> something you have (phone) and something you are (face), OR something you have (phone) and something you know (passcode).
Thank you for breaking it down like this. The bottom line is that if you don’t have your phone, you can’t access your accounts. That is a massive risk factor - particularly while traveling. That tells me that passkeys and password managers are not a viable security solution.
Exactly, your phone can break or get stolen any time. Plus I just don't want to limit myself to a single device.
Unfortunately in Germany almost all banks force you to use an unmodified phone (so no de-Googled) Android as the 2FA. There are other solutions like code generators but they require extra payment.
Buy an older iPhone for ~$150. Install financial apps on it and don't use it for anything else. Keep it in a safe place, only carry it around if you must.
If you need to manage non-trivial amounts of money through your phone, having a specific device to do that is a no-brainer.
Is the risk that someone's going to steal my phone, forcibly hold it to my face, and wire my money somewhere? So far I've known two close friends who got mugged, the robber didn't think of this. Last time I tried intentionally wiring a large amount of money to someone, it took forever and involved tons of approval.
It's common in London, phones are being stolen for the access to financial accounts, not the value of the phone itself. They steal the phone out of your hands while it is unlocked. For example:
https://www.bbc.com/news/articles/cy8y70pvz92o.amp
I'm not sure exactly how they get around security features, perhaps by social engineering customer support, if they have enough PII.
Uhm yeah in order to actually wire money in my banking app I need to input a fingerprint. Smart people developed these apps banks are not stupid.
Obviously people can still kidnap you and torture you but that's no different from before smartphones.
Maybe if it's a random Android phone with Cash App