> Banks have no clue about 2FA/ MFA, they will happily put the bank app and the custom TOTP generator/ "key"-app on the same phone or, as a fallback, send SMS to the same phone the bank app is on.
This. My bank in France, BNP, does that. Every so often, when I connect to the app on the phone, it says something similar to "in accordance with <some regulation> a strong authentication must be made every <number> of sign-ins". You're presented with only one button that says something like "ok". You press it, and you're in business.
This is after requiring me to type in my pin, which must be precisely 6 digits, and some sequences are forbidden, so you can't type 1234 or similar. It doesn't seem to interact with the secure enclave in any way.
If this number of sign-ins is reached while I'm on a PC (which is the most likely), it'll send a confirmation request on the phone, so at least it works there. When paying online, I'll also get a confirmation request on the phone app.
On my professional account, with the same bank, the situation used to be exactly the same. But a few months ago, they switched away from that to sending a confirmation code via SMS for bank transfers. Credit card payments still have the app confirmation request.
This. My bank in France, BNP, does that. Every so often, when I connect to the app on the phone, it says something similar to "in accordance with <some regulation> a strong authentication must be made every <number> of sign-ins". You're presented with only one button that says something like "ok". You press it, and you're in business.
This is after requiring me to type in my pin, which must be precisely 6 digits, and some sequences are forbidden, so you can't type 1234 or similar. It doesn't seem to interact with the secure enclave in any way.
If this number of sign-ins is reached while I'm on a PC (which is the most likely), it'll send a confirmation request on the phone, so at least it works there. When paying online, I'll also get a confirmation request on the phone app.
On my professional account, with the same bank, the situation used to be exactly the same. But a few months ago, they switched away from that to sending a confirmation code via SMS for bank transfers. Credit card payments still have the app confirmation request.