mikes1531
Member of DD Central
Posts: 6,453
Likes: 2,320
|
Post by mikes1531 on Dec 13, 2013 0:09:53 GMT
There doesn't see to be a 'Suggestion Box' thread, so I thought I'd start one.
My first contribution relates to the sign-in screen. Would it be possible to add a tick box on that page to allow my email address to be remembered -- presumably in a cookie -- so I don't have to key it in every time? I find that a pain. This may be an issue that doesn't affect all browsers -- I'm using Firefox -- but mine doesn't save entries I've put into boxes on pages that are HTTPS. Is there a setting I haven't found that would let it do that?
As a related point, does anyone know how long you can leave an Assetz window untouched before you're automatically logged out? I realise that setting is a trade off between security and ease of use, but it does seem rather short to me, as I'm perennially being logged out. I'm reluctant to ask for a tick box for 'Keep me logged in' but people who are sole users of a home PC might like to have that option. Or maybe make the automatic time-out setting a variable that's settable by the user?
|
|
|
|
Post by jackpease on Dec 13, 2013 7:01:21 GMT
That may be a browser issue - i use different browsers and in Chrome at least, the email and password are retained (but the security question isn't). On Funding Knight its the same except the cookies are set to avoid having to keep answering the security question. Internet Explorer as ever is not as predictable and I mostly have to feed in the details. There are ways of helping your browser do this - google something like '(your browser) remember password setting' or similar
I have previously suggested that we wouldn't need quite as much security if you couldn't go into the account and draw down money and choose any old account to draw it into. It should well and truly be locked into a nominated bank account.
|
|
|
|
Post by chris on Dec 13, 2013 7:13:41 GMT
The session expiry time should be 20 minutes but I'll double check and report back if that isn't the case. The browser is also explicitly set to not remember your email address and password, so if your browser is doing so then it is being naughty and ignoring those settings. This is because it is considered a security risk if these details are not manually entered each time. Nominating a bank account to which all withdrawals have to go is currently being considered and is likely to be developed soon. I'm personally in favour but we need to work out the process for allowing someone to change their nominated account. We're also considering using a service like Authy as an optional extra that people can opt-in to using to authenticate themselves when they log in, and for changing key settings such as their password or nominated bank account. |
|
|
|
Post by lynnanthony on Dec 13, 2013 7:29:13 GMT
"The browser is also explicitly set to not remember your email address and password, so if your browser is doing so then it is being naughty and ignoring those settings."
Using Firefox on my home computer. when logging in to Assetz as soon as I type the first letter of my email address I am offered the whole email address which I click on to accept. My password is then automatically filled in. No doubt this is something I have set somewhere at sometime ("do you want Firefox to remember ......"). Not good security but not Assetz's fault I accept. Are you saying you should be able to override that behaviour from your end?
|
|
|
|
Post by chris on Dec 13, 2013 7:36:43 GMT
"The browser is also explicitly set to not remember your email address and password, so if your browser is doing so then it is being naughty and ignoring those settings."
Using Firefox on my home computer. when logging in to Assetz as soon as I type the first letter of my email address I am offered the whole email address which I click on to accept. My password is then automatically filled in. No doubt this is something I have set somewhere at sometime ("do you want Firefox to remember ......"). Not good security but not Assetz's fault I accept. Are you saying you should be able to override that behaviour from your end? Yup, there's a flag 'autocomplete="off"' on those fields which all modern browsers are supposed to support, including Firefox 1.5+, which should stop the browser from remembering previously entered values.
|
|
|
|
Post by batchoy on Dec 13, 2013 7:45:24 GMT
I have to say I much prefer having Assetz forget my email address and password, the auto logout time is fine, and I would actually like it to log out if I browse away from the site on the same tab, but then I maybe weird being concerned about the security of my accounts, but then again having had to deal with companies that have lost and nearly lost hundreds of thousands of pounds through poor website security, individuals who have lost/had stolen laptops that contain web browsers full of remembered of userids and passwords and having been hit a couple of times myself with card fraud I might be just a bit more sensitive to the matter.
|
|
alison
Member of DD Central
Sanctuary!!
Posts: 356 
Likes: 99
|
Post by alison on Dec 13, 2013 9:00:15 GMT
Is there a profanity filter?  |
|
|
|
Post by andrewholgate on Dec 13, 2013 10:02:19 GMT
Is there a profanity filter? Of course there ####### is one. Andrew
|
|
|
|
Post by bracknellboy on Dec 13, 2013 10:38:26 GMT
Nominating a bank account to which all withdrawals have to go is currently being considered and is likely to be developed soon. I'm personally in favour but we need to work out the process for allowing someone to change their nominated account. I would MUCH prefer nominated bank account for withdrawls, exactly as I have setup on my online savings accounts. Its always concerned me that the likes of FC do not (at this stage of their maturity. As for process for allowing someone to change it, then KISS but secure. Additional levels of security questions required would be a good starting point. I like the use of SMS temporary pass codes by many institutions: it means you have to be in possession of your registered mobile. Of course if its easy to change your registered mobile once an account is penetrated then that is a problem. Confirmation by sending email to registered email address and requirement to click back is also good. Again provided that is not easy to change on penetration without breaching extra security levels. But heh, you guys know far more than me on this stuff i.e. what is most secure and where the trade off on development/implementation cost lies. Glad these things are being considered.
|
|
debeast
(o)(o)
Posts: 238 
Likes: 44
|
Post by debeast on Dec 13, 2013 12:30:53 GMT
Nominated Accounts would be great.
But best of all how about No Loans at 5pm on a friday afternoon! Going to miss todays i think due to that timing
|
|
mark
Posts: 163
Likes: 166
|
Post by mark on Dec 13, 2013 16:43:40 GMT
Looking forward to the measured and beneficial improvements to AC. No problem with Friday Late afternoon . The variety of different time starts , although you cant please all the people all the time , gives the opportunity to those lenders who ' miss out ' on the usual start times around midday and is therefore fair and welcome.
|
|
oldgrumpy
Member of DD Central
Posts: 5,087
Likes: 3,233
|
Post by oldgrumpy on Dec 13, 2013 16:49:20 GMT
Looking forward to the measured and beneficial improvements to AC. No problem with Friday Late afternoon . The variety of different time starts , although you cant please all the people all the time , gives the opportunity to those lenders who ' miss out ' on the usual start times around midday and is therefore fair and welcome. How about split starts to loans. For example, today's offering could have had 50% on offer at noon, and the remaining 50% on offer at 5pm. A larger loan, say >£300K could be split into three parts, two starting on day one, 12:00 and 19:00, the third next day at 09:00. (My thought for the week! )
|
|
|
|
Post by andrewholgate on Dec 13, 2013 16:57:17 GMT
Looking forward to the measured and beneficial improvements to AC. No problem with Friday Late afternoon . The variety of different time starts , although you cant please all the people all the time , gives the opportunity to those lenders who ' miss out ' on the usual start times around midday and is therefore fair and welcome. How about split starts to loans. For example, today's offering could have had 50% on offer at noon, and the remaining 50% on offer at 5pm. A larger loan, say >£300K could be split into three parts, two starting on day one, 12:00 and 19:00, the third next day at 09:00. (My thought for the week! ) Anyone know a good IT programmer?? (Sorry Chris). I think that is impractical to deal with operationally and might cause more problems than it solves.
|
|
|
|
Post by chris on Dec 13, 2013 16:59:51 GMT
How about split starts to loans. For example, today's offering could have had 50% on offer at noon, and the remaining 50% on offer at 5pm. A larger loan, say >£300K could be split into three parts, two starting on day one, 12:00 and 19:00, the third next day at 09:00. (My thought for the week! ) Technically there's no reason why this couldn't be done, although I think there are more elegant solutions (that we're already examining internally). When I built one of our now competitor's website I did code in a facility into their autobid system whereby it would only bid up to a maximum percentage of the loan value based on how long the auction had been running. For example at half way through the auction autobid could only take the bid total up to 50% of the loan's total value. The idea was to prevent autobidders having an unfair advantage over people who wanted to manually bid. In the end though there were a number of business reasons that overruled this so it was never used in production. With our platform this would then bias the bidding process against those that can sit on the site all day every day so that they can bid in multiple segments, so then we'd be asked to provide other tools to mitigate this. I'd prefer to come up with a more elegant solution that works for all lenders, and I have a number of ideas that are currently being considered by the rest of the team.
|
|
|
|
Post by jevans4949 on Dec 13, 2013 18:12:35 GMT
Another idea: in the "Bid" panel, allow people to specify a loan part size, e.g, to bid £2000 in £20 loan parts. Default/maximum could still be £100, and minimum £20. This would save the fingers of large bidders who want parts less than £100. You will need to decide about what happens if the bid doesn't divide exactly, but that's not a major issue.
|
|
