Comment Re:Why the banks support a standard 2 factor syste (Score 1) 71
Or you can save the expense and skip the second factor altogether--which is an acceptable risk for almost everyone.
Side note: a second factor token isn't buying much for the attacks we're seeing in the real world. (Compromised endpoint; and no, it doesn't take personal targeting for someone to go active once a user on a compromised host has been identified as using a bank with a scripted attack pattern.) What you really want to stop theft in that scenario is an out of band channel, like SMS confirmation. But then you've got a different set of problems with mobile malware potentially being able to spoof that. Picking just one attack vector, choosing an arbitrary mitigation, then criticizing the banks for implementing the mitigation in too stringent a fashion because your arbitrary standard is "good enough" seems...myopic at best.