> nothing that requires an end-user to understand PKI
None is needed, how hard it’s for a bank handing over physical tokens to the customers when they open an account or mailing them to existing ones?
- You can loose them? Sure, just like any smartphone or even government ID, but the process after to replace is what will make you careful next time.
- They can be stolen? Same as above
- They can be used in banks or even for online banking, just tap it with your NFC enabled phone (yubico is an example)
- They can be used by someone else? Sure, just like your phone.
- However, no sim-swap attacks or similar, so in theory it’s better given no negligence from the users which is always the biggest risk anyway, but overall it’s an improvement.
>and also would not impede a lawful (and for the purposes of this conversation: ethically necessary) police wiretap.
Why would the police wiretap a banking verification, they can wiretap the transaction at the banks if they are legally authorized.
None is needed, how hard it’s for a bank handing over physical tokens to the customers when they open an account or mailing them to existing ones?
- You can loose them? Sure, just like any smartphone or even government ID, but the process after to replace is what will make you careful next time.
- They can be stolen? Same as above
- They can be used in banks or even for online banking, just tap it with your NFC enabled phone (yubico is an example)
- They can be used by someone else? Sure, just like your phone.
- However, no sim-swap attacks or similar, so in theory it’s better given no negligence from the users which is always the biggest risk anyway, but overall it’s an improvement.
>and also would not impede a lawful (and for the purposes of this conversation: ethically necessary) police wiretap.
Why would the police wiretap a banking verification, they can wiretap the transaction at the banks if they are legally authorized.