jonno
Member of DD Central
nil satis nisi optimum
Posts: 2,808 
Likes: 3,242
|
Post by jonno on Feb 19, 2018 10:49:50 GMT
 No more words, let's just see the colour of the AC Provision Fund's money. God, that's 'orrible 
|
|
shimself
Member of DD Central
Posts: 2,563
Likes: 1,171
|
Post by shimself on Feb 19, 2018 13:36:05 GMT
Haha. The message was targeted at Chris, who I assume would understand what I was talking about. I was discussing types of two factor authentication (2FA), which is where you have to use a one time password in order to log into accounts. The most common is TOTP, which is a time-based one time password. You basically copy a code into a phone app, which then generates a new password every 30 seconds depending on the time. Even if someone gets all your passwords and knows everything about you, they still can't log in to your accounts without access to those codes generated every 30 seconds. You may have come across SMS 2FA, which is where a website sends you a code by text to let you log in. That isn't recommended as a best practice because phone companies often let hackers take control of your phone number. FIDO U2F is where you have a physical USB device which communicates with the website. It prevents sophisticated phishing attacks against 2FA and is the absolute gold standard in online security. Edit: The security question you're asked when logging in is a type of 2FA, but obviously not a one time password because they are re-used. Seeing as you are one who knows, what do you reckon to the HSBC securekey?
|
|
|
|
Post by vaelin on Feb 19, 2018 14:42:22 GMT
Seeing as you are one who knows, what do you reckon to the HSBC securekey? I assume this was directed at me. I don't use HSBC, but from the brief google I just did, I would say it looks very robust. Most online theft is done remotely, so anything that requires the attacker to take possession of a physical device unique to the account will make their task much more difficult. The biggest attack vector left open here is social manipulation, where you are tricked into deliberately sending someone your money. That kind of fraud is very common, and there aren't a lot of tech solutions for it. The best solution to that is to remain vigilant - some types of online fraud are extremely sophisticated and difficult to spot even for people who know what to look for.
|
|
littleoldlady
Member of DD Central
Running down all platforms due to age
Posts: 3,045
Likes: 1,862
|
Post by littleoldlady on Feb 19, 2018 17:39:34 GMT
Seeing as you are one who knows, what do you reckon to the HSBC securekey? I assume this was directed at me. I don't use HSBC, but from the brief google I just did, I would say it looks very robust. Most online theft is done remotely, so anything that requires the attacker to take possession of a physical device unique to the account will make their task much more difficult. The biggest attack vector left open here is social manipulation, where you are tricked into deliberately sending someone your money. That kind of fraud is very common, and there aren't a lot of tech solutions for it. The best solution to that is to remain vigilant - some types of online fraud are extremely sophisticated and difficult to spot even for people who know what to look for. I have proposed a simple solution but cannot get anyone to listen. When money is transferred there is a clear 'paper' trail up to the point where it disappears, I suppose either being withdrawn as cash or transferred on to a territory which does not co-operate. So all that is needed is legislation to say that any transfer can be reversed if either both parties agree or the receiving party does not respond. Then banks can introduce an insurance fee whenever a transfer out or withdrawal is requested where they are concerned that a cancellation request may not be honoured. This would not be necessary for the vast bulk of transfers between UK banks. Although these scams can be life changing for the people who lose out the total scammed is a minute percent of the total being moved so the insurance premium on transactions where the bank thought it necessary would be tiny.
|
|
|
|
Post by chris on Mar 2, 2018 21:53:46 GMT
Every time I log on to see my ISA account I’m scared witless because it comes up showing zero on the platform. But that’s because it comes up with the pointless never-to-be-used standard account rather than the nice new ISA account. It’d be nice if it could show the account actually being used when I log in rather than the standard. This is being addressed in the next big release.
|
|
loadsahope
Member of DD Central
Posts: 84
Likes: 45
|
Post by loadsahope on Mar 3, 2018 16:17:07 GMT
How about remembering that a visitor to the website has acknowledged the warning message at the top of the home page, and so not showing it again. It gets very annoying, especially if viewing the site on a mobile. Cookies exist for a reason!
|
|
|
|
Post by chris on Mar 3, 2018 18:40:18 GMT
How about remembering that a visitor to the website has acknowledged the warning message at the top of the home page, and so not showing it again. It gets very annoying, especially if viewing the site on a mobile. Cookies exist for a reason! That is such a basic flaw that I assume Assetz have decided that it should always be shown. It’s right up there with the code that deliberately prevents the username being remembered by the browser. Both quite irritating but both uniquely Assetz! Both are deliberate. The first was a compliance decision that I'll challenge again as I agree it's not the best UX but can't overrule our compliance officer if he insists. The second is for security reasons. The browser should not be remembering your login details without the use of a second security factor that some plugins provide but the browser itself does not as far as I'm aware. We'll be bringing further authentication options in the next big release to further enhance the site on that front.
|
|
mikes1531
Member of DD Central
Posts: 6,453
Likes: 2,320
|
Post by mikes1531 on Mar 4, 2018 21:57:34 GMT
Suggestion for improvement -- User comments on individual loans
AC have a feature whereby it's been possible to enter a comment about a loan for quite a while. These appear when looking at the loan's page or the Browse Loans or Yours Loans lists. I find this feature very useful and use it a lot. Now that AC have allowed ISAs to have a MLA option, they have chosen to allow two comments for each loan, one that appears when viewing the Standard account and the other when viewing the ISA. I can understand that there might be occasions when an investor might wish to have different comments for a given loan in their different accounts, so I can't argue against that.
Most of the time, however, I would like to be able to see the same comment about a loan no matter which sub-account (Standard vs. ISA) I'm viewing at the time. (Example: Date of next expected AC update.) So what would be really useful for me -- and, I expect, other investors as well -- would be the ability either to keep those two separate comments in sync, or to be able to click a button that would duplicate whatever comment I'm looking at into the other account. Personally I'd prefer that syncing was the default, so that the only time the user would have to take action would be if they wanted to maintain separate comments, but that might not be others' preferences.
I should add that I really do appreciate the way AC have implemented the ISA vs. Standard display for the MLA option. It is easy to switch back and forth between accounts, so I can copy comments from Standard account to ISA and vice versa without a lot of difficulty. But it does require at least seven actions (Highlight/Copy/SwitchAccount/Edit/Paste/Submit/Close) for each one and it would be a lot easier if the same could be accomplished with a single click.
Any thoughts?
|
|
dave
Member of DD Central
Posts: 86
Likes: 38
|
Post by dave on Mar 4, 2018 23:12:30 GMT
Suggestion for improvement -- User comments on individual loans AC have a feature whereby it's been possible to enter a comment about a loan for quite a while. These appear when looking at the loan's page or the Browse Loans or Yours Loans lists. I find this feature very useful and use it a lot. Now that AC have allowed ISAs to have a MLA option, they have chosen to allow two comments for each loan, one that appears when viewing the Standard account and the other when viewing the ISA. I can understand that there might be occasions when an investor might wish to have different comments for a given loan in their different accounts, so I can't argue against that. Most of the time, however, I would like to be able to see the same comment about a loan no matter which sub-account (Standard vs. ISA) I'm viewing at the time. (Example: Date of next expected AC update.) So what would be really useful for me -- and, I expect, other investors as well -- would be the ability either to keep those two separate comments in sync, or to be able to click a button that would duplicate whatever comment I'm looking at into the other account. Personally I'd prefer that syncing was the default, so that the only time the user would have to take action would be if they wanted to maintain separate comments, but that might not be others' preferences. I should add that I really do appreciate the way AC have implemented the ISA vs. Standard display for the MLA option. It is easy to switch back and forth between accounts, so I can copy comments from Standard account to ISA and vice versa without a lot of difficulty. But it does require at least seven actions (Highlight/Copy/SwitchAccount/Edit/Paste/Submit/Close) for each one and it would be a lot easier if the same could be accomplished with a single click. Any thoughts? Show all comments in all accounts, but highlight (bold?) the one for the account you are viewing from at the moment ? Dave
|
|
|
|
Post by chris on Mar 5, 2018 8:15:23 GMT
mikes1531 - next big release aims to tackle this.
|
|
loadsahope
Member of DD Central
Posts: 84
Likes: 45
|
Post by loadsahope on Mar 5, 2018 8:42:34 GMT
That is such a basic flaw that I assume Assetz have decided that it should always be shown. It’s right up there with the code that deliberately prevents the username being remembered by the browser. Both quite irritating but both uniquely Assetz! Both are deliberate. The first was a compliance decision that I'll challenge again as I agree it's not the best UX but can't overrule our compliance officer if he insists. The second is for security reasons. The browser should not be remembering your login details without the use of a second security factor that some plugins provide but the browser itself does not as far as I'm aware. We'll be bringing further authentication options in the next big release to further enhance the site on that front. I thought it might be a perceived compliance issue, but not one that I have seen anyone else follow. Hope you you can persuade them. The second, as someone quite involved with application security, I endorse!
|
|
ding
Member of DD Central
Posts: 238
Likes: 132
|
Post by ding on Mar 5, 2018 12:28:32 GMT
Tax statement. Can you please add the current tax year as an option in the dropdown box?
I like to update my Quicken 2000 ( !!! ) interest entry for 5th April 2018 every so often.
|
|
shimself
Member of DD Central
Posts: 2,563
Likes: 1,171
|
Post by shimself on Mar 9, 2018 12:59:46 GMT
I think I've mentioned this before, but I've just had a snarky reply saying why not look at the credit report 12 to which the answer is why hide the credit report (12 is between 6 and 7 !)
so put them in a sensible order please
|
|
littleoldlady
Member of DD Central
Running down all platforms due to age
Posts: 3,045
Likes: 1,862
|
Post by littleoldlady on Mar 9, 2018 14:33:32 GMT
Tax statement. Can you please add the current tax year as an option in the dropdown box? I like to update my Quicken 2000 ( !!! ) interest entry for 5th April 2018 every so often. That would be a welcome improvement. Even better would be to put in start and end dates.
|
|
loadsahope
Member of DD Central
Posts: 84
Likes: 45
|
Post by loadsahope on Mar 9, 2018 21:00:01 GMT
Filter loans by the notes field. At a minimum, those where notes aren't blank. Even better would be where notes contain some string - would allow us to annotate loans and subsequently easily locate them.
|
|
