Exactly. Any organization whose MFA doesn’t work on Aegis, I take action to protect myself from their incompetence.

That’ll surely end their business. /s

I’m sure they claim that. But I still recognize it as simple incompetence. They aren’t able or willing to hire someone with the Cybersecurity expertise to implement a relatively simple open specification.

Just out of curiosity: What percentage of the population is capable of running Graphene/Aegis? What percentage, regardless of capability, is willing to do so?

Creators of popular OSS regularly warn about downloading their stuff elsewhere or pay for it. How do you think that would apply to any 2FA application?

Now think of how stupid the average person is, and realize half of them are stupider than that. (love some George Carlin). Given that even (very) stupid people have and need bank accounts: How would you implement an authentication that can’t easily be compromised to ripp off stupid people?*

* Let’s just assume that you, the lead developer, are not at all “incompetent”, quite the opposite. Also take into consideration that you need to keep cost down (hint: That means you want no one to call support because of 3rd party applications!).

Well, they have a kind of 2FA since at least 30 years, long before rolling tokens were all over the place. Their latest implementations are as simple to use as Steam 2FA. If a bank isn’t able to implement a proper 2FA login there’s a ton of other security issues to worry about. Lastly, I think by using their own implementation/app they prevent their customers from using compromised apps.

I don’t know about the US but on this side of the pond banks have their own 2nd factor apps. So to log in to a bank’s website you need an app - quite probably with play integrity.