09-07-2018, 09:38 PM
Any thoughts on this new security? Personally I'd prefer it to be required only to remove funds from the platform, not each logon, but maybe I?m missing something?
2 factor authentication
|
09-07-2018, 09:38 PM
Any thoughts on this new security? Personally I'd prefer it to be required only to remove funds from the platform, not each logon, but maybe I?m missing something?
09-07-2018, 10:43 PM
I agree, the best implementation is for there to be limited access without 2FA. It does replace the memorable information we previously used, which really didn't do much more than pad out the password.
I'm glad they offered an alternative to weaker SMS one time codes, but I'm not thrilled they used Authy rather than the open TOTP algorithm that would allow us to choose from a variety of authenticator apps. That said, it's no particular hardship.
10-07-2018, 05:57 AM
OK I'm a luddite, I don't use a mobile phone, when I worked I was banned from having one with me (secret work) and now I'm retired I have no intention of becoming a 'slave to the phone'.
So what do these changes mean to me? I log on to AC via the same 'big box' in my home office and when I turn that off I live in splendid isolation surrounded by motorcycles and machinery! "Two-factor authentication helps keeps you safer online by providing an extra layer of security that requires a time restricted, single use code sent directly to your mobile phone. You have the option to receive your unique code either by traditional text (SMS), call or via the 'Authy' app available for free on your iOS or Android device. The choice is yours."
10-07-2018, 05:58 AM
Dumbest thing ever. So now have to go hunting around for a mobile phone. If they insist upon this then they should supply card readers like natwest/nationwide or a physical secure key such as HSBC.
10-07-2018, 07:11 AM
(10-07-2018, 05:58 AM)bababill Wrote: Dumbest thing ever. So now have to go hunting around for a mobile phone. If they insist upon this then they should supply card readers like natwest/nationwide or a physical secure key such as HSBC.Interestingly HSBC don't provide one by default anymore, they use a similar app-based 2FA system. My biggest grumble about these things is the mammoth hassle when your phone either gets broken or lost. Most websites don't have very well supported ways to get new tokens (at least they didn't last time this happened)
10-07-2018, 11:04 AM
I haven't used Authy before but the trick seems to be to use the multiple device feature to set up your phone, tablet, and PC and then, crucially, disable the multiple device option so that The Boogie Man can't add another one when you are not looking. Cloud backup seems well thought out too. I am going to dive in.
10-07-2018, 11:56 AM
@idontgivea on a PC you can download the Windows desktop version of Authy https://authy.com/download/ or install the Chrome extension+app (they work together). Then you don't need to use a phone to get a code. When you set up Authy, you can use either a landline or mobile to give the once-only installation code.
For anyone who does use an Android or Apple phone / tablet, you can use the Authy app to get a 7-digit code to log in on any device.
10-07-2018, 01:23 PM
Thanks for the info @sinatra I suppose I am going to have to dive in .... although having just read in another place that it is now being considered only making this necessary for withdrawals and account changes the pressure to dive in might be relaxing. I don't like having to download 3rd party apps especially since I have no idea how it will cope with me trying to log on as myself, my business and my wife. Probably going to let others take the strain before I blow the internet apart .....
10-07-2018, 03:39 PM
Yes, isn't it a hoot the way 'personal computers' are assumed to be shared with everyone and their dog (4 active logons on this machine at the moment), whereas 'mobile phones' want to lock themselves to one user. Alright, the newer Android versions admit to multiple users, but it is a royal pain in most cases.
10-07-2018, 05:47 PM
(10-07-2018, 01:23 PM)idontgivea Wrote: Thanks for the info @sinatra I suppose I am going to have to dive in .... although having just read in another place that it is now being considered only making this necessary for withdrawals and account changes the pressure to dive in might be relaxing. I don't like having to download 3rd party apps especially since I have no idea how it will cope with me trying to log on as myself, my business and my wife. Probably going to let others take the strain before I blow the internet apart .....A post elsewhere suggests a code each time you want to sell something below par. Bonkers.
10-07-2018, 08:28 PM
If there turns out to be a problem running multiple accounts, Chrome allows you to have multiple profiles open, even on the screen at the same time. Each Chrome profile has its own extensions so could have its own Authy for that account.
10-07-2018, 09:12 PM
No mobile phone, don't intend to get one. More damned layers to wade through. Have we not got enough to do as it is?
11-07-2018, 09:12 AM
I use mSession Keeper on Firefox to keep my sessions alive. That means I don't need to keep a browser tab open and whenever I navigate to the site, I will already be logged in from last time. Obviously, I only do this with a PC that I only I use and have access to.
11-07-2018, 09:35 AM
According to Chris in another place they have agreed 2FA will be opt in for log in and otherwise only for important transactions.
Not seen any prompt to use it at all for my account yet anyway.
11-07-2018, 10:02 AM
11-07-2018, 10:34 AM
(11-07-2018, 09:35 AM)gattamelata Wrote: According to Chris in another place they have agreed 2FA will be opt in for log in and otherwise only for important transactions.There?s currently just an invitetion to get it set up now when you go to your Profile page
16-07-2018, 12:20 PM
Landlordinvest will be offering a optional two factor authentication function.
I like options.
17-07-2018, 08:27 PM
I see it has arrived, but I don't see any option to bypass it on login. Are they serious about these bloody codes every time one does something? This is going to add a huge amount of time to managing a portfolio, and will make AC much less attractive.
18-07-2018, 05:41 AM
(17-07-2018, 08:27 PM)troy Wrote: I see it has arrived, but I don't see any option to bypass it on login. Are they serious about these bloody codes every time one does something? This is going to add a huge amount of time to managaging a portfolio, and will make AC much less attractive.I bypassed the codes by simply going 'back to profile' then hitting the normal buttons at the top of the screen. In the interests of 'research' I have just logged on and the 2 stage screen has not appeared this morning. So as @SteveT has said the first appearance is just an invitation.
18-07-2018, 06:57 AM
(17-07-2018, 08:27 PM)troy Wrote: I see it has arrived, but I don't see any option to bypass it on login. Are they serious about these bloody codes every time one does something? This is going to add a huge amount of time to managaging a portfolio, and will make AC much less attractive.I did the same as @idontgivea. If you have signed up though, apparently there wil? soon be a opt out for logging on. Still mandatory for selling at discount, withdrawal of money or changing personal details though.
18-07-2018, 08:14 AM
(18-07-2018, 05:41 AM)idontgivea Wrote: I bypassed the codes by simply going 'back to profile' then hitting the normal buttons at the top of the screen. In the interests of 'research' I have just logged on and the 2 stage screen has not appeared this morning. So as @SteveT has said the first appearance is just an invitation.Yes, I found there are ways currently to bypass it. But it could become really painful with four accounts and being an active manager ....
18-07-2018, 08:25 AM
(18-07-2018, 08:14 AM)troy Wrote: Yes, I found there are ways currently to bypass it. But it could become really painful with four accounts and being an active manager ....That's what I was thinking but as I said above "In the interests of 'research' I have just logged on and the 2 stage screen has not appeared this morning." which made me sigh with relief.
1 user Likes thegrumbler's post - bababill
25-10-2018, 10:13 AM
The 2F authentication will apparently be forced (not anymore optional) on every investor in a couple of weeks (from 5th November).
An email was sent Yesterday to every customer who had decided not to use it up to now. Beside the fact I don't understand the reasons not to leave it optional, I really hate companies not listening customers and/or trying to impose a nuisance technology without justifying its real need. Given I am travelling quite a bit and find unacceptable the fact of not being able to acess my money (and even more for a technical reason) in case of real need, this morning I simply pressed the withdrawal button. AC has lost at least a lender for their lack of understanding that optional is better than compulsory.
25-10-2018, 11:49 AM
Their house. Their rules.
They did what they felt they had to do. You did likewise. pfka new2p2p
25-10-2018, 12:07 PM
Here's a question for people already in this.
Which is working more smoothly, phone text message or authy? errrr ... having read that, I don't suppose many have both in order to "go compare"! If I go for authy, can I use the same details on each of my laptops?
1 user Likes zappa's post - oldgrumpy
25-10-2018, 12:27 PM
(25-10-2018, 12:07 PM)oldgrumpy Wrote: errrr ... having read that, I don't suppose many have both in order to "go compare"! Yeah, only used mobile SMS - with the "don't keep bugging me" option box ticked I think I've needed it twice since that facility was launched. (For regular login activity) pfka new2p2p
25-10-2018, 12:35 PM
(25-10-2018, 12:07 PM)oldgrumpy Wrote: Here's a question for people already in this. I can compare Authy to other sites that use SMS - Authy is more reliable than those. You can sync details between devices if you wish. I'm keeping mine away from the cloud and using the android app and my phone.
28-10-2018, 12:17 AM
(25-10-2018, 11:49 AM)zappa Wrote: Their house. Their rules. Appreciate its "their house their rules" but it was only a few weeks ago they came out with the statement that it was optional...Now they change the rules half way through the match.... My 30 day notice account fortunately had ended on Saturday however if it was a few more weeks I would be locked into 2 factor Authentication methods without any choice of mine. Having two accounts with AC I checked my 'registered' telephone numbers.. Both were grossly incorrect..... Country code/ prefixes all wrong.....Perhaps I entered all the wrong details long ago..... Like Old grumpy I am hitting the exit button...
28-10-2018, 10:59 AM
|