Try convincing your customers to all get a YubiKey... it's not fun. The majority of internet users are able to read an SMS on their phone and copy a code, however.
Try convincing your customers to all get a YubiKey... it's not fun. The majority of internet users are able to read an SMS on their phone and copy a code, however.
HSBC used to distribute hardware keys to its retail customers just a few years ago
These keys eventually stop working, need a new battery, etc. Instead of the onus being on the customer to "pull" a new one of these keys, it would be better if you "push" them ( mail a new one proactively every January 1st, give a $20 one-time service credit for activating it, and $5 a month credit for continuing to use it )
I had a hardware token for paypal 20 years ago
They could at least have it as an option. But, for some mysterious reason, of all the services I need a login for, banks tend to be the only ones at this point that don't support it at all.
seems like a small price to pay to prevent coughing up literal millions in fraud payments every year