warn
Member of DD Central
Curmudgeon
Posts: 637 
Likes: 658
|
Post by warn on Jul 10, 2018 10:59:52 GMT
chris I'd just like to say that despite my dislike of this particular change your continued engagement in this forum and patience answering questions from lenders in spite of all the grumbles makes you a credit to the AC team. And despite my having been a little rude recently, I absolutely agree with that.
|
|
warn
Member of DD Central
Curmudgeon
Posts: 637
Likes: 658
|
Post by warn on Jul 10, 2018 11:08:40 GMT
Does it allow use for multiple AC accounts from the same device? I believe so , I haven't managed to get that aspect to work. I log in regularly to Mrs Warn's account also, but it seems as if the Authy code generated takes the set-up mobile number into account, and we don't have the same mobile phone number. In any event, the generated code is invalid for her account.
|
|
|
|
Post by chris on Jul 10, 2018 11:25:00 GMT
You'd need to enter your mobile number when setting up the authorisation on the account. That mobile is stored separately to the phone number used for contact. The lender desk should be able to help set it all up.
|
|
|
|
Post by unknown on Jul 10, 2018 12:57:15 GMT
Truly wonderful Assetz.
I don't have a mobile phone. (No reception where I live anyway) and I just did a little homework on this 2FA thing and PC World had this to say:-
'Multi-device access to your 2FA codes is great, but it does come with a drawback. Authy says your backups are encrypted based on a password entered on your smartphone before hitting the cloud. That means your passcode is the only way to decrypt them, and Authy doesn’t have it on file. If you forget your pass code you can get locked out of your accounts since you won’t have the 2FA codes. How you regain access to each account depends on that service’s account recovery policies.
If you are new to 2FA this might not be the app for you unless you’re prepared to take proper steps to ensure you never lose access to Authy—like writing down your pass code and storing it somewhere safe.'
I've just started using Assetz for 'easy access' being yet another refugee from Ratesetter. Am I now being forced on again and resorting to burying gold at the bottom of the garden?
So come on Assetz, take a step back and make life a little more simple for we mere mortals. Growing vegetables at the bottom of the aforesaid garden is far better for the soul than worrying about Assetz latest techno wheeze.
|
|
|
|
Post by geoffrey on Jul 10, 2018 13:47:18 GMT
chris Having used the Authy method a few times since setting it up yesterday, might I suggest a couple of usability improvements? 1. On the login page, provide an option for the user to have the code generated EITHER with Authy OR sent via SMS OR via phone call. At the moment, I have to complete login with the previously chosen method before I can change it in the options. Just as Barclays offers me the choice of using either PINSentry, or an App, or an extra login password which I have pre-authorized, the choice should be offered at login time. 2. On the page where we are asked to provide the Authy code, we need some link for "I can't access my Authy devices", or something along those lines. At the moment there is nothing on that page. This could be mitigated by 1 above, so we could have "Log in with SMS instead" here. But some indication of what to do if you've lost your mobile device, say, and can't use it to receive SMS or authorize with Authy is needed. Even if it's simply "Contact customer support" (though I would hope for the SMS/Call options).
|
|
|
|
Post by drphil on Jul 10, 2018 14:19:17 GMT
Firstly, I would like to re-iterate previous comments praising the willingness of the AC reps to engage with members via this forum, and not just on this topic.
I am very happy with all aspects of my dealings with AC.
I have to say though, I think 2FA is completely over the top, at least to log-in just to view your holdings.
I cannot help feel that this is "not putting the customer first". I have over 30 accounts with different financial institutions and not one of them utilizes 2FA, except for new-payee/large withdrawls. By introducing this, the implication is that AC have not put enough effort into getting the right balance for heightened security with ease of use. I'm reminded of my Nationwide bank account (and to be be fair they do offer a memomarble data option) and their card reader. If every institution adopted this, I'd be carrying around 30 card readers!
I look forward to restriction of 2FA to critical transactions.
|
|
michaelc
Member of DD Central
Say No To T.D.S.
Posts: 5,706
Likes: 2,981
|
Post by michaelc on Jul 10, 2018 14:21:08 GMT
Hi everyone. I understand that there are some further features planned in coming days that answer most of these points. When 2FA is implemented well it can avoid having to type the code in manually, it does look like that isnt live yet in the first few days of roll out. We will look to shorten the PIN and perhaps only require full 2FA on changing any settings or withdrawing I understand. 2FA is a really important extra layer to protect everyone's money and if other bsuinesses that handle your money arent using it yet I'm sure they soon will be. There are several financial systems I know of that require 2FA login to get near your money and once this is as smooth as possible I'm sure everyone will see this as a plus. It is curtremtly optional whilst we roll the full feature set out. And yes designated and pre approved bank accounts is coming shortly too to avoid keying errors although we would likely pick that up on our processes. I recently left after 21 years working at probably the largest and best known networking, IT and security company. I also have an Msc in Information Security. Throughout my career I had a number of arguments discussions with colleagues about security vs ease of use. Some of my colleagues seemed to enjoy putting the fear of God into senior management such that if they didn't comply with this or that security recommendation the entire business unit would fall be instantly hacked and would apart. Management felt unable to question the recommendations because they were typically fed lots of over the top highly technical security reasons as to why they needed implementing. In truth, the issue is entirely a business, management and security decision - there is nothing technical at all. I urge you to spend the money now on implementing a 2fa for high security transacations only. It is surely not that much more work Please do look at many/most of the banks which do not require 2fa for everything. None of my bank accounts do.
|
|
dave2
Member of DD Central
Posts: 177
Likes: 163
|
Post by dave2 on Jul 10, 2018 14:21:59 GMT
I don't want this every time I sign on.
Having to check SMS messages and juggle codes around.
Sometimes it is slow enough signing on anyway when my hotel has a poor wifi connection.
|
|
benaj
Member of DD Central
N/A
Posts: 5,609
Likes: 1,738
|
Post by benaj on Jul 10, 2018 14:37:56 GMT
I don't want this every time I sign on.
Having to check SMS messages and juggle codes around.
Sometimes it is slow enough signing on anyway when my hotel has a poor wifi connection.
Personally, I don't like hotel wifi. check your hotel wifi speed before you book
|
|
|
|
Post by stuartassetzcapital on Jul 10, 2018 14:51:04 GMT
Thank you everyone for your feedback and rest assured it is being considered very seriously for the final implementation over the next two weeks as this rolls out. We just need to protect people from email hijackers, physical mail diverters and other such problems of modern life and will seek to do so in a way that doesnt interfere more than needed and lets you and us sleep well at night!
|
|
lara
Posts: 345
Likes: 300
|
Post by lara on Jul 10, 2018 15:00:53 GMT
Now I am getting random phone calls with codes when I am already signed in. Your shiny new system is glitching!
|
|
warn
Member of DD Central
Curmudgeon
Posts: 637
Likes: 658
|
Post by warn on Jul 10, 2018 15:32:12 GMT
Stick with it, lara. This place is so much better than RS, despite the odd, er, oddness. |
|
lara
Posts: 345
Likes: 300
|
Post by lara on Jul 10, 2018 15:48:50 GMT
Stick with it, lara . This place is so much better than RS, despite the odd, er, oddness. Thank you! That's encouraging!
|
|
|
|
Post by Jack Barlow on Jul 10, 2018 16:09:03 GMT
I've been testing 2FA with the SMS-to-mobile option and so far I'm very happy with it. In my view the increased security (for both the online activity and the telephone customer services) is most welcome and much overdue.
I also tested the SMS to BT landline option for a few hours too but soon came to the conclusion that it would drive both me and the family mad, so sympathise with those without a mobile phone or reliable signal. I haven't investigated the Authy option yet.
|
|
|
|
Post by Jack Barlow on Jul 10, 2018 16:15:17 GMT
Now I am getting random phone calls with codes when I am already signed in. Your shiny new system is glitching! I've been receiving a code by SMS every time I submit a sell-at-par instruction even though there is no on-screen prompt to enter a code. I reported this bug to Customer Services this morning and they confirmed that a code should only be sent when setting a sell-at-discount instruction.
|
|
