Revision history [back]

The EU has approved a new security standard) for online banking authentication, effective due September. TL;DR: 2FA hardware tokens like this one cannot be used anymore for two-factor authentication; only second factors that can display additional information about the payment (receiver and amount) can be used. This means that most banks that are still using hardware tokens will switch to SMS messages or smartphone apps as second factor.

Also, the new standard mandates that the second factor must be independent and segregated from the application that does the online banking. It seems to be accepted that SMS messages and apps are OK as a second factor, providing a sufficient standard of security, because Android apps are segregated one from another and sandboxed.

Sailfish OS does not sandbox its apps. Hence, it seems to me that e-banking on a native browser on Sailfish OS will not be PSD2 compliant, when paired with either SMS messages or an Android-based 2FA apps running on Aliendalvik, because, let's be serious, no bank is going to write a native app.

Is my reading correct? If so, that seems highly problematic for the future of the OS.

The EU has approved a new security standard) for online banking authentication, effective due September. TL;DR: 2FA hardware tokens like this one cannot be used anymore for two-factor authentication; only second factors that can display additional information about the payment (receiver and amount) can be used. This means that most banks that are still using hardware tokens will switch to SMS messages or smartphone apps as second factor.

Also, the new standard mandates that the second factor must be independent and segregated from the application that does the online banking. banking via "separated secure execution environments". It seems to be accepted that SMS messages and apps are OK as a second factor, providing a sufficient standard of security, because Android apps are sandboxed and segregated one from another and sandboxed.another.

Sailfish OS does not sandbox its apps. apps nor put them in "separated secure execution environments", as far as I understand. Hence, it seems to me that e-banking on a native browser on Sailfish OS will not be PSD2 compliant, when paired with either SMS messages or an Android-based 2FA apps running on Aliendalvik, because, let's be serious, no bank is going to write a native app.

Is my reading correct? If so, that seems highly problematic for the future of the OS.

The EU has approved a new security standard) for online banking authentication, effective due September. TL;DR: 2FA hardware tokens like this one cannot be used anymore for two-factor authentication; only second factors that can display additional information about the payment (receiver and amount) can be used. This means that most banks that are still using hardware tokens will switch to SMS messages or smartphone apps as second factor.

Also, the new standard mandates that the second factor must be independent and segregated from the application that does the online banking via "separated secure execution environments". It seems to be accepted that SMS messages and apps are OK as a second factor, providing a sufficient standard of security, because Android apps are sandboxed and segregated one from another.

Sailfish OS does not sandbox its apps nor put puts them in "separated secure execution environments", as far as I understand. Hence, it seems to me that e-banking on a native browser on Sailfish OS will not be PSD2 compliant, when paired with either SMS messages or an Android-based 2FA apps running on Aliendalvik, because, let's be serious, no bank is going to write a native app.

Is my reading correct? If so, that seems highly problematic for the future of the OS.

The EU has approved a new security standard) for online banking authentication, effective due September. TL;DR: 2FA hardware tokens like this one cannot be used anymore for two-factor authentication; only second factors that can display additional information about the payment (receiver and amount) can be used. This means that most banks that are still using hardware tokens will switch to SMS messages or smartphone apps as second factor.

Also, the new standard mandates that the second factor must be independent and segregated from the application that does the online banking via "separated secure execution environments". It seems to be accepted that SMS messages and apps are OK as a second factor, providing a sufficient standard of security, because Android apps are sandboxed and segregated one from another.

Sailfish OS does not sandbox its apps nor puts them in "separated secure execution environments", as far as I understand. Hence, it seems to me that e-banking on a native browser on Sailfish OS will not be PSD2 compliant, when paired with either SMS messages or even with an Android-based 2FA apps app running on Aliendalvik, because, let's be serious, no bank is going to write a native app.Aliendalvik.

Is my reading correct? If so, that seems highly problematic for the future of the OS.

The EU has approved a new security standard) for online banking authentication, effective due September. TL;DR: 2FA hardware tokens like this one cannot be used anymore for two-factor authentication; only second factors that can display additional information about the payment (receiver and amount) can be used. This means that most banks that are still using hardware tokens will switch to SMS messages or smartphone apps as second factor.

Also, the new standard mandates that the second factor must be independent and segregated from the application that does the online banking via "separated secure execution environments". It seems to be accepted that SMS messages and apps on Android and Ios are OK as a second factor, providing a sufficient standard of security, because Android on these systems apps are sandboxed and segregated one from another.

Sailfish OS does not sandbox its apps nor puts them in "separated secure execution environments", as far as I understand. Hence, it seems to me that e-banking on a native browser on Sailfish OS will not be PSD2 compliant, when paired with SMS messages or even with an Android-based 2FA app running on Aliendalvik.

Is my reading correct? If so, that seems highly problematic for the future of the OS.

The EU has approved a new security standard) called PSD2 for online banking authentication, effective due September. TL;DR: 2FA hardware tokens like this one cannot be used anymore for two-factor authentication; only second factors that can display additional information about the payment (receiver and amount) can be used. This means that most banks that are still using hardware tokens will switch to SMS messages or smartphone apps as second factor.

Also, the new standard mandates that the second factor must be independent and segregated from the application that does the online banking via "separated secure execution environments". It seems to be accepted that SMS messages and apps on Android and Ios are OK as a second factor, providing a sufficient standard of security, because on these systems apps are sandboxed and segregated one from another.

Sailfish OS does not sandbox its apps nor puts them in "separated secure execution environments", as far as I understand. Hence, it seems to me that e-banking on a native browser on Sailfish OS will not be PSD2 compliant, when paired with SMS messages or even with an Android-based 2FA app running on Aliendalvik.

Is my reading correct? If so, that seems highly problematic for the future of the OS.

The EU has approved a new security standard called PSD2 for online banking authentication, effective due September. TL;DR: An important consequence is that 2FA hardware tokens like this one cannot be used anymore for two-factor authentication; must be phased out; only second factors that can display additional information about the payment (receiver and amount) can be used. This means that most banks that are still using hardware tokens will switch to SMS messages or smartphone apps as second factor.

Also, the new standard mandates that the second factor must be independent and segregated from the application that does the online banking via "separated secure execution environments". It seems to be accepted that SMS messages and apps on Android and Ios are OK as a second factor, providing a sufficient standard of security, because on these systems apps are sandboxed and segregated one from another.

Sailfish OS does not sandbox its apps nor puts them in "separated secure execution environments", as far as I understand. Hence, it seems to me that e-banking on a native browser on Sailfish OS will is not going to be PSD2 compliant, when paired with SMS messages or even with an Android-based 2FA app running on Aliendalvik.

Is my reading correct? If so, that seems highly problematic for the future of the OS.

The EU has approved a new security standard called PSD2 for online banking authentication, effective due September. An important consequence is that 2FA hardware tokens like this one must be phased out; only second factors that can display additional information about the payment (receiver and amount) can be used. This means that most banks that are still using hardware tokens will switch to SMS messages or smartphone apps as second factor.

Also, the new standard mandates that the second factor must be independent and segregated from the application that does the online banking via "separated secure execution environments". It seems to be accepted that one can do e-banking on Android and Ios (for instance, from a mobile browser, accessing the bank's website) using SMS messages and apps on Android and Ios are OK or bank apps as a second factor, providing a sufficient standard of security, because even if both "factors" reside on the same device, on these systems the apps are sandboxed and segregated one from another.

Sailfish OS does not sandbox its apps nor puts them in "separated secure execution environments", as far as I understand. Hence, it seems to me that e-banking on a native browser on Sailfish OS is not going to be PSD2 compliant, when paired with SMS messages or even with an Android-based 2FA app running on Aliendalvik.

Is my reading correct? If so, that seems highly problematic for the future of the OS.

The EU has approved a new security standard called PSD2 for online banking authentication, effective due September. An important The most visible consequence is that 2FA hardware tokens like this one must be phased out; only second factors that can display additional information about the payment (receiver and amount) can be used. This means that most banks that are still using hardware tokens will switch to SMS messages or smartphone apps as second factor.

Also, the new standard mandates that the second factor must be independent and segregated from the application that does the online banking via "separated secure execution environments". It seems to be accepted that one can do e-banking on Android and Ios (for instance, (from an app or from a mobile browser, accessing via the bank's website) using SMS messages or bank apps as a second factor, because even if both "factors" reside on the same device, on these systems the apps are sandboxed and segregated one from another.

Sailfish OS does not sandbox its apps nor puts them in "separated secure execution environments", as far as I understand. Hence, it seems to me that e-banking on a native browser on Sailfish OS is not going to be PSD2 compliant, when paired with SMS messages or even with an Android-based 2FA app running on Aliendalvik.

Is my reading correct? If so, that seems highly problematic for the future of the OS.OS. Banks could, in theory, block Sailfish browsers, or they could legally leave Sailfish users on their own in case their account gets hacked. And the reputation of being "not a safe enough OS for online banking" is truly a terrible one to have.