Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

UBS Switzerland has a decent system. When I first opened the account 15 years ago we had a number pad of codes on paper we entered as the authentication. Then later we got a credit card sized electronic device where we enter a passcode and it gives us a one-time code to enter to login. And now we have an Access app - we go to the website, enter our contract number, point our phone at a QR code on the webpage and authenticate on the app, and the desktop browser logs us in. The access app also is used for logging in with the mobile banking app. It never relied on sms.

Super simple but probably costs some money to develop.



Banks in the US sometimes support U2F, but you can never disable SMS. Maybe one day.


Would be nice if they could do email instead.


Zurich Kantonalbank (ZKB) has a very similar system, probably because they're also a big bank in Switzerland


think its a Europe thing, we have the same solution in Denmark. Chip and Pin has been in Europe forever I don't think the US has moved to this yet (although happy to be wrong) and also believe they still like those bouncy checks that has sort of died elsewhere.


UK Banks like Barclays also had the small electronic credit card sized device from around 2011 or so (and now use the Mobile app for that), but other UK banks like Halifax are still doing passwords (they even have a limit of 18 chars) and just ask you for random characters of memorable words, so there's a big inconsistency even within a single country.


while working for UBS (outside of Switzerland) i believe I had to use the same card, but oh boy it's expensive.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: