A new European initiative dubbed UnifiedAttestation aims to build a free and open-source alternative to Google’s Play Integrity checks. The initiative is backed by smartphone maker Volla, while other partners include /e/OS maker Murena and the team behind iodé OS. The feature will be distributed under an Apache 2.0 license.
Actually i have been thinking about it and i do believe that it should be done for computers, actually. Like, an attacker could super easily steal your login credentials when they get 10-15 minutes with your computer once. They could do that by booting a custom OS, modifying some of your operating system’s system files to install a keyboard tracker or sth, and then just wait for you to enter your password.
I believe it’s actually why some banks i know don’t allow login anymore if you’re not using their Android apps to verify the login.
Secure boot for PCs has been a thing for a long time now. Many Linux distributions support it.
Yea, i know no bank that allows login in browser with only basic auth. All use some proprietary 2FA app with fancy QR codes (colour pixel or similar). Funnily, many banks then offer SMS based 2FA in order to restore…
Like make hard and secure login but reset option is old SMS thingy spoofable since… ever?
Bank apps are the worst. So much SMS 2FA. Faux security. Fuck banks.
Ally, capital one, chase support browser login with basic auth, and sometimes SMS 2fa. I’ve never used a mobile bank app
doesn’t work for me. i have to request paper letter sent to my home address with the new password, which i have to change after the first login.