Where I live having the app for 2FA is mandatory for online banking unless you can convince them to give you a hardware TAN generator. So transferring money is actually much less convenient in the browser because everything I do has to be confirmed with my pin in the app, so I might as well just do it in the app directly and only login on one device instead of two.
Of course this is actually "phone factor authentication" and not two-factor authentication, but I kinda need a bank account.
Ugh. Sorry to hear that. I use 1Password for TFA, and I haven't had to use an app.
When I first run an app, and it asks for access to camera, microphone, photos, calendar, contacts, and location, I tend to immediately plonk it; regardless of its purpose.
I have a PMB, and the store has an app that uses the phone to unlock the door, after hours.
There is a keypad, but that hasn't actually worked, in months, and the store has ignored my reports.
I just go there, during business hours, even though it's inconvenient.
I just recently started a job that uses 1Password, which I've used personally for years, but they also recommend the 2FA built into 1Password. It's incredibly convenient, and I "know" it's as secure or more secure than using my phone, but man I just haven't been able to get over that mental hurdle of putting all my auth eggs in that 1Password basket.
With a touch login on the phone and (say) google authenticator IMHO it's considerably less inconvenient to login into something online with the desktop than what Chase does to me. The phone is sitting right there anyway, and 6 digits to type in by hand is not that big a deal. I do it all the time.
I mean the bank's phone app. It is locked to one specific device and is the only possible method of authentication. I either need to use the app itself, or confirm every login and transaction in the app when using a browser.
> I solve that, by not doing banking with my phone.
Even though some scum corps like Chase make it a PITA to manage my account from a desktop through firefox, that's the only way I'm going to interact with them.
"Download the app!"
Hard no!
In fact these are the only apps I think that appear regularly on my phone, but only when I'm traveling: AirBnB, Uber/Lyft, and whatever airline I'm currently flying on next. I think if I'm crossing borders I've installed whatever gov spyware makes TSA/Global Entry easier. They're already groping me hard, why not.
LA Fitness gets to stay because it's dumb and silent. I don't see anything else not security related. On mobile I talk to the outside world with K-9, firefox, signal, whatsapp, sms. I'm happy.
> I then exit my current FF, and switch to it, and back again.
FWIW, you can also run multiple profiles simultaneously. They are independent processes, sharing no resources or permissions.
This is my model for difficult sites. If I'm really concerned, I use FF network config to allow access only to the domains I think are proper.
Although in the case of banking, I prefer to use the official mobile apps. Some are actually pretty good. Others are awful. But I trust the iOS app sandbox and I trust my banks.
I also block traffic at the network level, so if the bank app attempted something egregious (e.g. tracking via the basket of Internet deplorables), it would fail.
Social media and store loyalty apps are basically just PID harvesters.
In fact, I have a couple of solitaire games that are constantly nagging me to join leaderboards and take community challenges.
All my financial transactions are done with my Mac, which sits behind a fairly robust home network.
I know, for certain, that banking apps are the #1 first target, for hackers.