Sign in / up

back to article CommBank app leaks 2FA tokens says Sydney dev

Sydney programmer Stuart Ryan has chipped Australia's dominant retail bank, the Commonwealth Bank, for allowing two factor authentication codes to be viewable on locked iPhones. The bank sends authentication tokens over push notifications on iOS devices, rather than SMS for users who had activated the second factor account log …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Sanctimonious Prick
    Mushroom

    Corrections

    Hey! Are my "corrections" e-mails going straight to your trash?

    0 0 Reply
  2. Phil Kingston

    Personally, I'd say displaying the code's a good thing. Some folks seem to want to tip the balance between security and practicality to the extreme.

    An attacker would still have had to "obtain their banking credentials, passed identification checks and stole a victim's iPhone". Anyone that determined is going to get access to your account. But for the vast majority of users, that 2FA is still a thousand times more effective than not having 2FA.

    0 1 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like