I have two bank accounts in Sitzerland. One for paying bills and another one at Banque Cantonale just because it is necessary to have an account with them if you want to have a physical deposit box in their vault to keep gold or other things.
Banque Cantonale gave me a small device as a second factor for Authentication. I don’t use it as I don’t use this account except for access to the vault.
With my primary bank account which is with a small Swiss bank I still had the possibility to use text messages as a second factor. This will change on January 1st. From then on I would have to use their E-Banking App as a second factor.
I use Graphene OS on my handphone with hardly any apps (and Qubes OS on my notebook) since many years. I think life is offline and I want to keep it that way. I live among my family and friends. I use my phone for phone calls and text messages (both not often, and knowingly that everything I say or write on the phone is not private).
I’m sure there are other people with a similar mindeset on this forum. How do you do your banking and your 2FA?
Depends on the app you use. It can be private and secure if you use Signal for example.
–
Mobile banking especially on GrapheneOS is very tricky. You can try creating a new profile, installing Play services and downloading the app from Aurora Store to see if it works? But I’ve found the best way to go about it is via your computer directly.
Every bank has different TOTP/2FA set up option in my experience so if you absolutely need an app for that and the app doesn’t work on your device, then you’re likely out of luck unless you have a secondary device just for this use case (if you can manage that).
But also ask them of the options they provide for TOTP. Is 2FA via the banking app the only way they are providing? No TOTP seed token you can save in your password manager?
And all of this will become complicated seeing you use Qubes so logging in on the website may be problematic too should the website refuse to function on it. You’ll have to try it out.
I don’t think there is one singular solution that will work.
Banks in different countries have different set ups. So, we can’t answer this because it widely varies.
Edit: I reread your post and saw that you said your primary bank will require an app as 2FA. Maybe switch banks depending on how much you like them. Make sure to inquire about 2FA if and when you do your research.
I honestly think that installing the banks official app through sandboxed google play in a second user or profile is the most secure and private option and I’d recommend you go with that.
If your threat model is high I wouldn’t recommend using a desktop computer for banking as they’re less secure than mobile operating systems and GOS especially.
Well designed banking apps are also more secure than using the banks website but this of course depends on your bank.
I’d also recommend using Signal for texts or calls
Edit: Imo it’s a good thing that your bank is moving away from SMS as 2FA since that is not really secure.
Even if some banks have e-banking system that can be used without mobile app as 2FA, it doesn’t mean it will stay that way. I have accounts in 2 banks, and in both you can’t use the browser version without mobile app. Not just for login/setup, but also for transaction confirmation. Though it is possible to use their apps in LineageOS without google services (microg), but that might change as well.
I honestly think that installing the banks official app through sandboxed google play in a second user or profile is the most secure and private option and I’d recommend you go with that.
I’ll try that out on my old Pixel 6.
If I inststall Micro G in a second profile there is absolutely no way google or the bank can access anything on my primary profile? Is there a good guide somewhere how to set up Micro G safely in a second profile?
Even if some banks have e-banking system that can be used without mobile app as 2FA, it doesn’t mean it will stay that way.
Yes, this, and because I don’t like the idea of lugging around an additional 2FA gadget when I travel, is the main reason why I favor the Micro G solution.
I’d also recommend using Signal for texts or calls
I’ve tried Session Messenger and convinced some family members and friends to install it. Calls didn’t work and messaging was unreliable. My friends gave up Session one by one and that’s why I went back to the old text messages. Everybody else seems to be on what’s up.
Maybe I should give Signal a try and try to convince family & friends again
Yes, thank you. I followed the steps on the GrapheneOS website under “usage”. After intstallation it says: “Signing in into a Google account is optional, unless you want to use features depending on being signed into an account.”
But the first thing when I open the sandboxed Google Play Store is that it asks me to sign in with a Google account. Isn’t it possible to use the Play Store without signing in, just as the GrapheneOS website says?
