I’ve always used local credit unions. They exist to serve their members, not generate profits for shareholders. They typically don’t have junk fees, they have better interest rates on both savings and lending, as well as better customer service Check carefully for the things that are important to you (wide network of ATMs, Zelle, etc.) because these things can vary widely.
I had a branded Customers Bank (I think it was) account that a fin tech was using. They had TOTP and seemed pretty tech friendly.
Also, some/most of the major brokerages (Fidelity, Schwab, Vanguard, etc) offer banking services under their names that other banks will service. You get the security of the brokerage to access your account and usually free ATMs for cash and no International fees for US based accounts.
I like that CapitalOne offers virtual cards. They come in handy when making purchases over websites I don’t normally shop at. I just delete the virtual card after the purchase, just in case there is a security breach that steals payment info.
Although there is that baseline of terribleness for banks, consumer reports has an article that gives some privacy comparisons of the mobile apps. Which Banking App Is Best for You? - Consumer Reports
Thank you. To add on to this, here is a list of the banking apps that work on GrapheneOS: Banking Applications Compatibility with GrapheneOS | PrivSec - A practical approach to Privacy and Security
These may not have any branches in your area but…
U.S. Bank now supports passkeys
First Tech Credit Union supports TOTP and RSA fob and you can use a separate dedicated email just for 2FA/account reset.
WellsFargo supports RSA fob and their password reset doesnt allow text messaging only email or phone call to the bank.
@FranklyFlawless when purchasing Monero on Retoswap,
- what’s your process for buying tracking number or registered mail? (I’m considering using CBM to buy XMR, but I’ve read that it requires providing identification and a phone number. Could you clarify or correct me?)
- what should I enter as my return address?
I’m new to Monero and haven’t made a purchase before, so I’ll likely need alternative payment methods since crypto postage isn’t an option for me. I apologize if my concerns are unnecessary.
Aren’t they offer some sort of card now that allows it to be used like a bank?
But I am not
Are you unbanked because you want too or got you unbanked against you will?
It’s insane how every banks is a copy paste of each other. I mean, it couldn’t be against the regulations to have an open source app, officially support GOS, do as little advertising and sharing as allowed, no trackers on website.
In-person, like Craigslist, would solve your issue, although I cannot guarantee you will establish with a nearby peer.
Voluntary.
Credit unions are insured and have better incentives, but this is a passive benefit, and you may wish to look closer at their convenient third parties or general practices. There is no inherent incentive for better security, or privacy by design beyond the literal sale of your data by the first party.
My local credit union has passkey support and actively encourages it for members so that is certainly a good sign!
TOTP is not appropriate for banking security at all. It’s not phishing resistant and does not allow you to check things like bank transfer details via an independent way.
Honestly, I’d rather use standard TOTP than install some undoubtedly user-hostile app that only works on stock Android or iOS, which seems to be the prevailing default where I am. Both are inadequate
Stop propagating bad security advice. In some countries TOTP is not even legally allowed for banking, because it is too insecure.
Services usually allow you to use a password manager for passkeys which would be completely open, portable, and device-agnostic. If there are any that try to force you to use a specific device or proprietary product then I’d agree it might not be worth the trade-off for some.
In my country most banks are all in on SMS 2FA, widespread TOTP adoption would be a blessing for us. Of course, passkeys would generally be even better.
That’s terrible. Even passkeys are not good for banking, because they won’t let you verify that what is being done is actually what you wanted and not something else, like a hacker in control of your laptop could do, without you noticing.
Good banks have separate TAN apps, which only work on relatively secure devices, like Android or iOS and not on windows or Linux, which let you verify the actual actions, e.g. showing payment information, before authorizing. Or they even go a step further and let you use special separate air-gapped devices just for that (they are relatively cheap and small), which makes it almost impossible to breach into. In some countries these two methods are the de-facto standard and methods like TOTP are not even allowed. Not all, but many of the special TAN apps also work on GrapheneOS.
I’d take a passkey over TOTP any day, but it’s simply not as common with local banks. For anything mildly sensitive, proprietary apps that don’t run on anything other than blessed devices are prioritized. TOTP is an acceptable tradeoff for those, especially if they enforce new device verifications over email and similar channels.