I was reading up a bit on the European Union’s electronic id system recently and although at first I was very skeptical, it seems like it solves a lot of the problems mentioned in this article. I started reading about it because I lost the phone that all my accounts 2fa set to were set to use and was angry that I was being forced to rely on my phone for authentication.
Yeah we live in a non-ideal world, I know. This one sucks, but not too much imo:
First of all, this email is now only linked to a phone number in a sense that your bank knows that it’s your email and it’s your phone number. Unless bank is hacked and their client info is publicly exposed, no one else will know that. And most important thing is that it’s not linked in a sense that a phone number can be used for account recovery on the email itself. Right? So the email account keeps being secure.
Also, if you own a domain, then as explained in the article, you can have a separate email address for every service, like foo@nicemail.org for the bank, bar@nicemail.org for brokerage, etc. Better to choose some neutrally-looking domain like nicemail.org, so that it’s not obvious that it’s a private domain. Just to add some obscurity.
Another thing: does this bank use email as a security backdoor? Some banks that I know, don’t do that; they only use email for communication, and it’s not possible to e.g. reset password over email (one rather has to go to their brick-and-mortar office in person to do that). So if that’s the case, then there’s no much point in using secure email with this particular bank account in the first place: might be better to use a regular email address.
I was reading up a bit on the European Union’s electronic id system recently and although at first I was very skeptical, it seems like it solves a lot of the problems mentioned in this article. I started reading about it because I lost the phone that all my accounts 2fa set to were set to use and was angry that I was being forced to rely on my phone for authentication.
Using a separate, secure email account for banking - one not tied to a phone number, especially - sounds nice.
But then my bank requires, in addition to all of my other personal information, a phone number.
So now my secure email account that I took care not to link a phone number to… is now linked to a phone number.
Yeah we live in a non-ideal world, I know. This one sucks, but not too much imo:
First of all, this email is now only linked to a phone number in a sense that your bank knows that it’s your email and it’s your phone number. Unless bank is hacked and their client info is publicly exposed, no one else will know that. And most important thing is that it’s not linked in a sense that a phone number can be used for account recovery on the email itself. Right? So the email account keeps being secure.
Also, if you own a domain, then as explained in the article, you can have a separate email address for every service, like foo@nicemail.org for the bank, bar@nicemail.org for brokerage, etc. Better to choose some neutrally-looking domain like nicemail.org, so that it’s not obvious that it’s a private domain. Just to add some obscurity.
Another thing: does this bank use email as a security backdoor? Some banks that I know, don’t do that; they only use email for communication, and it’s not possible to e.g. reset password over email (one rather has to go to their brick-and-mortar office in person to do that). So if that’s the case, then there’s no much point in using secure email with this particular bank account in the first place: might be better to use a regular email address.
So as always, it’s all about tradeoffs.
Very good points, of course — thank you!