littleoldlady
Member of DD Central
Running down all platforms due to age
Posts: 3,045
Likes: 1,862
|
Post by littleoldlady on Oct 25, 2018 10:10:31 GMT
Will calls to landlines always be from the same number? If so what is it? I can add that to my Call Guardian white list which will make it a lot less painful.
|
|
|
|
Post by chris on Oct 25, 2018 10:14:22 GMT
Badly Drawn Stickman - time will tell but I wonder how quickly you think they will change their minds after suffering their first hacked lender account that suffers a financial loss? I'd rather be preemptive when it comes to security, from how our servers are set up and hosted all the way through to how we handle lender account security. I would hope they take security as seriously as yourself. I was simply offering an 'outsiders' view of the way this is coming over to me on the forum. Added to other issues, it makes me less likely to consider investing with yourselves. Not because I think your intention is anything but praiseworthy, your personal commitment in time and interaction is obvious. Its just a turn off when platforms seem unable to deal with its 'customers' concerns. The 2FA solution has seen numerous revisions since launch based on that customer feedback and has been reviewed and signed off by Authy's own UX team as being as good as can be. There's an up front burden to signing up that can't be avoided but once you have set Authy up you need only interact with it every 30 days or when you do something requiring more security, which shouldn't be too much of a burden for people in relation to the security it brings. I'm open to suggestions as to how the implementation can be further improved but at some point we need to bite the bullet and enforce use of the solution as it's too important a security matter to leave longer. Unfortunately I can't really do anything to help with the other issues as they're not technical. Those that can are working round the clock to address them as I'm sure will become clear in due course.
|
|
|
|
Post by chris on Oct 25, 2018 10:15:50 GMT
Will calls to landlines always be from the same number? If so what is it? I can add that to my Call Guardian white list which will make it a lot less painful. I'm not sure but that should be something the help desk could find out for you. If you install the browser plugin the use of the landline would only be needed when first setting up the account, after that the plugin can be used over the same internet connection your browser is using.
|
|
ceejay
Posts: 975 
Likes: 1,149
|
Post by ceejay on Oct 25, 2018 10:45:19 GMT
If you have a working landline and internet connection then I think you're ok - I succumbed to the pressure and registered one of our accounts yesterday without a mobile being involved. Having said that, the process was convoluted and unhelpful and I can't say that I'm confident that I will be able to do the "restricted" activities when the time comes. The documentation regarding Authy is astonishingly poor.
If you don't do it, AIUI, you will shortly be prevented from logging in, which would not be ideal.
Can you let me know what you found convoluted and undocumented so that we can improve the system. Having used 2FA in many places there's not a lot I can think of that we can improve, and Authy themselves are using us as a case study for how it should be done. So any additional guidance would be welcome. It's worth adding that with the opt-out on login you can delay your next request for 2FA for up to 30 days (deleting or blocking your cookies will reset that timer), and for those using the Authy app or plugin you don't need to copy the code any more - you just authorise the request in the app and website lets you through. How could this be improved? OK, so I decide I'm going to do this - perhaps with Authy on my desktop. I go to my AC Profile and accept the invitation to find out more about 2FA. You have my landline listed as contact. Below, there are 3 options for logging in - Authy, SMS and Calling, but only the last one is enabled. So how am I to proceed? The page says "To find out more about using authy, please click here", which leads me to authy.com/features/setup/ , which is almost completely useless to me in this context. I have no idea what it's telling me. I follow my nose for a bit and end up at authy.com/guides/ , but that gets me nowhere. Using the search box for Assetz (with or without Capital) yields no results. I go back to your own site, where you have a cute little video. It talks about sending a code to my phone, but nothing useful about desktop authy (its all about the mobile). Since I appear to have no other option, I accept the "code to my landline" option and it mostly works, although the site hangs completely at the point where I'm asked to put a new password in. I kick it and login again and I seem to be up and running. I now have another account to do this with and I'm really not looking forward to it. I've seen nothing helpful at any stage in the process to make me feel comfortable about how this process will work, especially if I have two accounts I'm trying to operate. Will the phone number be a problem? If I use Authy on my desktop then what happens when I'm travelling? To be clear, I am confident that you would have answers to all of these questions, and that this tech almost certainly works as intended - but I do not feel that you have shown it to me at any stage. So, chris, does that sound like a smooth UX to you? [For the record, I regularly use 2FA for two different banks, and (less often) for HMRC. While none of these are exactly painless, at least in each case the organisation has been able to explain exactly what I have to do, and I've never felt obstructed]
|
|
|
|
Post by chris on Oct 25, 2018 11:10:19 GMT
ceejay - thanks for the feedback. Rather than go through point by point I'll take this to the lender team and UX specialist and talk it through with them first, will come back to you at some point in the next couple of days.
|
|
jeremy12
Member of DD Central
Everything's frozen
Posts: 83
Likes: 38
|
Post by jeremy12 on Oct 25, 2018 11:15:22 GMT
The 2FA does seem to be a bit sporadic in it's frequency for requesting the second factor - is there a pattern or rules that it follows?
|
|
lara
Posts: 345
Likes: 300
|
Post by lara on Oct 25, 2018 11:19:32 GMT
I signed up with AC literally the very first day that they rolled out 2fa so I have never known anything else on the site. I was in the position many of you have mentioned, poor reception or no cell phone, ex directory land line number, unwilling to install third party software on their computer, etc. And my initial fear was that having done my dd and found AC, that I wouldn't be able to actually invest with them! But the news was good! They can send the codes to a landline! I was in the game! In the beginning though, it was still a huge inconvenience because you had to enter the code every.single.time you logged on and this also meant that, unless you didn't mind waking up the rest of the household every time you wanted to access your account at night, you would have to wait until day time to do so. We brought up these points to Chris who listened to us and obligingly improved the system, so now you only need a code every 30 days for sign in and additionally for sensitive transactions. I couldn't be happier with the way it is now. It is the best of both worlds. I say, don't knock it before you try it!  |
|
dc848
Posts: 150
Likes: 92
|
Post by dc848 on Oct 25, 2018 11:40:06 GMT
I couldn't be happier with the way it is now. It is the best of both worlds. I say, don't knock it, before you try it! I concur.
I just made the switch, which seemed remarkably straightforward. However, I did note that AUTHY doesnt provide software for LINUX operating system, so I chose Option2-SMS.
Followed the onscreen instructions, and voila.
So now I receive an SMS text on my low-tech Nokia phone once per month. So only very slightly more work than my bank account.
Not unhappy with this setup at all.
PS. One off prerequisite activity: Switch off your Ad blocker before you start, then remember to switch Ad blocker on again after successfully online.
|
|
|
|
Post by chris on Oct 25, 2018 11:48:47 GMT
The 2FA does seem to be a bit sporadic in it's frequency for requesting the second factor - is there a pattern or rules that it follows? It will be down to how your browser handles cookies. If you clear your cookies or you have a plugin that sets a maximum lifetime for them or something like that, or you use incognito mode to access the site, then the timer is reset. Otherwise it should be approximately 30 days between login requests.
|
|
|
|
Post by df on Oct 25, 2018 12:37:27 GMT
Yesterday I've received e-mail saying "We can see that you have yet to set up Two-Factor Authentication". I have downloaded Authy back in July. When it is opened Assetz Capital is displayed in that window, so I thought my 2FA is set up. What else do I need to do?
|
|
bigfoot12
Member of DD Central
Posts: 1,817
Likes: 816
|
Post by bigfoot12 on Oct 25, 2018 12:57:05 GMT
For those without a mobile phone & having an ex-directory landline this is likely to be the final straw; downloading apps to a PC & giving away personal data is a non-starter for some people Really? If I didn't trust AC with my phone number I certainly wouldn't give them my money! I agree that there is a lot of hassle today with 'features' that provide no barrier to the thief but are a pain for everyone else. But almost every bank account I have now has 2FA for at least some services, as does HMRC. The recent compromise from AC seems very well thought out and that chris and others have listened to our previous concerns. I don't have a deep enough understanding of 2FA to know how much of a barrier it adds, but to my limited knowledge I am pleased. If you are so obsessed about privacy you presumably have more than one phone (cost is about £20 up front and then about £1 per year). If you buy it on the Three network (and possibly others) you can receive texts over wifi (or you used to be able to, O2 cancelled their equivalent last year).
|
|
|
|
Post by chris on Oct 25, 2018 13:21:57 GMT
Yesterday I've received e-mail saying "We can see that you have yet to set up Two-Factor Authentication". I have downloaded Authy back in July. When it is opened Assetz Capital is displayed in that window, so I thought my 2FA is set up. What else do I need to do? If you're prompted to use 2FA when you log in or do one of the other restricted actions (edit your profile, make a withdrawal, etc.) then you're good and the email was sent in error.
|
|
|
|
Post by Ace on Oct 25, 2018 13:24:51 GMT
I've set up 2FA for an Assetz account on my android tablet with Authy and it's been running satisfactorily for more than a month. In my view it's less hassle than the old method of having to provide an answer to one of 3 pre-set questions (certainly fewer clicks are needed). I access my account through a Chrome browser, but haven't investigate the chrome plugin yet, as all is working well without it. So far so good.
I manage a second Assetz account for an elderly relative via the same tablet, but through a different browser (Samsung internet). So far, I haven't set up 2FA for this second account as I am concerned that it might not be possible to use Authy for 2 accounts on the same tablet, or that attempting to do so might interfere with the first account.
So, my questions are;
1) can I use Authy for two Assetz accounts on the same tablet?
2) if so, are there any special steps that I need to follow to achieve this?
|
|
|
|
Post by Butch Cassidy on Oct 25, 2018 13:29:41 GMT
For those without a mobile phone & having an ex-directory landline this is likely to be the final straw; downloading apps to a PC & giving away personal data is a non-starter for some people Really? If I didn't trust AC with my phone number I certainly wouldn't give them my money! I agree that there is a lot of hassle today with 'features' that provide no barrier to the thief but are a pain for everyone else. But almost every bank account I have now has 2FA for at least some services, as does HMRC. The recent compromise from AC seems very well thought out and that chris and others have listened to our previous concerns. I don't have a deep enough understanding of 2FA to know how much of a barrier it adds, but to my limited knowledge I am pleased. If you are so obsessed about privacy you presumably have more than one phone (cost is about £20 up front and then about £1 per year). If you buy it on the Three network (and possibly others) you can receive texts over wifi (or you used to be able to, O2 cancelled their equivalent last year). No don't have any & am certainly not getting one to facilitate this BS; I've been with AC from the very early days & have had upto 6 figures on the platform, will now sell up & move elsewhere (all except the £5k in suspended loan #74 & who knows how I will finally get that money out?), shame as I have been a strong supporter & still have a decent equity stake but refuse to be treated like an automatron - if they can't accept that different customers need &/or want different things then the don't need my custom enough to warrant staying but as a MLIA only investor I was already at the back of the queue, so no great surprise in that. More concerned about shareholder value being reduced due to management intransigence.
|
|
|
|
Post by chris on Oct 25, 2018 14:19:01 GMT
Ace - it is possible to set up multiple accounts on the same device. The lender support desk will have instructions for helping you do so.
|
|
