|
|
Post by bikeman on Aug 6, 2018 18:42:32 GMT
On my landline the BT sms message for the code is read like: your code is 6 million, six hundred and fifty nine thousand, three hundred and fourty two What a  joke |
|
upland
Member of DD Central
Posts: 479 
Likes: 175
|
Post by upland on Aug 6, 2018 20:24:31 GMT
On my landline the BT sms message for the code is read like: your code is 6 million, six hundred and fifty nine thousand, three hundred and fourty two What a joke Indeed its not as good a system as the HMRC system that just says the digits. Every time I log on without having to go through that is a blessing now.
|
|
|
|
Post by ogwellian on Aug 7, 2018 10:39:23 GMT
I'm quite happy with the SMS authorisation, especially now you can set it to not every time you log in.
I'm lucky that my Samsung tablet has a sim slot, and I have a payg 3 sim card in it, so I get the code directly.
|
|
ton27
Member of DD Central
Posts: 432
Likes: 267
|
Post by ton27 on Aug 9, 2018 12:00:56 GMT
I still find it to be a pita. About 50% of the time the "Opt-out" does not work - seems to be totally random as to when this happens - and when the code is needed it is often taking several minutes (or longer) to receive the code and then (because I have used the resend function) I get 2 or 3 codes and even worse sometimes when I input the code I get the "invalid" message. It really is poor, especially as I run three accounts and log in several times per day. This is becoming less as I am becoming less active on the accounts as it becomes more painful.
|
|
dc848
Posts: 150
Likes: 92
|
Post by dc848 on Aug 9, 2018 13:44:48 GMT
Hmmm. Multiple accounts, multiple times of the day. You gotta wonder where the real problem might be. I seriously doubt you would try that logging in to your bank accounts all from one place.....
|
|
|
|
Post by chris on Aug 9, 2018 14:32:20 GMT
I still find it to be a pita. About 50% of the time the "Opt-out" does not work - seems to be totally random as to when this happens - and when the code is needed it is often taking several minutes (or longer) to receive the code and then (because I have used the resend function) I get 2 or 3 codes and even worse sometimes when I input the code I get the "invalid" message. It really is poor, especially as I run three accounts and log in several times per day. This is becoming less as I am becoming less active on the accounts as it becomes more painful. Every time you log in to a different account you overwrite the cookie that stops you having to use 2FA to log in, so next time you switch to a different account again you need to log in again. We're working on some longer term changes to better facilitate multiple user accounts like this but in the mean time you could use different Google Chrome user accounts for each login. This would allow you to switch between multiple cookies on the site, one for each user account, to consistently opt-out of 2FA across all of them. Select the right chrome user account, log in to the site using that correct email and password, no more 2FA until the cookie expires.
|
|
dandy
Posts: 427
Likes: 341
|
Post by dandy on Aug 9, 2018 14:39:54 GMT
I still find it to be a pita. About 50% of the time the "Opt-out" does not work - seems to be totally random as to when this happens - and when the code is needed it is often taking several minutes (or longer) to receive the code and then (because I have used the resend function) I get 2 or 3 codes and even worse sometimes when I input the code I get the "invalid" message. It really is poor, especially as I run three accounts and log in several times per day. This is becoming less as I am becoming less active on the accounts as it becomes more painful. Every time you log in to a different account you overwrite the cookie that stops you having to use 2FA to log in, so next time you switch to a different account again you need to log in again. We're working on some longer term changes to better facilitate multiple user accounts like this but in the mean time you could use different Google Chrome user accounts for each login. This would allow you to switch between multiple cookies on the site, one for each user account, to consistently opt-out of 2FA across all of them. Select the right chrome user account, log in to the site using that correct email and password, no more 2FA until the cookie expires. May I suggest you deploy 'opt in' rather than 'opt out' to resolve this. Simple?
|
|
|
|
Post by chris on Aug 9, 2018 14:42:32 GMT
Every time you log in to a different account you overwrite the cookie that stops you having to use 2FA to log in, so next time you switch to a different account again you need to log in again. We're working on some longer term changes to better facilitate multiple user accounts like this but in the mean time you could use different Google Chrome user accounts for each login. This would allow you to switch between multiple cookies on the site, one for each user account, to consistently opt-out of 2FA across all of them. Select the right chrome user account, log in to the site using that correct email and password, no more 2FA until the cookie expires. May I suggest you deploy 'opt in' rather than 'opt out' to resolve this. Simple? Sorry, company security policy is that 2FA has to be opt-out.
|
|
n
Member of DD Central
Yet another Nick
Posts: 882
Likes: 461
|
Post by n on Aug 9, 2018 14:49:31 GMT
Every time you log in to a different account you overwrite the cookie that stops you having to use 2FA to log in, so next time you switch to a different account again you need to log in again. We're working on some longer term changes to better facilitate multiple user accounts like this but in the mean time you could use different Google Chrome user accounts for each login. This would allow you to switch between multiple cookies on the site, one for each user account, to consistently opt-out of 2FA across all of them. Select the right chrome user account, log in to the site using that correct email and password, no more 2FA until the cookie expires. May I suggest you deploy 'opt in' rather than 'opt out' to resolve this. Simple? I find it easier to use different browsers. I run 2 accounts using 2 different computers, Firefox is my default browser on both machines so I use that to log in to my personal account, and I use Chrome to log in to the company account. This is working well - I haven't had to use 2FA for over a week now, except when withdrawing money.
If I had a 3rd account I think I would use Safari or Opera - that is how much I hate Internet Explorer and Edge!
|
|
lara
Posts: 345
Likes: 300
|
Post by lara on Aug 10, 2018 3:58:16 GMT
Any idea of a timeline for this?  Also, looking at past posts I know this has been discussed for a long time, but in regards to withdrawals, when will the linked account system be starting please? Timeline for 2FA being optional on login is days not weeks. Timeline for the designated bank accounts is weeks. Hi chris. Any updates on the designated bank accounts please? I really don't want this to slip by!
|
|
|
|
Post by honda2ner on Aug 10, 2018 21:17:10 GMT
Timeline for 2FA being optional on login is days not weeks. Timeline for the designated bank accounts is weeks. Hi chris . Any updates on the designated bank accounts please? I really don't want this to slip by! I agree 100%. I'm sorry AC, I like your system (that's why you have my money) but all this mess over 2FA when designated bank accounts would solve 99.9% of the security problems and with zero complaints from lenders, in fact we would welcome it with open arms! If AC were my business I would call the people responsible for implementing 2FA into my office and point out that this obsession with 2FA whilst far less difficult and better solutions are ignored is making the business look very stupid and annoying customers. Please AC, wake up and get your priorities right, put 2FA on the back burner and get designated bank accounts ASAP. Frankly I'm staggered that AC didn't have designated bank accounts from day 1, that alone is a good reason for the person in charge of online security to be handed their P45 for being asleep at the wheel.
|
|
|
|
Post by chris on Aug 11, 2018 4:41:00 GMT
Hi chris . Any updates on the designated bank accounts please? I really don't want this to slip by! I agree 100%. I'm sorry AC, I like your system (that's why you have my money) but all this mess over 2FA when designated bank accounts would solve 99.9% of the security problems and with zero complaints from lenders, in fact we would welcome it with open arms! If AC were my business I would call the people responsible for implementing 2FA into my office and point out that this obsession with 2FA whilst far less difficult and better solutions are ignored is making the business look very stupid and annoying customers. Please AC, wake up and get your priorities right, put 2FA on the back burner and get designated bank accounts ASAP. Frankly I'm staggered that AC didn't have designated bank accounts from day 1, that alone is a good reason for the person in charge of online security to be handed their P45 for being asleep at the wheel. Designated bank accounts do not really affect the security of our system. We already track where past withdrawals have been sent and perform additional security checks and validation on requests for withdrawals to new bank accounts. Even with a designated bank account system you need a process in place to change that bank account or manage a list of accounts, so you still need to be able to trust the identity of the person logged in to the system - something 2FA contributes to. As you may have seen in recent press articles there's a strong push towards 2FA adoption across the financial sector with banks increasing its use and proposing using it for every online transaction in the future - i.e. want to buy something on Amazon, have to use 2FA with the bank to do so. I expect the rest of the P2P sector to follow our lead in due course. All that said designated bank accounts are a convenience feature for lenders and are near the top of our list of priorities. They'll likely be built within the next couple of development sprints.
|
|
lara
Posts: 345
Likes: 300
|
Post by lara on Aug 11, 2018 5:54:36 GMT
I agree 100%. I'm sorry AC, I like your system (that's why you have my money) but all this mess over 2FA when designated bank accounts would solve 99.9% of the security problems and with zero complaints from lenders, in fact we would welcome it with open arms! If AC were my business I would call the people responsible for implementing 2FA into my office and point out that this obsession with 2FA whilst far less difficult and better solutions are ignored is making the business look very stupid and annoying customers. Please AC, wake up and get your priorities right, put 2FA on the back burner and get designated bank accounts ASAP. Frankly I'm staggered that AC didn't have designated bank accounts from day 1, that alone is a good reason for the person in charge of online security to be handed their P45 for being asleep at the wheel. All that said designated bank accounts are a convenience feature for lenders and are near the top of our list of priorities. They'll likely be built within the next couple of development sprints. would you mind being a little more specific about the time frame please? From what I can gather, this conversation has been going on for literally years now! I think you may be underestimating how much your customers would value this feature, which personally speaking, I do consider to be a safety feature and not just an added convenience.
|
|
|
|
Post by chris on Aug 11, 2018 6:01:20 GMT
All that said designated bank accounts are a convenience feature for lenders and are near the top of our list of priorities. They'll likely be built within the next couple of development sprints. would you mind being a little more specific about the time frame please? From what I can gather, this conversation has been going on for literally years now! I think you may be underestimating how much your customers would value this feature, which personally speaking, I do consider to be a safety feature and not just an added convenience. I can't I'm afraid as I'm not in control of the timing. We've moved to a sprint system with prioritisation set by the various stakeholders within the business. They agree what the commercial priorities are prior to each two week development sprint and then agree with the developers which jobs will be tackled during the next sprint balancing development time against the relative priorities. I have a voice on that panel but do not dominate it. Designated bank accounts are near the top of the priority list but didn't make it into the current sprint. They'll be reviewed again for the next sprint in a week's time where they may or may not make the cut depending on the commercial pressures at that point in time.
|
|
lara
Posts: 345
Likes: 300
|
Post by lara on Aug 11, 2018 6:07:53 GMT
chris would you mind being a little more specific about the time frame please? From what I can gather, this conversation has been going on for literally years now! I think you may be underestimating how much your customers would value this feature, which personally speaking, I do consider to be a safety feature and not just an added convenience. I can't I'm afraid as I'm not in control of the timing. We've moved to a sprint system with prioritisation set by the various stakeholders within the business. They agree what the commercial priorities are prior to each two week development sprint and then agree with the developers which jobs will be tackled during the next sprint balancing development time against the relative priorities. I have a voice on that panel but do not dominate it. Designated bank accounts are near the top of the priority list but didn't make it into the current sprint. They'll be reviewed again for the next sprint in a week's time where they may or may not make the cut depending on the commercial pressures at that point in time. Thank you. Hopefully you will continue to advocate for the implementation and not permit it to slip down the list too far.
|
|
joke
