warn
Member of DD Central
Curmudgeon
Posts: 638 
Likes: 660
|
Post by warn on Jul 31, 2018 12:05:45 GMT
...My preferred solution would be to allow lenders to link accounts with appropriate permissions and switch between them without needing to re-authenticate... That would be < expletive deleted> brilliant. Yes, please!
|
|
ceejay
Posts: 975
Likes: 1,149
|
Post by ceejay on Jul 31, 2018 13:16:37 GMT
...My preferred solution would be to allow lenders to link accounts with appropriate permissions and switch between them without needing to re-authenticate... That would be < expletive deleted> brilliant. Yes, please! Agreed. My Hargreaves Lansdowne accounts work like that, and it's excellent. Slightly clunky to set up, but that's probably as it should be. A few things, IIRC, can only be done if you are logged in directly which also makes sense.
|
|
|
|
Post by chris on Jul 31, 2018 14:46:11 GMT
...My preferred solution would be to allow lenders to link accounts with appropriate permissions and switch between them without needing to re-authenticate... That would be < expletive deleted> brilliant. Yes, please! It's just been pointed out to me by one of our devs (take a bow Dan), that Google chrome supports multiple named sessions / users. So using the instructions here you can create a chrome user account for each of the accounts you switch between, then use the 2FA opt-out as normal to bypass having to use it to log in. Could make things more manageable whilst we look at the longer term solutions.
|
|
dc848
Posts: 150
Likes: 92
|
Post by dc848 on Aug 1, 2018 8:27:19 GMT
Well it looks to me as if the Banks are following the AC lead in security measures. Suddenly, AC's not looking so bad, huh?
"...Money Mail understands that each bank will offer a variety of ways of getting hold of this vital new code, which will be different for each purchase.
Most are expected to offer to send it as a text message to your mobile phone. But if you use a mobile banking smartphone app, you may also be able to generate a code there.
Other banks may enable you to obtain a code on a handheld device similar to the card readers customers of some banks use to log into their online banking.
Alternatively, banks could offer an automated call to your landline, where the code is read out by a machine.
Another possibility is a new type of credit and debit card where the CCV security code on the back changes every 90 seconds. "
|
|
lara
Posts: 345
Likes: 300
|
Post by lara on Aug 1, 2018 8:47:42 GMT
Well it looks to me as if the Banks are following the AC lead in security measures. Suddenly, AC's not looking so bad, huh?
"...Money Mail understands that each bank will offer a variety of ways of getting hold of this vital new code, which will be different for each purchase.
Most are expected to offer to send it as a text message to your mobile phone. But if you use a mobile banking smartphone app, you may also be able to generate a code there.
Other banks may enable you to obtain a code on a handheld device similar to the card readers customers of some banks use to log into their online banking.
Alternatively, banks could offer an automated call to your landline, where the code is read out by a machine.
Another possibility is a new type of credit and debit card where the CCV security code on the back changes every 90 seconds. "
Awww cr*p!
|
|
|
|
Post by valerieb on Aug 2, 2018 7:21:52 GMT
As my iPad was becoming unreliable, I didn't finish setting up Authy with the result that I made absolutely no changes to my profile - looked at the page but didn't touch it. Surprisingly, I can still login as I've always done, add money and buy parts. I assume I wouldn't be able to sell or withdraw cash. Now armed with a new iPad, I could complete the Authy process but I'm quite tempted to do nothing and see what happens!
|
|
dc848
Posts: 150
Likes: 92
|
Post by dc848 on Aug 2, 2018 7:28:37 GMT
As my iPad was becoming unreliable, I didn't finish setting up Authy with the result that I made absolutely no changes to my profile - looked at the page but didn't touch it. Surprisingly, I can still login as I've always done, add money and buy parts. I assume I wouldn't be able to sell or withdraw cash. Now armed with a new iPad, I could complete the Authy process but I'm quite tempted to do nothing and see what happens! I too, am waiting until forced to change my ways, and yes, you can still quite merrily sell out of those unwanted loans (and at discount). I wont know how a cash withdrawal will work though until next week.
|
|
|
|
Post by valerieb on Aug 2, 2018 7:43:22 GMT
Shhhh! Let's not wake the sleeping Chris who may take steps to stop our access!
|
|
sl75
Posts: 2,092
Likes: 1,245
|
Post by sl75 on Aug 4, 2018 6:17:10 GMT
Personally, I'm also refusing to beta test AC's new 2FA whilst on holiday with intermittent mobile phone coverage (it's good at today's hotel, but was rubbish all last week).
Thankfully I'm not being forced to just in order to check in on my account and tweak a few orders having woken up a bit before the time we ordered breakfast. I expect the beeping mobile phone if I'd had a text message would have woken my wife who would then demand to know who was texting me at this time in the morning.
I might possibly consider joining the testing team when I'm back home.
During this testing phase 2FA needs to remain opt-in. Once AC (and the customers who are helping them to test this system) are fully happy with the new system, only then should they tentatively consider whether to roll it out to all customers whether they want it or not, forcing anyone who doesn't comply to close their account [or to continue with some more limited form of access (e.g. unable to invest in new loans?) under the existing T&Cs, using their username and password as the current T&Cs explicitly state, when the T&Cs are changed to require 2FA]
I find it surprising that sufficiently many AC accounts were being compromised with sufficient damage done that it was necessary to mitigate this risk with such a "secure" login process, but it seems clear that AC must have collated sufficient reports from customers whose accounts had been compromised in this way to determing that this was an ongoing risk that must be dealt with now and justify the significant expense of developing this solution and the significant imposition on customers of requiring it.
|
|
lara
Posts: 345
Likes: 300
|
Post by lara on Aug 4, 2018 8:27:18 GMT
I find it surprising that sufficiently many AC accounts were being compromised with sufficient damage done that it was necessary to mitigate this risk with such a "secure" login process, but it seems clear that AC must have collated sufficient reports from customers whose accounts had been compromised in this way to determing that this was an ongoing risk that must be dealt with now and justify the significant expense of developing this solution and the significant imposition on customers of requiring it. I don't believe that there have been. As I understand it, they are being proactive.
|
|
|
|
Post by thegrumbler on Aug 5, 2018 7:47:48 GMT
I find it surprising that sufficiently many AC accounts were being compromised with sufficient damage done that it was necessary to mitigate this risk with such a "secure" login process, but it seems clear that AC must have collated sufficient reports from customers whose accounts had been compromised in this way to determing that this was an ongoing risk that must be dealt with now and justify the significant expense of developing this solution and the significant imposition on customers of requiring it. I don't believe that there have been. As I understand it, they are being proactive. As I understand AC are simply stupid and are acting against their own T&C (they imposed the new change without even thinking to change the T&C). I, and many others, would instantly close the account if this change was imposed without a T&C modification (and I would NEVER ever accept such a change, not even if they offered to double the rates).
|
|
lara
Posts: 345
Likes: 300
|
Post by lara on Aug 5, 2018 8:14:04 GMT
I don't believe that there have been. As I understand it, they are being proactive. As I understand AC are simply stupid and are acting against their own T&C (they imposed the new change without even thinking to change the T&C). I, and many others, would instantly close the account if this change was imposed without a T&C modification (and I would NEVER ever accept such a change, not even if they offered to double the rates). Coincidentally I joined AC on the very day the change was implemented so I was automatically enrolled onto the new system. As I don't use a mobile phone and didn't want to install Authy, I had to rely on a call to the home phone. I did find that to be inconvenient and limiting. I couldn't sign on during the night, for example, without disturbing the rest of the household. But now they have implemented an opt-out for the 2fa for every sign in and it's great. I can get into my account with no problem whenever I want to. And I am more than happy to have the extra security of 2fa for sensitive transactions such as withdrawals.
|
|
|
|
Post by bikeman on Aug 6, 2018 15:29:27 GMT
As I understand AC are simply stupid and are acting against their own T&C (they imposed the new change without even thinking to change the T&C). I, and many others, would instantly close the account if this change was imposed without a T&C modification (and I would NEVER ever accept such a change, not even if they offered to double the rates). Coincidentally I joined AC on the very day the change was implemented so I was automatically enrolled onto the new system. As I don't use a mobile phone and didn't want to install Authy, I had to rely on a call to the home phone. I did find that to be inconvenient and limiting. I couldn't sign on during the night, for example, without disturbing the rest of the household. But now they have implemented an opt-out for the 2fa for every sign in and it's great. I can get into my account with no problem whenever I want to. And I am more than happy to have the extra security of 2fa for sensitive transactions such as withdrawals. How do I opt out of 2fa at sign in? I am at work and I can't login because AC are sending a code to my home landline.
|
|
lara
Posts: 345
Likes: 300
|
Post by lara on Aug 6, 2018 15:40:01 GMT
Coincidentally I joined AC on the very day the change was implemented so I was automatically enrolled onto the new system. As I don't use a mobile phone and didn't want to install Authy, I had to rely on a call to the home phone. I did find that to be inconvenient and limiting. I couldn't sign on during the night, for example, without disturbing the rest of the household. But now they have implemented an opt-out for the 2fa for every sign in and it's great. I can get into my account with no problem whenever I want to. And I am more than happy to have the extra security of 2fa for sensitive transactions such as withdrawals. How do I opt out of 2fa at sign in? I am at work and I can't login because AC are sending a code to my home landline. There was a box to tick below the other fields. I think it was on the screen where you enter the code, so you might have to do it from home the first time. I haven't had to do it since.
|
|
lara
Posts: 345
Likes: 300
|
Post by lara on Aug 6, 2018 17:16:55 GMT
There was a box to tick below the other fields. I think it was on the screen where you enter the code, so you might have to do it from home the first time. I haven't had to do it since. I think the opt out applies to the PC or device you are currently using not just your login. So unless you can use a work laptop at home, you’re not going to get anywhere. :-( Yes, I'm sure you're right about that. But taking your home laptop into work would be an option.
|
|
