2025 and Banks Still Get Authentication Wrong: A Case Study
2025-05-13
In 2025, the author experienced a frustrating authentication failure with TD Bank. Disabling their Canadian SIM card for international travel rendered them locked out of their online banking, highlighting the flaws in SMS-based 2FA. Even the bank's proprietary authentication app required an SMS code to log in, creating a circular dependency. The author criticizes the widespread use of outdated and insecure SMS-based 2FA in banking, advocating for modern, user-friendly alternatives like passkeys, TOTP support, and hardware security keys. This incident underscores the urgent need for banks to prioritize both security and usability in their authentication systems.
Tech
bank security