The authenticator preserves account integrity with the compromised host attack you describe. The device I have shows something like "you are authorising a transaction of 1337€ to RU07BANK012345678, y/n?". What an attacker can do is read along while I log in, but not modify data

The server generates the challenge that's sent to the authenticator. The attacker can modify and replace it by being in your browser and show any text on your computer screen, but the authenticator will either show the truth, or the approval code it generates doesn't match the server's challenge

> That's not what I am saying. The authenticator is irrelavant to this attack.

If you need to change the security measures (take out the authenticator) in order to be able to mount an attack, maybe that means the security measure is working? xD

Trying to understand your point here. If you're merely saying that phones have better process isolation then I can only agree, but I wasn't saying that it doesn't. You can use online banking on your phone OS if you like, or use Android on your laptop. The comment you replied to upthread said that I'd like to have ownership of and freedom within my own hardware, in order to have privacy. When banks require that my phone is DRM'd with some keys from Google, Samsung, or Apple, then suddenly that has a lot of consequences for what I can and cannot do with, or inspect about, the device. Using an external authenticator, which they can attest to their heart's content, is the solution that I'm using and aligns with all parties' goals. Banks don't need to require that everyone's phone is locked down in order to use the banking software, just like it isn't in the browser, while still meeting their security goals