niceguy37
Member of DD Central
Posts: 504 
Likes: 254
|
Post by niceguy37 on Jul 10, 2018 9:41:56 GMT
I am amazed at the length of this thread and the uproar by some at AC just for trying to increase our security - we live in a world with increasing likelihood of cyber attacks of all forms and any financial institution seeking to increase our protection against that should be applauded not castigated That said, there are some good suggestions here such as 2FA for limited actions only - worthy of some consideration - although I am not sure it will really help that much except for viewing our account. An 'opt out' would be another possibility provided it does not mean AC can alleviate themselves of their existing security responsibilities to us If it's more hassle to log in then many lenders will opt for more convenient P2P providers. I certainly do. And that adds platform risk.
|
|
|
|
Post by chris on Jul 10, 2018 9:48:44 GMT
None at all, Authy is designed to allow use across multiple devices. Does it allow use for multiple AC accounts from the same device? I believe so
|
|
dandy
Posts: 427
Likes: 341
|
Post by dandy on Jul 10, 2018 9:50:45 GMT
If it's more hassle to log in then many lenders will opt for more convenient P2P providers. I certainly do. And that adds platform risk. So 2FA will lead to increased platform risk? If you say so.  If you genuinely choose/switch platforms based on ease of log in/weakest security then that is your prerogative I guess. Each to their own.
|
|
|
|
Post by davee39 on Jul 10, 2018 9:53:28 GMT
What a lot of Whingers.
I have set up Authy for chrome (less than 5 Mins). For those without a mobile the initial set up text can be sent to a BT landline.
Login involves clicking on the desktop icon for Authy and copying the pin instead of mothers grandfathers first hairdressers nationality.
It takes a few seconds.
Everyone here is likely to be Tech Savvy, regularly updating their antivirus and scanning for Malware. A grown up business
knows that this does not apply to all users, and recognizes the need for better log in processes.
Banks want to close Branches and push everyone on line. They have decided that it is more profitable to compensate fraud victims
than it would be to provide personal services to those who do not want to go on line - thus the less secure log in.
|
|
star dust
Member of DD Central
Posts: 2,998
Likes: 3,531
|
Post by star dust on Jul 10, 2018 9:54:29 GMT
Will I need to go through this rigmarole every time I am "automatically logged out" by the system whilst taking a break to check news, football, or make a cup of tea?
btw the Video link in the e-mail is not working, I have tried several times over the past few hours, but it always times out. Currently on holiday in Bali, if that makes any difference.
The connection has timed out
The server at vimeo.com is taking too long to respond.
The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer's network connection.
If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web. There is a grace period with Authy whereby you can re-login without going through 2FA, so it will depend on how long you step away from the computer. I doubt it, I have terrible problems with the AC site when I am away on the equivalent of dial up internet. It quite often times out or fails to render properly. This makes me wonder if this will also cause me additional issues with this process if it's based on a timed response?
I'm away a lot - I change SIMs frequently for country specific reasons, I install as few as possible third party apps and have never installed one because a third party or my bank insisted on it (or it was the only way to use their service).
So, will this be yet another P2P platform that I totally divest from because of changes in their terms or modus operandi? Or will they show some sense?
|
|
lobster
Member of DD Central
Posts: 636
Likes: 467
|
Post by lobster on Jul 10, 2018 9:59:08 GMT
Do any other P2P companies actually use 2FA ? I'm not aware of any. Even the biggest spread betting firms like IG index and CMC markets don't use it. If AC go ahead and implement 2FA , I think a lot of irritated lenders will be reducing their account balances "to FA" very shortly afterwards. |
|
m2btj
Member of DD Central
Posts: 631
Likes: 772
|
Post by m2btj on Jul 10, 2018 10:09:36 GMT
The biggest flaw in AC security is the fact that investor deposits/withdrawals are not linked to a nominated bank account. On withdrawal you just enter any bank details you like!
|
|
alender
Member of DD Central
Posts: 981
Likes: 683
|
Post by alender on Jul 10, 2018 10:10:59 GMT
This is very inconvenient, my Mobil has limited reception at home (may get connection if I hold the phone outside upstairs window or sometimes had to drive down the road). The landline could easily be in use by someone else in the house.
I have to use this system for HMRC (who have no regard for there users) but not keen to use it if I have a choice. You would have thought that a company after investments would have more sense than to make it difficult (at times impossible) for their uses to login.
There can be no real requirement for this system as many other organisations can work without it. The few I known that use this system only do so when changes are made to important information or you have not logged in for a time and so not recognise the computer.
It makes it difficult if not impossible to use when outside the UK as we usually only take my partners Mobil with us.
|
|
|
|
Post by chris on Jul 10, 2018 10:12:14 GMT
I think the video may be being blocked at your end.There is a grace period with Authy whereby you can re-login without going through 2FA, so it will depend on how long you step away from the computer. I doubt it, I have terrible problems with the AC site when I am away on the equivalent of dial up internet. It quite often times out or fails to render properly. This makes me wonder if this will also cause me additional issues with this process if it's based on a timed response?
I'm away a lot - I change SIMs frequently for country specific reasons, I install as few as possible third party apps and have never installed one because a third party or my bank insisted on it (or it was the only way to use their service).
So, will this be yet another P2P platform that I totally divest from because of changes in their terms or modus operandi? Or will they show some sense?
Once Authy is set up you can use it from your mobile with any SIM in any country as it is designed for offline use. You then have a 30 second window to enter the digits and have it accepted by the server. Shouldn't pose a problem.
|
|
tarq
Member of DD Central
Posts: 126
Likes: 28
|
Post by tarq on Jul 10, 2018 10:13:08 GMT
Had a look at it for Chrome, and it says 'no internet' when I type my phone no., which I obviously have!
Do I need to set up 2 different browsers for me & OH accounts?
|
|
mary
Member of DD Central
Posts: 698 
Likes: 711
|
Post by mary on Jul 10, 2018 10:23:10 GMT
Therefore the business case to reduce 2FA to only be required for withdrawals and critical profile changes (password, bank account, etc) is that it would reduce Assetz costs paid to Authy by >90%. This isn't about cost it's about securing your funds. I'll push again to allow lenders to opt-out of 2FA on login but can't make any promises. Thank you.
|
|
bigfoot12
Member of DD Central
Posts: 1,817
Likes: 816
|
Post by bigfoot12 on Jul 10, 2018 10:24:05 GMT
The biggest flaw in AC security is the fact that investor deposits/withdrawals are not linked to a nominated bank account. On withdrawal you just enter any bank details you like! I agree with this, and it is likely to create simple errors, which are more likely. I am also concerned that if 2FA becomes so automatic that I don't notice, then I won't notice if I am a victim of spear fishing, or man in the middle or something similar. If I only use 2FA when withdrawing money or changing an email/phone number/bank account (the latter being very rare), I can be much more careful. I think that this might be safer than full 2FA.
|
|
|
|
Post by stuartassetzcapital on Jul 10, 2018 10:36:48 GMT
Hi everyone.
I understand that there are some further features planned in coming days that answer most of these points. When 2FA is implemented well it can avoid having to type the code in manually, it does look like that isnt live yet in the first few days of roll out. We will look to shorten the PIN and perhaps only require full 2FA on changing any settings or withdrawing I understand.
2FA is a really important extra layer to protect everyone's money and if other bsuinesses that handle your money arent using it yet I'm sure they soon will be.
There are several financial systems I know of that require 2FA login to get near your money and once this is as smooth as possible I'm sure everyone will see this as a plus. It is curtremtly optional whilst we roll the full feature set out.
And yes designated and pre approved bank accounts is coming shortly too to avoid keying errors although we would likely pick that up on our processes.
|
|
SteveT
Member of DD Central
Posts: 6,875
Likes: 7,924
|
Post by SteveT on Jul 10, 2018 10:43:42 GMT
We will look to shorten the PIN and perhaps only require full 2FA on changing any settings or withdrawing I understand. This seems to me the obvious approach to take, delivering >99% of the security enhancement with <1% of the disruption / annoyance (given I must log in more than 100 times for each time I change settings or withdraw funds)
|
|
copacetic
Member of DD Central
Posts: 306
Likes: 667
|
Post by copacetic on Jul 10, 2018 10:53:27 GMT
chris I'd just like to say that despite my dislike of this particular change your continued engagement in this forum and patience answering questions from lenders in spite of all the grumbles makes you a credit to the AC team.
|
|
