Financial Apps on cell phone- risks/benefits ?

^The manufacturers love these efforts because it means more bricked phones, which means more phone sales.

Apple already has the thing where the phone can't be factory wiped and sold as fully functional. I'm not sure about the stats, but the result might be summarized as "doesn't work."

The idea that manufacturers should make it impossible to part-out a phone also means that phones can't be fixed. That's just a dumb idea.

How about letting people take care of their own stuff, and if they don't, then they need to buy a new phone? What's next? Require wallet manufacturers install trackers so people who get pickpocketed can watch where their wallet goes? GOML!
 

How about letting people take care of their own stuff, and if they don't, then they need to buy a new phone? What's next? Require wallet manufacturers install trackers so people who get pickpocketed can watch where their wallet goes? GOML!
There is a lot more private information on a smartphone than a wallet. I almost long for the old days when a lost or stolen wallet was our biggest concern. Cancel and replace some credit cards, replace driver’s license, shed a tear over the lost 50 bucks, and that’s it. Now, if someone can get into your phone they can do a lot more damage that can take a lot more time to undo.
 
I've "found" several phones (like at USPS, Walmart, etc.) So lost phones (let alone stolen phones) are a real issue to lots of folks. I, of course, turned in the phones I found.

I guess that's why I do not "live" out of my phone. I don't even like living out of my lap top but YMMV.
 
I would get an RSA dongle for 2 factor if I had stuff on a cell phone.
 
I just renewed my annual 1Password subscription which I thought I would never do as I hate the very idea of an annual subscription for software. So now I start my 3rd year with 1Password.

Previously I was using pretty much the same password or some cutesy variation for most of my accounts including financial/banking. With all the reported major site hackings going on, several times I received anonymous emails showing they had my email address and password which freaked me right the heck out. They were all demanding a payment which I of course, ignored. I was using Apple's Keychain and Chrome's password manager at the time and obviously they didn't work together at all. Then to top it off, Google Chrome no longer synched with Chromium for Linux complicating my life.

I decided to make the jump to a password manager and settled on 1Password. After getting through the initial setup period which took a few days for well over 100 online accounts, it has made account management so much easier for me. I disabled Apple Keychain and Chrome password manager so now changes on one hardware platform propagate to all of my systems and I am using 20 character or more passwords on all accounts. Then I set up the included OTP options and use it for any account that will allow it over sending a text message or an email for 2F. The part I like is not being tied to only using your phone for the OTP code generation.

After using 1Password for six months or so, I decided to take it one step further and now use Yubikey hardware keys for any account that will support them. Fortunately this includes Vanguard and Bank of America but not Schwab or USAA which is disappointing. My email provider supports Yubikey but not the free version that I use so another bummer.

I'm quite sure that since I have started using 1Password and Yubikey that there have been some added security enhancements that I haven't utilized so I should not be so smug and complacent as it seems those pesky internet sleazebags never sleep.
 
1Password is great. I’ve had it for a few years with no regrets.

Careful with Yubikey and Vanguard. I don’t if they’ve fixed the problem, but if not, it’s not providing the level of safety you think.

I ended up not using Yubikey with Vanguard because of this, but I should check to see if it’s been fixed.

Here’s an old thread where this was discussed:

Thread 'Vanguard with Yubikey is pointless'
Vanguard with Yubikey is pointless
 
I don't have bank apps or any financial apps on my iPhone as all are stored in my password manager secured with a 12 digit passcode. I use my fingerprint to get in to my cell and my password manager. It locks after 3 attempts. I don't know how to be more secure.
 
1Password is great. I’ve had it for a few years with no regrets.

Careful with Yubikey and Vanguard. I don’t if they’ve fixed the problem, but if not, it’s not providing the level of safety you think.

I ended up not using Yubikey with Vanguard because of this, but I should check to see if it’s been fixed.

Here’s an old thread where this was discussed:

Thread 'Vanguard with Yubikey is pointless'
Vanguard with Yubikey is pointless
Thanks for the reminder. I am aware of the Vanguard security hole as I was a participant in the thread you referenced. I don't use phone apps for Schwab or Vanguard mostly because I have no need and secondly due to the security hole you mention although I do use web access via desktop/laptop. Someone would have to install the app and then know my user name to take advantage of the flaw via my iPhone. That's a lot of passwords to get through to accomplish that as I'm using 1Password.

It is unfortunate that some web sites still allow the user to bypass a Security Key or OTP App by utilizing the lost password process as well. We just do what we can do and hope that these security experts get their heads out of their posterior at some point.
 
I have one bank app on my phone to deposit checks from home.
 
Bank app, credit card apps (so you can quickly lock the account if the card is stolen). No broker apps - not that they are not secure, just that I prefer handling those transactions on a bigger screen connected to a router with an ethernet port. I.E., a computer.
 
Bank app, credit card apps (so you can quickly lock the account if the card is stolen). No broker apps - not that they are not secure, just that I prefer handling those transactions on a bigger screen connected to a router with an ethernet port. I.E., a computer.
That pretty much sums it up for me. I'd rather do transactions on a big screen. I don't really mess with those accounts often.
 
I’ve just read about a new feature that was added to iPhones from Version 17.3 onwards called “Stolen Device Protection “ which sounds pretty good.


After Stolen Device Protection has been enabled, some features and actions will have additional security requirements when your iPhone is away from familiar locations, such as your home or workplace. These requirements will help prevent someone who has stolen your device and knows your passcode from making critical changes to your account or device.

  • Face ID or Touch ID biometric authentication: some actions, such as accessing stored passwords and credit cards, require a single biometric authentication with Face ID or Touch ID – with no passcode alternative or fallback option – so that only you can access these features.
  • Security Delay: some security actions, such as changing your Apple ID password, also require you to wait for an hour and then perform a second Face ID or Touch ID authentication.
In the event that your iPhone has been stolen, the security delay is designed to prevent a thief from performing critical operations so that you can mark your device as lost and make sure your Apple account is secure. Find out what to do if your iPhone has been lost or stolen.
 
I'm more about the Warren Buffett strategy. I just put the money in there and forget it's there. If I check in every 6 months that's great. It's boring but I don't need instant gratification.
 
So my son’s iPhone was pickpocketed last week. Within one hour the criminal was in the phone and had attempted to change gmail password which was subsequently locked for security. That meant that my son couldn’t use find my iPhone from his iPad to lock, wipe or freeze his cellphone.
iOS and iPadOS use the FindMy app to remotely lock a device, not gmail. What am I missing?
 
As a PSA for (the admittedly rare) Android developers out there, you will want to turn off USB debugging if you have that enabled, as it can leave your device more vulnerable. It's easy to turn off... just connect it to another device with a USB cable and it will offer the option to turn it off. But I'll bet there's nobody reading here that's got USB debugging enabled, except me :p
 
^The manufacturers love these efforts because it means more bricked phones, which means more phone sales.

Apple already has the thing where the phone can't be factory wiped and sold as fully functional. I'm not sure about the stats, but the result might be summarized as "doesn't work."

The idea that manufacturers should make it impossible to part-out a phone also means that phones can't be fixed. That's just a dumb idea.

How about letting people take care of their own stuff, and if they don't, then they need to buy a new phone? What's next? Require wallet manufacturers install trackers so people who get pickpocketed can watch where their wallet goes? GOML!

Well if they make it easy to resell parts of phones like cars, you have greater incentives for phone theft since on a thousand dollar phone, they can sell parts to various repair shops.

Apple has been criticized for making it difficult for independent shops to repair iPhones, including swapping out parts.

They claim that they can't let anyone replace key components which would compromise biometric security measures such as fingerprint or face detection sensors.

Biometric authentication is in many ways considered more secure than passcode or password authentication by financial institutions, which have adopted them for their mobile apps.

So the idea is not to make it easy to break the chain of custody for the security authentication infrastructure of a phone.

But they are now cooperating with state laws which require making it easy to repair phones.

Honestly, if I had a problem, I'd only go to an authorized repair shop, not some guy at a strip mall who may not be there in 6 months.

When you go to Apple Stores, they will swap out the whole device, rarely send away for repairs.

But iPhones are a premium product and their repeat customers tend to be higher income, big spenders. Kind of like people who buy certain luxury brand cars and spend big money to have the dealer do the maintenance and repair work rather than looking to save money by going with local independent garages.

I would guess that the nicer Android phones like Samsung and Google Pixels are similar in policy.
 
iOS and iPadOS use the FindMy app to remotely lock a device, not gmail. What am I missing?
One possibility is that someone watched him enter his passcode and then stole his phone and disabled cellular and wifi. So they got into the device and Find My iPhone couldn't reach it since it was offline.
 
The owner can logon to Apple, lock the device or remotely wipe the iPhone. The instant the thief goes online, the iPhone will be wiped before any damage can be done.
 
The owner can logon to Apple, lock the device or remotely wipe the iPhone. The instant the thief goes online, the iPhone will be wiped before any damage can be done.
But they may not go online until they get you to do the activation unlock through a fake iCloud website.

Like I said, about 10 years ago, lost iPhone in Amsterdam, kept watching to see if it went online, never did.

I did send a message with my email address and I got an email to log into what was clearly a fake iCloud site. They had the logos correct but the URL was some wacky thing.

So they put it online briefly to see my email and they tried to get me to give up my iCloud password, which would have given them access to the device.

I didn't log into the fake site so either they tossed the device or maybe sold some parts of it.

But I never caught it appearing in Find My iPhone.
 
The only APP I've installed on my phone is weather radar... Don't even use FB or Amazon apps...
Also do zero banking stuff on my phone.
 
I don't access any of my financial accounts from my phone. Whatever it is can wait until I get home.
 
The iPhone Stolen Device Protection will also allow you to set it to wipe your iPhone after ten attempts using an incorrect PIN.
 
Back
Top Bottom