QUOTE(mamamia @ Nov 19 2020, 08:00 PM)
I just feel the in app OTP is stupid for their onetoken.. give **** marks, but don need any PIN to review the 6 digits OTP in app.. what is the point of having that additional OTP in app without any security measure?
I agree that having a pin protecting the OTP would be better, but it serves its purpose as an additional OTP device. So someone who's trying to get into your account will need:
1) Your username and password
2) Your OTP device, which in this case, your phone.
To be honest, if they have both, chances are, you're most likely getting hacked anyway.
In other circumstances, for the older OTP methods like:
1) Email. Most users usually use the same auth method, so this is not as good
2) Phone. Some countries, malicious sim card takeovers are a thing, mostly because telcos customer service are very very lax.
Hence why security tokens are a thing for bank accounts. With how popular apps are getting, this has been transferred to app + device to make a "security token". Like maybank with its secureID too. Or Transferwise with authorized device confirmation. Nifty stuff.