No Stupid Questions

2707 readers

11 users here now

There is no such thing as a Stupid Question!

Don't be embarrassed of your curiosity; everyone has questions that they may feel uncomfortable asking certain people, so this place gives you a nice area not to be judged about asking it. Everyone here is willing to help.

ex. How do I change oil
ex. How to tie shoes
ex. Can you cry underwater?

Reminder that the rules for lemmy.ca still apply!

Thanks for reading all of this, even if you didn't read all of this, and your eye started somewhere else, have a watermelon slice 🍉.

founded 2 years ago

MODERATORS

[email protected]

Is there a reason that mobile devices are considered more "trusted" than desktop/laptops? (lemmy.ca)

submitted 9 months ago by [email protected] to c/[email protected]

9 comments fedilink hide all child comments

I keep interacting with systems-- like my bank, etc.-- that require (or allow) you to add one or more trusted devices, which facilitate authentication in a variety of ways.

Some services let you set any device as a trusted device-- Macbook, desktop, phone, tablet, whatever. But many-- again, like my bank-- only allow you to trust a mobile device. Login confirmation is on a mobile device. Transaction confirmation: mobile device. Change a setting: Believe it or not, confirm on mobile device.

That kind of makes sense in that confirming on a second device is more secure... That's one way to implement MFA. But of course, the inverse is not true: If I'm using the mobile app, there's no need to confirm my transactions on desktop or any other second device, and in fact, I'm not allowed to.

But... Personally, I trust my mobile device much less than my desktop. I feel like I'm more likely to lose it or have it compromised in some way, and I feel like I have less visibility and control into what's running on it and how it's secured. I still think it's fairly trustworthy, but just not categorically better than my Macbook.

So maybe I'm missing something: Is there some reason that an Android/iOS device would be inherently more secure than a laptop? Is it laziness on the part of (e.g.) my bank? Or is something else driving this phenomenon?

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 1 points 9 months ago (2 children)

Not really, banks are simultaneously really smart and really stupid about security. They do incredibly annoying things that don't do anything or are negligible security wise all the time

Some bank apps won't work if they detect your phone is rooted for "security" when root just gives you the ability to grant administrative access to apps. And yet this is the default way desktops/laptops operate.

Some banks refuse to let you pick your own username and instead assigns you a number that's sometimes random and sometimes just your primary account number. Why? "Security" and just for even more "security" you have to wait for them to send you that info and a pin through snail mail

[–] [email protected] 1 points 9 months ago (1 children)

Administrative access, in many cases, allows malicious apps to read and/or modify data, even memory and executables, of other apps. This is pretty much impossible with non-rooted phones out of the box. While the root detection feature is somewhat annoying, it is absolutely not a stupid measure.

[–] [email protected] 2 points 9 months ago

The stupid part is they don't stop their websites from working on desktops when they detect it's being accessed with an administrative account.

If it was such a useful and important feature then why don't they all do it? In fact it seems it's mostly small time banks that do this. Most of the major ones I've used don't seem to care at all to even attempt to detect it (Capital One, BofA) or if they do, they just display an easily dismissible warning (USAA)

This tells me that this "important security feature" is just very low hanging fruit for smaller banks to pick so they can say they have good security with minimal investment. It's about as useful as that "unable to pick your own username" security thing I mentioned (which also seems to be only a smaller bank thing)

[–] [email protected] 1 points 9 months ago

Some bank apps won’t work if they detect your phone is rooted for “security” when root just gives you the ability to grant administrative access to apps. And yet this is the default way desktops/laptops operate.

And is the default state if you use a browser to access the website on your phone.