The issue: To make your bank account’s netbanking more secure, you need enable 2FA on it. To enable 2FA, both HDFC and Axis require you to verify through their own mobile app.
HDFC sends a notification you tap to confirm. Axis generates a one-time code exclusively inside their app. Neither bank gives you the option to use a standard authenticator app like Google Authenticator or Authy — tools that are open, portable, and widely regarded as more secure.
The process has a single point of failure built into it: your phone must be available and functional at all times. No phone? Locked out. Uninstalled the app? Locked out. That’s not a security process. That’s a dependency dressed up as one.
This isn’t an accident. Banks benefit from you having their app installed. It gives them a direct channel to your phone — notifications, offers, behavioural data, and a presence on your phone they didn’t earn. Forcing 2FA through the app is a convenient way to make sure you never uninstall it.
A better version: Offer 2FA support via any standard authenticator app as an alternative. Keep the in-app notification method for users who prefer it. Don’t make it the only way in.