I apparently don't have the will power to stop going on these sites so maybe stopping me loading content from the other side is exactly what I need.
[1] Not so secretly now I've mentioned it here I suppose.
When I worked a bank at $oldjob, compliance mandated we had a full-blown anti virus engine (from Microsoft or McAfee, "at your option") deployed in quasi-ephemeral container images.
It does not have to be reasonable, it doesn't have to be a net positive - it just has to tick some box on some compliance sheet for this to be required, and I will never again be able to perform a banking transaction from my personal computer or degoogled phone again.
The only financial provider I have that supports anything other than backdoors is Vanguard with U2F support.
Shit, AMEX still lowercases your passwords before (hopefully) hashing them.
We got plenty of time for those mandates to occur ;)
Now is the time to fight this. It will impossible to unravel it once it's been implemented.
One reason I slightly swallow my guilt at having a savings account with Goldman Sachs (marcus.com) is that they offer email-based 2FA. I closed my savings accounts at Chase when they enforced SMS-only 2FA.
BTW, I feel slightly less guilty about saving with these banks instead of my actual credit union after my brother-in-law (who has been in the CU world for decades) told me that if a credit union can't offer competitive savings rates, it means they are lacking in opportunities for significant local lending.
That's the problem. They do implement things, and they do them in the worst possible way.
My bank forces me to 2FA trough SMS when I connect from a new IP range. This means that I can't do any banking through them when I'm outside of my country.
I wish they just didn't implement any form of 2FA instead. That would be better than the current situation.