Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Eh, no? How does your provider know all your bank accounts? If at all, then the one you are using for billing - but the 2FA apps do not expose such data to the provider? The Apps communicate via HTTPS calls in the background?


I think they're implying they can glean all that information based on the 2fa codes you receive. eg. "your security code for First Bank Of HN is: xxxxxx"


Which don't contain the bank account number (at least in any 2FA I've ever received from a bank.)


Maybe they meant their provider has it for payment info. That would not be unusual in Europe.


I said bank account number. The one they use for billing.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: