But 2FA is moot if it’s the same device as your bank app, is it not?
replyIt is in the specific case that you don't have biometric or PIN login set up on the device and you use a password manager that doesn't require authentication. In that case, the only factor is "something you have". Otherwise, it is still a multi-factor authentication because the device itself still represents "something you have", and your device unlock represents "something you know" or "something you are".
replyYes. Please tell my bank that.
replyThey know. The EU directive is quite clear that hw tokens are to be preferred over phones. Banks are cheap though and violate it.
replyI would stop using bank requiring phone app to do banking, simple as that, both my main EU accounts use sms verification codes and extra password, which is fine with me. If they will require an app, they will lose customer.
reply2FA and Google SafetyNet are two completely different things. Your banking app can implement 2FA without SafetyNet.
reply