physical access could get into my [bank] account" is a non-existing one, because physical access does not mean they can get 'in' your phone. Of course there is the theoretical scenario of someone getting hold of your phone while it is still unlocked - for example they grab it from your hands and run away -, but even in that scenario, any sensitive apps - such as your bank app - are still protected by their own PIN/password/ biometrics. OTOH, if your name is 'Newyana2', *anything* goes! :-) [...]