Sure, my hope is that if they emailed me (NOT at mobile me email, but a non-Apple address) at my Gmail which is setup for 2-factor, for confirmation that'd be ideal.
The irony is that they are all setup for 2-factor auth...the phones I have already are the second factor. The idea that someone, anyone, with a phone and my password could make effectively unlimited purchases against my saved payment instrument without being challenged makes me, as a former banking engineer, cringe.
All I'm asking is that new phones authenticate and be challenged, expecially if they don't match clearly recorded existing behavior patterns.
I agree, apple really dropped the ball in this case.
In fact, how did this app manage to slip through the review process? It seems to me that the only purpose is to funnel stolen money to somebody.
Sadly, the state of many online security systems is entirely sub-par. It's a sad sign when your email has more security features than your bank account (as I know is the case for me)
The irony is that they are all setup for 2-factor auth...the phones I have already are the second factor. The idea that someone, anyone, with a phone and my password could make effectively unlimited purchases against my saved payment instrument without being challenged makes me, as a former banking engineer, cringe.
All I'm asking is that new phones authenticate and be challenged, expecially if they don't match clearly recorded existing behavior patterns.