There’s a scene in the latest season of Ted Lasso when one of the principal characters falls into a canal during a trip to Amsterdam. For the rest of the episode, she finds love in the arms of the friendly guy from a nearby barge who rescued her. All I could think of was, how is she going to use her credit card without a phone? Or fly home without being able to check-in and show her boarding pass?
I’m sure I am not the only Daily Maverick reader who dreads being in this unenviable position. I have a lingering, unspoken anxiety about the terrible inevitability that I might lose a phone, or have it stolen. Or, as happened to me last week, having my phone just die overnight. In its sleep, as it were. Or, at least, in mine.
Because Apple so conveniently backs it up every night for me, I was able to restore it within a few hours – in no small part because of Vodacom’s phenomenal service in getting me a replacement iPhone by lunchtime.
But there are unfortunate repercussions for some services that use your smartphone as a “trusted device”. It’s both a boon and a curse – without being in a foreign country.
The smartphone has usurped so many other devices and services – they are a digital Swiss army knife. They are our diaries, contact books, cameras, provide us with email and messaging, distract us with social media, and open up the world of apps.
Like most of us, my banking app is among the top five most-used apps. I arguably use it every day – and certainly use my credit card through Apple Pay daily.
One of the delights for me about the shift to smartphone app-based banking is that the app has become the trusted device. If I make an online credit card payment, I have to verify it in my FNB app first.
I love that.
There was a time when it was secure to have a one-time pin SMSed to your phone. But that is the easiest way to compromise your security. SMSes can be intercepted, with SIM card swaps being one of the easiest ways to steal someone’s login credentials.
It’s the reason so-called authenticator apps have emerged as a more secure means to provide what’s called two-factor authentication. Generally, when you are logging into your email or social account, the first factor is your password. The second is that six-digit code generated by the authenticator app.
You obviously set this up beforehand and I highly recommend doing it immediately.
When buying something online, either through a website or an app, most banks now push a verification notification to your app, where you have to approve it. It’s genius. No more easily intercepted SMSes.
But there is a downside, especially if you use your smartphone as the trusted device. Without the previous trusted phone, it’s hard to set up a new device. My bank, as it should, requires verification from my smartphone app for certain things, including approvals for releasing payments and (most frustratingly) setting up a new trusted device.
Obviously, this would happen just before the 25th when I had to be the second person to authorise salaries. But, as it happens, recreating a trusted device can be done a lot more easily than I expected.
Apart from the usual login details, FNB used a selfie to verify I was who I said I was (which they confirm against the Home Affairs database) and, well, that I’m alive. It was slightly more complicated for my business account, but now I know how to do it.
Of course, I immediately created my iPad as another trusted device in case I ever fall into a canal. Or have a phone pull a lemming on me. DM