• @[email protected]
    link
    fedilink
    English
    6910 days ago

    The problem for me is that most Canadian Banks give you the choice of SMS or their shitty adware filled bank app that relies on Google Play Services and wont implement TOTP so I can use a true MFA app. And Im done with being forced to accept user policies I don’t agree with to do shit, and most of all done with Google Play Services on my device 😑

    • @[email protected]
      link
      fedilink
      English
      2110 days ago

      Adding to this that my Canadian bank just updated their app and it doesn’t work with my older phone. So my only option is to use online services with SMS/call verification.

      It’s such a joy to know that my bank, who made $40.670 billion last year, takes care of every customer equally.

    • @[email protected]
      link
      fedilink
      English
      149 days ago

      This is the main reason I switched to Fidelity here in the US. It’s a brokerage, but it does basic bank things, like checks, debit card, etc, and they support SymantecVIP, which works w/o Google Play Services. TOTP support really isn’t that hard, I don’t understand why banks are so slow in adopting it…

      • @[email protected]
        link
        fedilink
        English
        119 days ago

        The issue is, banks are only going to do what they’re required to do by law. The government is run by dinosaurs who don’t know what computers are, let alone what TOTP is.

        • @[email protected]
          link
          fedilink
          English
          129 days ago

          No, they’re only going to do what they’re required to do by their insurance. The law is an option, but if insurance costs go way up if they don’t have proper MFA, they’ll get MFA.

      • @dogma11
        link
        English
        4
        edit-2
        9 days ago

        Thanks for this…I might be opening a Fidelity account…

        • @[email protected]
          link
          fedilink
          English
          49 days ago

          They’re fantastic. :)

          The only negative stories I’ve heard are from people who really push the boundaries, like people day trading and whatnot. If you’re a regular user looking for a bank alternative, you should be good.

          Just know their branches don’t really have any banking services, so you can’t go there to withdraw or deposit cash, get a cashier’s check, etc. I keep an account w/ a local institution and transfer money as needed for banking services.

          • @[email protected]
            link
            fedilink
            English
            2
            edit-2
            9 days ago

            I had a negative experience when initially setting up my account, because of TikTok. This group of kids who called themselves “Fidelity Boyz” discovered that you could deposit a fake check and immediately withdraw the money.

            So many people did this that they had to severely lock things down. For most customers, money transferred in either via check or via ACH pull (telling Fidelity to take the money from an account at another bank), was subject to a 16 business day (three weeks and one day) hold. Direct deposits (e.g. paychecks) were not affected, and ACH pushes (when you tell another bank to send the money to Fidelity) were eventually fine too.

            It was a big pain. The money I transferred was in limbo for a long time, after I had already switched all my auto-pays over to Fidelity, so I had to switch them all back until the money cleared.

            Now that that’s over, it’s great. I love that they reimburse ATM fees worldwide, and I’m a big fan of their basket portfolios product since it makes it so easy to rebalance a portfolio. Saves me from having to manually do a bunch of calculations, and I love that it has a fixed monthly price instead of being percentage based like roboadvisors.

        • @[email protected]
          link
          fedilink
          English
          09 days ago

          I’ve got one. It’s nice. The cash is automatically invested in a money market account, which is a bit like a high yield savings account.

      • @[email protected]
        link
        fedilink
        English
        29 days ago

        In case you weren’t aware, Symantec VIP is just TOTP-OATH in a fancy coat. You can extract the secret and use it with any TOTP app. I use Authenticator Pro (now called Stratum) because it’s open-source and has a watch app.

      • @[email protected]
        link
        fedilink
        English
        19 days ago

        Now you’ve got me wondering about this for Canada. Would be a pita to move mortgage and investments, but there must be a better way than the big banks.

    • @[email protected]
      link
      fedilink
      English
      119 days ago

      My bank prides itself being the first in the country to support yubikeys for 2fa. I was so happy until i learned it’s just for logging in, transactions are still confirmed by SMS or their app. And security experts all say it’s better this way, using a regular 2fa solution would be insecure because you wouldn’t know what you’re confirming.

      There really is no hope.

        • @[email protected]
          link
          fedilink
          English
          49 days ago

          I’m not defending that madness, but that device doesn’t show who is the recipient. The argument was that this is protection against phishing sites pretending to be a bank, proxying your connection but sending it to a different recipient.

          Makes one wonder how much the user has to fuck up to end in such a scenario, and of it’s really worth transmitting everyone’s financial data in almost plain text over the air for this

    • @[email protected]
      link
      fedilink
      English
      8
      edit-2
      8 days ago

      Should be illegal to put ads in something as crucial to day-to-day life as a banking app.

      If it’s not illegal, then everyone is going to do it and we won’t have the “choice” that crapitalists love to tout so much.

      • @[email protected]
        link
        fedilink
        English
        1
        edit-2
        8 days ago

        Its supposed to be illegal for banks to be in “sales” but my wife was working for BMO and they were forcing her to prioritize outbound cold calls ans upselling products the customer didnt need and would clearly be bad for their financials as a Personal Banking Assistant. The conflict of interest was so great it stressed her right the fuck out and she had to take leave and start therapy. Her MS also spiked likely due to the stress levels. She was there to help people, and she made the bank earn loyal customers and they willing got more products from the bank because she helped them. She was the top performer at the bank if she just let her do the job she was there to do, but instead her boss started ragging on her daily about her cold calling numbers and forcing her to cancel necessary appointments and focus time to deal with customer requests and instead prioritize sales.

        In the end her numbers dropped, her customer satisfaction dropped, and her MS got worse from the stress and she’s now on long term leave, uncertain if she’ll recover her focus and able to go back to work. Her neurologist has said she cannot go back for now.

        Not sure how that bullshit helped the bank, but I can sure see how I didn’t, and I may be wrong but I think there are laws against it.

        Also worth noting that this change in tactics happened right at the same time BMO took all their “we’re here to help” signage down. Brings so many memories of Google dropping the “don’t be evil”. Everything that came after in both cases was shit.

        EDIT: Oh looks like CBC did an article on this now because it is so prolific. https://www.cbc.ca/news/business/banks-upselling-go-public-1.4023575

      • @[email protected]
        link
        fedilink
        English
        6
        edit-2
        9 days ago

        They support USB hardware tokens… but only for the website. Everything else is SMS which kinda defeats the point.

        Annoyingly, other than Vanguard, they are the only financial institution to support USB FIDO tokens

        • DankOfAmerica
          link
          fedilink
          English
          18 days ago

          in my experience, FIDO tokens suck. I have to around 10 times every time I use one to log in.

            • DankOfAmerica
              link
              fedilink
              English
              15 days ago

              I don’t think so. It was on three seperate computers. I also used two FIDO keys, both identical. Maybe they’re of poor quality, so it could be that. Any recommendations on a reliable FIDO key?