Google's new hand-gesture verification system uses camera-based movements to distinguish humans from bots, prompting privacy concerns among some users despite assurances that videos are deleted after processing.
That still requires getting personal information about the user, which is often enough without 2FA. 2FA still makes it more secure than not having it. It’s still a vulnerable step though, so users should be aware of that.
And because SMS 2FA is actually opening a common attack vector. I have yet to find a credit union I qualify for that uses TOTP or Yibikey.
That still requires getting personal information about the user, which is often enough without 2FA. 2FA still makes it more secure than not having it. It’s still a vulnerable step though, so users should be aware of that.
Start talking to someone at the credit Union. They are run by people, you might be able to convince them the risk and implement a safer method