>>(though, frankly, I don't consider it as safe as a one-time code, since the password might be auto-inserted by a browser
Quite right. But if someone either has access to my home computer / browser, or is able to emulate them, then I have bigger problems.
Also, that's just such an unlikely occurrence that I simply cannot be a***d to guard against it.
My bank accounts, possibly the one exception, require me to be holding a dongle which generates unique codes every 30 seconds and a different code must be entered for each transaction I try to process.
|