|
|
Post by chris on Jul 22, 2018 15:53:38 GMT
Next release. Should be this week. Many thanks for the quick answer but it seems 2fa is now mandatory then? If that's the case I guess I can wait another week. Only if you sign up for it. You can still skip if you choose to by clicking on the Dashboard link.
|
|
warn
Member of DD Central
Curmudgeon
Posts: 638 
Likes: 660
|
Post by warn on Jul 22, 2018 17:26:55 GMT
Well, It's a slight extra hurdle, this 2FA thing, but I've just had a happy thought. I can, can't I, now take my laptop into the local pub and use their (unsecured) network to sign in to AC. Even if some lurking lowlife is stealing my entire transmission, she won't be able to use it to access my account. Am I right? Please let me know ... I'm getting thirsty for some London Pride.
(Possibly frivolously stated, but a serious question.)
|
|
warn
Member of DD Central
Curmudgeon
Posts: 638
Likes: 660
|
Post by warn on Jul 22, 2018 17:59:07 GMT
Well, It's a slight extra hurdle, this 2FA thing, but I've just had a happy thought. I can, can't I, now take my laptop into the local pub and use their (unsecured) network to sign in to AC. Even if some lurking lowlife is stealing my entire transmission, she won't be able to use it to access my account. Am I right? Please let me know ... I'm getting thirsty for some London Pride. (Possibly frivolously stated, but a serious question.) No. You should use something like TunnelBear, but then you wouldn’t be able to connect to this forum! I'm trying, and pitifully failing, to work out if that's helpful or not. Thanks anyway, Paul. Anyone else?
|
|
|
|
Post by chris on Jul 22, 2018 19:36:32 GMT
No. You should use something like TunnelBear, but then you wouldn’t be able to connect to this forum! I'm trying, and pitifully failing, to work out if that's helpful or not. Thanks anyway, Paul. Anyone else? If you go directly to the https secured URL (i.e. www.assetzcapital.co.uk/), and you see the green notification in the address bar to show that you're on a trusted and verified site, then your connection will be secure even on an unencrypted Wifi connection. Someone could intercept the communication between your browser and our server but without our private key it would be gibberish to them. Two factor authentication provides additional protection such as if someone sees your password as you enter it or if you lose control of your email address etc.
|
|
|
|
Post by Deleted on Jul 23, 2018 2:15:06 GMT
If Chris is the Technical Director at Assetz, maybe he or she could get some of the basics of the Assetz website sorted out. During the first ‘extra interest’ promotion this Springtime, the amount of new funds invested for my account shown on the Assetz website was always different to the amount that I had actually invested. For the second ‘extra interest’ promotion this year, my account was showing a balance for new funds invested even when I had not invested more funds. At present, my account shows the value of instructions to sell being a higher amount than the value of loans that I have invested in. I also experience logging in problems from time to time. Because of this I now type out my log in details on a word processing document to make sure that I have typed correctly, then copy and paste into the Assetz log in fields. Even doing this I still get rejected on occasion despite my log in information being correct. I have done systems implementation and testing myself and have enough experience to know that issues such as these are due to inadequacies in the original Assetz system design and the subsequent testing prior to go live.
Although the above is going off tangent a bit, it is relevant to the current thread. For obvious reasons it is not appropriate on a public forum for there to be discussion of security weaknesses on the Assetz website. However, given some of the basics that are wrong such as the above, it is not unreasonable to wonder whether the Assetz website has been running on the past with unacceptable security weaknesses, hence the need for the current changes.
One thing is for sure. Somebody somewhere in Assetz should implement a programme of customer service and communications training for all of the Assetz staff. I have received only one e-mail notification of this thread’s changes. That one e-mail by itself is completely inadequate to guide people through the changes. Assetz do not seem to have any real idea of what good customer service and communications are.
|
|
|
|
Post by Deleted on Jul 23, 2018 7:02:53 GMT
I seem to be the odd situation of having started off inside the two step process and I'm now back in the old one step process thank goodness. No idea how. :-)
|
|
lara
Posts: 345
Likes: 300
|
Post by lara on Jul 23, 2018 12:53:34 GMT
I seem to be the odd situation of having started off inside the two step process and I'm now back in the old one step process thank goodness. No idea how. :-) Ha! You made me check! I still have 2fa, you must be special!
|
|
lara
Posts: 345
Likes: 300
|
Post by lara on Jul 23, 2018 12:57:03 GMT
Assetz do not seem to have any real idea of what good customer service and communications are. I'm new but I've been really very impressed by the quality of the AC customer service all around. 
|
|
|
|
Post by investor1925 on Jul 23, 2018 13:38:36 GMT
I must be special also, as I'm not using 2factor to log in, still just a simple email, password & 1 other word.
Personally, using sms as a login isn't a real problem as I NEVER log in to any of my financial accounts unless I'm at home on my hard wired network.
It'll just take longer each time.
My mobile provider uses it to get into my account there.
|
|
dave2
Member of DD Central
Posts: 177
Likes: 163
|
Post by dave2 on Jul 23, 2018 16:42:30 GMT
I must be special also, as I'm not using 2factor to log in, still just a simple email, password & 1 other word. Personally, using sms as a login isn't a real problem as I NEVER log in to any of my financial accounts unless I'm at home on my hard wired network. It'll just take longer each time. My mobile provider uses it to get into my account there. You might feel special tucked up at home.
Some of us travel the globe, reliant on hotel (bar / restaurant) wifi networks for all internet connectivity.
Checking our accounts using wifi in public places.
Switching sim cards as we travel to different countries.
I appreciate the additional checks and security for withdrawal of funds from my account, however I need a workable solution.
|
|
|
|
Post by bracknellboy on Jul 24, 2018 7:53:27 GMT
just logged into AC to be confronted by this whole wall of new security. I've not read back through the 16 pages of posts on here. "This pin will be used to manually verify your account when speaking to our lender team." For all this new security, has anyone got confirmation that this PIN and Memorable word will be fully encrypted and the "lender team" will only ever be presented with fragments for verification purposes ? chris ? I have never had cause to phone AC (they once phoned me years ago), so this is a bit of faff I could do without. |
|
|
|
Post by westcountryfunder on Jul 24, 2018 9:56:53 GMT
just logged into AC to be confronted by this whole wall of new security. I've not read back through the 16 pages of posts on here. "This pin will be used to manually verify your account when speaking to our lender team." For all this new security, has anyone got confirmation that this PIN and Memorable word will be fully encrypted and the "lender team" will only ever be presented with fragments for verification purposes ? chris ? I have never had cause to phone AC (they once phoned me years ago), so this is a bit of faff I could do without. I had reason to phone AC yesterday, and went through the PIN and Memorable word procedure. My Mw has nine characters. I was asked for the twelfth. No there aren't 12 characters. OK so give me the last one then. Not sure what to make of that.
|
|
|
|
Post by westcountryfunder on Jul 24, 2018 10:06:30 GMT
If you change from Authy to SMS you may have problems!A word of warning, just don't set up Authy, decide you don't like it for whatever reason and want to remove it, and then try to change to SMS. Unfortunately yesterday I did just that. Firstly logged on with Authy, and changed my profile on the AC account to SMS, and logged out. Then completely deleted Authy on my laptop (Google-chrome with Authy extension). Next followed instructions in support.authy.com/hc/en-us/articles/360002693873-Deleting-your-Authy-accountThe result? SMS is not being received. Mobile number is correct, and is otherwise working OK. I have raised a query with AC. A very pleasant lady is trying to be helpful - "a ticket has been raised", but no remedy yet.
|
|
warn
Member of DD Central
Curmudgeon
Posts: 638
Likes: 660
|
Post by warn on Jul 24, 2018 11:54:23 GMT
I had reason to phone AC yesterday, and went through the PIN and Memorable word procedure. My Mw has nine characters. I was asked for the twelfth. No there aren't 12 characters. OK so give me the last one then. Not sure what to make of that. My favourite security grilling during a call from AC was being asked for the telephone number registered to my account. "You mean the one you've just called me on, and that I'm speaking on now?" "Er, yes." So I recited it back to him, and passed with flying colours.
|
|
baldpate
Member of DD Central
Posts: 549
Likes: 407
|
Post by baldpate on Jul 24, 2018 17:56:44 GMT
just logged into AC to be confronted by this whole wall of new security. I've not read back through the 16 pages of posts on here. "This pin will be used to manually verify your account when speaking to our lender team." For all this new security, has anyone got confirmation that this PIN and Memorable word will be fully encrypted and the "lender team" will only ever be presented with fragments for verification purposes ? chris ? I have never had cause to phone AC (they once phoned me years ago), so this is a bit of faff I could do without. I have just logged in afresh to AC, and the procedure was no different from what has always been (password + randomly selected one of three security questions). No demands for PIN or Memorable word. I wonder why my experience is different to yours, bracknellboy ? Could it be because I have so far declined to opt for 2FA (and will continue to do so until the promised opt-out is made available)? Has anyone else (other than westcountryfunder ) had to do this. Was there any prior notification by email of this new procedure? (I have had none).
|
|
