PayPal is ground zero? Lol, nah, just using your credit/debit card is.
We already have digital currency, and virtually everyone in the country uses it primarily. It's just not incredibly standardized. The vast majority of us pay with credit/debit cards which is literally digital currency.
And "please enter your personal digital ID number to proceed with transaction"? We already have that. It's called a PIN... personal identification number.
2FA
2FA's typical implementation (TOTP) isn't invasive at all. While you have to use your phone, it doesn't give any access to your phone from whatever service you are using. You can even use a completely offline phone. You can use a completely open source TOTP app. You don't have to use Google or whatever.
That's not to say there aren't nefarious ways to implement it; but they should go with the normal one that is battle tested.
TOTP is nothing more than a mathematical algorithm based on the current time, and has nothing to do with any cellular, phone, or internet network. The algorithm is defined at https://www.rfc-editor.org/rfc/rfc4226.html and https://www.rfc-editor.org/rfc/rfc6238.html and if you have basic programming skill and can understand these documents, it's not hard to implement yourself.
There are people here, though, who don't understand this. They're convinced that TOTP is just a way for services to gain access to their phones.
It's extra hilarious because I guarantee their phone is running a version of Android that is closed-source, and they have Google Play services enabled, and everything else.
PayPal is ground zero? Lol, nah, just using your credit/debit card is.
We already have digital currency, and virtually everyone in the country uses it primarily. It's just not incredibly standardized. The vast majority of us pay with credit/debit cards which is literally digital currency.
And "please enter your personal digital ID number to proceed with transaction"? We already have that. It's called a PIN... personal identification number.
2FA's typical implementation (TOTP) isn't invasive at all. While you have to use your phone, it doesn't give any access to your phone from whatever service you are using. You can even use a completely offline phone. You can use a completely open source TOTP app. You don't have to use Google or whatever.
That's not to say there aren't nefarious ways to implement it; but they should go with the normal one that is battle tested.
You don't need a phone for TOTP. If you use a Google Chromium based browser, there's this extension: https://chrome.google.com/webstore/detail/authenticator/bhghoamapcdpbohphigoooaddinpkbai which offers it. Most Linux distributions offer oathtool which can do it, and there's plenty of other implementations as well.
TOTP is nothing more than a mathematical algorithm based on the current time, and has nothing to do with any cellular, phone, or internet network. The algorithm is defined at https://www.rfc-editor.org/rfc/rfc4226.html and https://www.rfc-editor.org/rfc/rfc6238.html and if you have basic programming skill and can understand these documents, it's not hard to implement yourself.
Correct.
There are people here, though, who don't understand this. They're convinced that TOTP is just a way for services to gain access to their phones.
It's extra hilarious because I guarantee their phone is running a version of Android that is closed-source, and they have Google Play services enabled, and everything else.