Path: ...!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: VanguardLH <V@nguard.LH>
Newsgroups: comp.mobile.android
Subject: Re: Codes sent by text message
Date: Wed, 13 Mar 2024 18:01:23 -0500
Organization: Usenet Elder
Lines: 63
Sender: V@nguard.LH
Message-ID: <hl3nh0scthys.dlg@v.nguard.lh>
References: <ush35k$2791b$1@dont-email.me>   <usj60d$2odtf$1@dont-email.me> <eaovbkx207.ln2@Telcontar.valinor> <uskdq1$30533$1@dont-email.me> <ehs1ckx25o.ln2@Telcontar.valinor> <uslrfo$3d85i$1@dont-email.me> <slrnuuufkq.2dnu.trepidation@vps.jonz.net> <uso5sl$3t2g9$1@dont-email.me> <usogor$2qg7$1@dont-email.me> <uspj7v$9u60$1@dont-email.me> <dh16ckxstg.ln2@Telcontar.valinor> <1xkfdi6umcwrp.dlg@v.nguard.lh> <uiu6ckxaub.ln2@Telcontar.valinor> <1p9miiflsgdlw$.dlg@v.nguard.lh> <ussvrc.12v0.1@ID-201911.user.individual.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Trace: individual.net QFtr2uxCZSGKZJf19opfLwl+rg86DBiWf7TdIIQpm3y2otbHAy
Keywords: VanguardLH,VLH
Cancel-Lock: sha1:8VyzbYIMrKhe6QOnY7xeVX8sBgk= sha256:oeiLh4qKq7VzfZDAdT8I6VGtAj243Nc/JqNxvbZTQog=
User-Agent: 40tude_Dialog/2.0.15.41
Bytes: 4511

Frank Slootweg <this@ddress.is.invalid> wrote:

> VanguardLH <V@nguard.lh> wrote:
> [...]
> 
>> I resist putting a bank app on my smartphone.  Anyone that has physical
>> access could get into my account using the .  My banks app says "Secure
>> your account with a 4-digit passcode or biometric on supported devices."
>> Sure wish the PIN were longer, like at least 8 digits, and more like a
>> password where I can use alphanumeric characters, capitalization, and
>> non-alphanumeric characters.  Or to use both a PIN *and* biometrics
>> (fingerprint sensor).
> 
>   I don't use a bank app on my smartphone either. No need, on-line
> banking on my laptop works just fine (with the bank's hardware TOTP
> device).

My bank does not offer a hardware-based TOTP device, like a Yubi key.
Mine is a community bank (no fees of any kind).  They're a bit behind on
technology.

>   *If* you use a bank app, of course you don't only have to protect the
> bank app with PIN/password/biometrics, but first of all have to protect
> the whole phone with PIN/password/biometrics. So your scenario of
> "Anyone that has physical access could get into my [bank] account" is a
> non-existing one, because physical access does not mean they can get
> 'in' your phone.
> 
>   Of course there is the theoretical scenario of someone getting hold of
> your phone while it is still unlocked - for example they grab it from
> your hands and run away -, but even in that scenario, any sensitive apps
> - such as your bank app - are still protected by their own PIN/password/
> biometrics.

Unfortunately my old LG V20 (c.2016) doesn't have an app lock feature.
I have it configured to lock after 1 minute of idle.  I am averse to
installing yet another app to put a lock on other apps, but I might have
to go that route.  Yet another nail in the coffin of my old phone to get
a new one.  However, I read that App Locker isn't available in every
smartphone.  For example, some Samsungs have it, but not all Samsungs.

Considering theft can incur violence, I could get knocked out, forced at
gun/knife point or by multiple assailants, dead, or the phone swiped
while I'm using it, and someone can still press my finger to the
fingerprint sensor.  A finger on a sensor is handy to unlock the phone,
but doesn't require the user is voluntarily using it.  Although I have
the fingerprint sensor configured to unlock the phone, it sometimes
still asks for my PIN to regain access probably to account for possible
theft of the phone, but the revert from fingerprint unlock to PIN unlock
is infrequent.

Never had to hand your phone to someone else to use it?  That's done all
the time when I get a grocery delivery, tell them I'll sign for it
(instead of them leaving it at the door for me to discover sometime
later), and the driver gives me their phone to sign for the delivery.
I've not yet been in the situation where I'm assualted for my phone, but
then security isn't about what has happened but what might happen.  It's
like anti-virus software: if you've been infected then too late, it's to
prevent infection later.

>   OTOH, if your name is 'Newyana2', *anything* goes! :-)

Isn't Newyana2 a later nym that Mayayana started using about Sep 2023?