Better than 2 factor authentication

my day job is corporate IT in finance for a national bank (international if you count the subsidiaries) - all of our internal systems use two factor authentication (several different 2fa systems). 2fa works just fine, nothing else is needed.

I personally would never store my biometric data on a computer or use that method for authentication.
 


theLegionWithin said:
my day job is corporate IT in finance for a national bank (international if you count the subsidiaries) - all of our internal systems use two factor authentication (several different 2fa systems). 2fa works just fine, nothing else is needed.

I personally would never store my biometric data on a computer or use that method for authentication.
Click to expand...

I don't know of any modern systems that store your biometric data. They store a key based on your biometric data, and that kis is compared with the data sent during the authorization part of the exchange.
 
Fingerprint readers are about the only biometric devices available for desktop/laptop Linux systems. Banks and other such sites commonly use biometric authentication methods for mobile devices, and the usual computers can also be used for that, if they're installed and working, but I don't think it would ever be acceptable to require them. A well-designed website should offer multiple means of 2-factor authentication, which can include physical keys, passkeys, text messages, and others. The clients should be able to choose which methods they want to use. I like using my Yubikey, but far too few sites allow their use. Passkeys are, IMO, the next best method, along with biometrics. I detest using text or email messages, but sometimes that's the only choice. Those sites need to improve their security.
 
KGIII said:
I don't know of any modern systems that store your biometric data. They store a key based on your biometric data, and that kis is compared with the data sent during the authorization part of the exchange.
Click to expand...
Unfortunately some banks do. Years ago I was asked if they (the bank) could store my voice on their system and I declined.
 
APTI said:
I never said we should go with fingerprint readers. In fact I never mentioned them. Let me constrain this a bit. Getting into your own systems should be however you want it. personally I prefer minimal security for my personal stuff.
What I am getting on is signing into banking or anything else. Those places that insist on more than just a password. That is where I am targeting.
Click to expand...
We could try to 'confront' our banks on this....however; most likely (I could be wrong/don't know until I ask) they will just give us push back or some other type of resistance and insist on their own way.

When we confront things we very quickly find out just how much we don't need them or that something.
 
You must log in or register to reply here.

Similar threads

S
Passkey (WebAuthn) authentication on Linux without external hardware keys
Replies
6
Views
3K
gvisoc
gvisoc
Condobloke
How to Spot Malicious Two-Factor Authentication Prompts
Replies
2
Views
775
wizardfromoz
wizardfromoz
Condobloke
One Million Two-Factor Authentication Codes Were Recently ExposedThis further underscores that SMS is the worst option for 2FA. (June 18, 2025)
Replies
15
Views
2K
KGIII
KGIII
Vimmer
Mac is simply not a better desktop environment than microsoft
Replies
18
Views
4K
Vimmer
Vimmer
osprey
an experience with reddit
Replies
15
Views
2K
Trml
Trml


Follow Linux.org

Members online

No members online now.
Total: 5,230 (members: 0, guests: 5,230)

Latest posts

Top