Our business accounts are now with ANZ, who appear to be a bit sucky to interact with online. They seem to have pulled a Microsoft and have this weird disconnect between “business” and “personal” accounts but don’t disclose what works where so if you try and perform certain actions via your account online it’ll get all the way to the end then end up just randomly redirecting to the main page or give you a popup saying “not supported on this account” or whatever. Kinda lame for a big bank but that’s not actually the point of this post.
They have ANZ Shield, which is just a 2FA app except it sucks. It’s got 2 star Google reviews with countless complaints about how much it sucks, but apparently with their brazillions of dollars they haven’t got around to fixing it as yet. It’s not compatible with my Pixel 7 on Android 13 apparently so I can’t see the suck for myself, but going by the comments and reviews there is still suck aplenty.
I want to enable 2FA because aside from sucking in general and at making 2FA apps, ANZ also sucks at passwords and has a limit of 16 chars and no non-alphanumeric characters - that’s less secure than what I use for my Pattismiths account which is limited to ordering fat burgers on a weekend. Since ANZ Shield won’t work I’m currently on SMS for my “second factor” but since its on the same device (so won’t need a second auth, and can be spoofed to boot) it’s not as good as a 2FA app.
Long story short… Has anyone worked out a way to enable ANZ Shield, but using Authy or Google Authenticator or some other 2FA app instead of the proprietary ANZ app that sucks?
You must log in or register to comment.
I’m definitely not certain, but I did a bit of a search and as far as I can tell, ANZ does not use standard TOTP, which would mean Authy won’t work with it, unfortunately.
You could always just try it, though. Usually setting it up requires you to enter a code produced from it, so if that doesn’t work you’ll know it doesn’t work.
My bank (Bank Australia) uses Symantec VIP. Which looks like standard TOTP. In fact, I’m pretty sure the Symantec VIP app does also support standard TOTP codes. Unfortunately though, it’s not quite. As I understand it, VIP uses standard TOTP, but in a way that doesn’t expose the credentials so they can be imported by standard TOTP apps. Some awkward workarounds exist to extract the right credential and allow you to put them into Authy.
I’ve heard Symantec offers a white-labelled version of their app. Is it possible that ANZ Shield is one of these, and that therefore the workarounds would work for you? Could be worth a shot.
Nice digging. Someone savvy may be able to extract the ANZ Shield APK using apktool, then maybe some decompilation from there to find any Symantec VIP libraries…
as far as I can tell, ANZ does not use standard TOTP
It still has a 6 digit code every 60 seconds, but yeah, no idea what’s happening behind the scenes.
Yeah if that’s the case it’s quite possibly either a white labelled version of Symantec VIP, or their own implementation of something similar.
I also have a pixel. I had a 6 pro. Now a 7 pro after a screen break. Same issue. It doesn’t seem to be a device issue. It just isn’t updated to android 13 compatibility. Android 14 is out in a few weeks. It’s absolutely ridiculous that a large bank is 2 years behind on updates for an app that is based on security. It’s really shoddy. If they can’t manage to do it in house, they don’t need to reinvent the wheel and could use authentication through third party and be compatible with other apps.
Our business accounts are now with ANZ
Why?
Starting to ask myself the same question. On paper they supported everything we needed, and the signup process was very simple. It’s been all downhill from there though.
