banking app is authenticated, the other options aren’t. It has transport encryption with only two parties, while email does tls on a voluntary basis with a number of relays in between. It’s man-in-the-middle by default. If your bank could do e2ee mail (pgp), then it would be fine, but I havent heard of a bank offering it
banking apps of classic banks have less incentive to go wild on tracking. Review the score, crash/error feedback has a legitimate use.
I’d stay away from sms. Email is great, but just isnt confidential. At best it is s/mime signed so you have authenticity, but its not a private medium. I’m sad too, but maybe a few years from now something is getting standardized.
Both are safe, as long as they are part of 2 or 3 validation steps, and on secure or trusted network.
Anyway, please be aware that while using public networks, all your identification factors (ID, password, email, and … yes SMS) can be intercepted by an attacker (MiM).
On a public network, you should consider using a “classic” SSL VPN (not TOR), and use only email as 2nd factor (SMS won’t be transmitted through VPN, email will be).
this seems to be logical
regarding the internet connection I use home network and when I am out than I switch to mobile data on my phone so my intuition was right regarding this choice
if the bank offers App notification, use this. Prefer not to receive sms or mail a bank, so any such message is questionable. It’s so easy to phish.
The MitM stuff in public networks is a tricky one. In the end your OS has a truststore for SSL certs that a MitM attacker can’t deceive. It used to be easy with plain http, but that time is gone
Your post @smu44 has prompted me to think about it … what if a VPN and the VoWifi function are enabled? Are SMS going through the VPN, so they would be a safe option?
And what would happen if the phone is on in addition to being connected to Wifi (with VPN and VoWifi is on as well)? Would the SMS go through the cellular network, or the Wifi (so “safer”)?
Thank you for any feedback
I was asking the question above, because when I saw the report from exodus (in attachment), I was wondering what is better (or less worse ) … banking app / SMS or mail / login into the website … unfortunately it is not very clear yet in my mind …