In most of my banks in Europe, all but one, I cannot log without using an actual physical 2FA device the bank sent me. One of them, Deutsche Bank, sent me a specific hardware 2FA which works "by itself" (and is protected by a PIN). No password to log in: only the user account ID and that 2FA device.
The others require my Java SmartCard / national ID card to be inserted in a 2FA reader they sent me (it's a standalone reader with its own display: it is not a Java SmartCard reader hooked to the computer).
Do you guys hand out your customers physical 2FA devices?
Not anymore, we used to do that and maybe a bunch of customers still have that device to log in, but we have been replacing them (the “hard token”) with a “soft token”, kind of a Google Authenticator linked to your mobile.
It is interesting how “yubi”things have moved in the opposite direction (back to the physical device) and it has its value, after all, leaving your home with all your savings in your pocket is a risk we need to address.
In most of my banks in Europe, all but one, I cannot log without using an actual physical 2FA device the bank sent me. One of them, Deutsche Bank, sent me a specific hardware 2FA which works "by itself" (and is protected by a PIN). No password to log in: only the user account ID and that 2FA device.
The others require my Java SmartCard / national ID card to be inserted in a 2FA reader they sent me (it's a standalone reader with its own display: it is not a Java SmartCard reader hooked to the computer).
Do you guys hand out your customers physical 2FA devices?