The issue with TOTP here is it can only provide a 6-digit code, whereas an app can show for example "Do you want to authorise $6.21 at McDonalds?" before sending a transaction through. Grudgingly, I will accept that for most of the customer base this is probably the correct solution.
If there is a move in this area, I predict it will come from something like EU regulations on interoperability (we already have rules on Open Banking to some extent) - something to bear in mind next time the EU's approach to regulation is criticised as "anti-tech".
> If there is a move in this area, I predict it will come from something like EU regulations on interoperability (we already have rules on Open Banking to some extent) - something to bear in mind next time the EU's approach to regulation is criticised as "anti-tech".
This would actually be really cool! Over here in the Baltics most banks expect you to use SmartID, which admittedly is fine and has some source up on GitHub, even some nice documentation: https://github.com/SK-EID/smart-id-documentation
But more implementations and support for less vendor lock-in is nice, except that in the case of confirming bank authentication/transactions, there's probably a rather serious matter of trust and security at play (made harder by all of the complexity that you have to deal with). That said, if there was a large community effort, I'm sure that the end result would still be good for creating something like that.
If there is a move in this area, I predict it will come from something like EU regulations on interoperability (we already have rules on Open Banking to some extent) - something to bear in mind next time the EU's approach to regulation is criticised as "anti-tech".
reply