I left Tangerine once they started to force SMS 2fa and fought hard to avoid it. Wealthsimple has support for authenticator 2FA which is nice. I looked a year or so ago and I couldn’t find another bank that doesn’t force SMS 2fa
Banks don’t want security, they want plausible deniability. If they say they sent a code to your phone, that’s the end of it for them. They can say it was up to you to secure your phone number then.
Its seriously embarrassing how bad our banks are at security. I’ve complained before and got the response “well you are covered if anything happens to your account”, they didn’t seem to understand when my response was “but I don’t want to have to deal with arguing to get my money back”
Stuff like this is exactly what I was worried about.
The other thing that banks so that really annoys me is they say “don’t share your password to anyone” and then only give the option of a 3rd party company that you provide your login to in order to link accounts between banks. What happens if one of those businesses gets hacked? Would they reject claims because you gave them your account details?
Wealth simple wanted my Tangerine password to link the accounts. I didn’t because I was afraid of that exact thing. I’m pretty sure it’s in the fineprint/TOC/Whatever it is that as soon as you provide your password to the 3rd party the bank isn’t liable anymore.
As much as I don’t like LTT, this video is interesting on cell hijacking
https://m.youtube.com/watch?v=wVyu7NB7W6Y
I left Tangerine once they started to force SMS 2fa and fought hard to avoid it. Wealthsimple has support for authenticator 2FA which is nice. I looked a year or so ago and I couldn’t find another bank that doesn’t force SMS 2fa
Banks don’t want security, they want plausible deniability. If they say they sent a code to your phone, that’s the end of it for them. They can say it was up to you to secure your phone number then.
RBC doesn’t force SMS 2FA, if you don’t mind having their app on your phone.
Its seriously embarrassing how bad our banks are at security. I’ve complained before and got the response “well you are covered if anything happens to your account”, they didn’t seem to understand when my response was “but I don’t want to have to deal with arguing to get my money back”
Stuff like this is exactly what I was worried about.
The other thing that banks so that really annoys me is they say “don’t share your password to anyone” and then only give the option of a 3rd party company that you provide your login to in order to link accounts between banks. What happens if one of those businesses gets hacked? Would they reject claims because you gave them your account details?
Wealth simple wanted my Tangerine password to link the accounts. I didn’t because I was afraid of that exact thing. I’m pretty sure it’s in the fineprint/TOC/Whatever it is that as soon as you provide your password to the 3rd party the bank isn’t liable anymore.
Same as PIN numbers.
As recent history has shown, it isn’t “if”, it’s “when”, alas.
(This kind of BS is exactly why I do all my banking in person.)
Vancity has OTP 2FA as an alternative, I think they added that sometime last year which I really appreciate.