alt Hacker NewsTOTP not accepted, because the confirmation for payment must include the amount to be paid, which cannot be done under TOTP as far as I know.
TOTP not accepted, because the confirmation for payment must include the amount to be paid, which cannot be done under TOTP as far as I know.
Some UK banks (Nationwide and Barclays I know for certain) have had mini card-reader PIN devices since around 2010 that they've given customers, that basically generate on an LCD screen an 8-digit code for authentication.
When confirming a large transfer, you also need to enter the payment amount in the device, and I assume this gets hashed into the number as well.
More recently (last 3/4 years), you can also use their mobile app to do this instead / as well as.