|
|
Post by jevans4949 on Aug 18, 2014 7:48:34 GMT
Sending a text message to a phone ceases to be a security measure if a browser-based account has been accessed using a smart phone. Not sure I understand what you're saying but to my mind, 7 billion people have access to the Assetz web site and potentially my account but only a handful of people have the physical access to my phone that they would need to be able to read my text messages. It's probably the Bad Egg amongst that handful that you need to worry about - "borrowing" your phone and finding out you have been browsing the Assetz site, and knowing enough about how Assetz works - although they would need to know enough about your taste in passwords as well.
|
|
baz657
Member of DD Central
Posts: 500
Likes: 189
|
Post by baz657 on Aug 18, 2014 8:50:22 GMT
It seems unfair to insist that AC (and every other platform) develop a system that is totally foolproof and safe. Each and every person who logs onto any secure site should themselves make adequate security arrangements - asking chris to develop a system that would, for example, prevent some scroat logging in on your smart phone that you had left lying around somewhere after you had been browsing the latest loans isn't really (and shouldn't be) his problem. Everybody has a duty to take responsibility and keep security measures in place. |
|
|
|
Post by chris on Aug 18, 2014 9:00:27 GMT
It seems unfair to insist that AC (and every other platform) develop a system that is totally foolproof and safe. Each and every person who logs onto any secure site should themselves make adequate security arrangements - asking chris to develop a system that would, for example, prevent some scroat logging in on your smart phone that you had left lying around somewhere after you had been browsing the latest loans isn't really (and shouldn't be) his problem. Everybody has a duty to take responsibility and keep security measures in place. I agree to a degree. It's my job to make it easy for people to keep their account safe and secure, but you're right in that I can't cover every eventuality of protecting people from themselves. It also doesn't make sense to massively inconvenience the masses to provide protection against one obscure way in which a lender may need to be protected from their own poor practices so whatever we do has to be balanced across the needs of all users.
|
|
|
|
Post by Ton ⓉⓞⓃ on Aug 18, 2014 10:58:22 GMT
It seems unfair to insist that AC (and every other platform) develop a system that is totally foolproof and safe. Each and every person who logs onto any secure site should themselves make adequate security arrangements - asking chris to develop a system that would, for example, prevent some scroat logging in on your smart phone that you had left lying around somewhere after you had been browsing the latest loans isn't really (and shouldn't be) his problem. Everybody has a duty to take responsibility and keep security measures in place. I agree to a degree. It's my job to make it easy for people to keep their account safe and secure, but you're right in that I can't cover every eventuality of protecting people from themselves. It also doesn't make sense to massively inconvenience the masses to provide protection against one obscure way in which a lender may need to be protected from their own poor practices so whatever we do has to be balanced across the needs of all users. It used to be that your job was to make a little harder to get into your site than the competitors so that they tended to get broken into and you didn't. I'm talking about the olden days and not specifically AC. The most likely way that the added security of sending a PIN to a mobile of being negated is where the laptop and phone are stolen together. What about if the PIN or whatever was sent to a home phone or mobile?
|
|
