puffin
Member of DD Central
Posts: 87 
Likes: 26
|
Post by puffin on Sept 23, 2016 13:55:42 GMT
Which P2x sites allow two factor authentication ?
I know SS does, which others?
Thanks!
|
|
|
|
Post by westonkevRS on Sept 23, 2016 14:51:32 GMT
RateSetter does (i.e. a mobile number code is texted to you), if you choose that option. It isn't set by default, and only a small percentage of our lenders choose the two factor authentication option. In our opinion, it doesn't lower the risk of using the RateSetter platform, otherwise we would have made it mandatory
Kevin.
|
|
archie
Posts: 1,866
Likes: 1,861
|
Post by archie on Sept 23, 2016 14:53:33 GMT
Not everyone owns a mobile  |
|
puffin
Member of DD Central
Posts: 87
Likes: 26
|
Post by puffin on Sept 23, 2016 15:18:27 GMT
Not everyone owns a mobile Not all authentication has to be via mobile. I already have used two alternatives: - Google Authenticator, which is possible on various platforms. All you need is the ability to do a one-time setup of an app/software. - Email authentication is also possible, Yahoo's two factor authentication allows email.
|
|
|
|
Post by mrclondon on Sept 23, 2016 15:23:40 GMT
And those that are outside the UK may find that the SMS message is received beyond the validity timeout of the code, as SMS delivery when roaming is not always real time.
(I had a particular problem when working in Basel very close to the Swiss/German border as my UK mobile hunted repeatedly between Swiss and German networks - even walking from one end of the open plan office to the other to grab a coffee was enough for my phone to take a holiday to another country ! )
I try to avoid financial institutions that mandate two factor authorisation. I can live with the first direct implementation as the dongle is only required to set up new payment destinations which can be done over the phone instead.
This year HMRC has gone over to a SMS based two factor signin for self-assessment etc which is required EVERY sign-in. A real pain in the neck when you get logged out every n minutes for inactivity .....
|
|
nick
Member of DD Central
Posts: 1,056
Likes: 825
|
Post by nick on Sept 23, 2016 15:30:08 GMT
And those that are outside the UK may find that the SMS message is received beyond the validity timeout of the code, as SMS delivery when roaming is not always real time. (I had a particular problem when working in Basel very close to the Swiss/German border as my UK mobile hunted repeatedly between Swiss and German networks - even walking from one end of the open plan office to the other to grab a coffee was enough for my phone to take a holiday to another country ! ) I try to avoid financial institutions that mandate two factor authorisation. I can live with the first direct implementation as the dongle is only required to set up new payment destinations which can be done over the phone instead. This year HMRC has gone over to a SMS based two factor signin for self-assessment etc which is required EVERY sign-in. A real pain in the neck when you get logged out every n minutes for inactivity ..... A work around if you're travelling is to have the SMS token sent to a public SMS message service. Any SMS's sent to the service provider's number is posted on a public website - no registration required. The webpage is public, but only the token number is sent by SMS (no other identifying information) so it is useless to anyone else unless they know the account for which the token has been requested and know your personal login info. There are a number of sites that offer this service - just google "receive sms online free". I think people usually use the service to avoid having to provide 3rd parties with their own phone numbers for privacy/avoid spam etc.
|
|
nick
Member of DD Central
Posts: 1,056
Likes: 825
|
Post by nick on Sept 23, 2016 15:38:58 GMT
RateSetter does (i.e. a mobile number code is texted to you), if you choose that option. It isn't set by default, and only a small percentage of our lenders choose the two factor authentication option. In our opinion, it doesn't lower the risk of using the RateSetter platform, otherwise we would have made it mandatory Kevin. Interesting. What is the basis of your assessment that 2-step verification doesn't the reduce risk of using your platform?
|
|
|
|
Post by westonkevRS on Sept 23, 2016 17:30:41 GMT
This is a fraud issue, so clearly I am not going to go into detail.
However two factor authentication is a defence against fraudsters guessing/appropriating your log-in details and entering your members area. However with RateSetter there isn't much damage they could do once in, other than playing with your reinvestment settings!
Kevin.
|
|
Investboy
Member of DD Central
Trying to recover from P2P revolution
Posts: 564
Likes: 201
|
Post by Investboy on Oct 19, 2016 12:54:45 GMT
This is a fraud issue, so clearly I am not going to go into detail. However two factor authentication is a defence against fraudsters guessing/appropriating your log-in details and entering your members area. However with RateSetter there isn't much damage they could do once in, other than playing with your reinvestment settings! Kevin. No damage? They could invest all my pennies at current "lend it now rate" of 1%!!!
|
|
