Log In
Register
Home
Topic RSS
Facebook
Twitter
Email this5:07 am
December 15, 2022
Offline
My apologies if this topic is buried under the "...you've been warned " thread. I can't seem to find the option to search for specific terms under a specific forum or post. Don't really want to have to use control-f command over 21 pages of text.
Basically since they don't offer 2fa, are there any other security options I can use to prevent unauthorized access to my account? Text and email alerts for withdrawals are fine. But if a third party compromised my account and email money transfer out. That money is gone and nothing I can do to get it back.
Should have moved money out and setup new tfsa elsewhere two months ago. But kept putting it off.
7:23 am
January 3, 2009
Offline
notsavvy said
My apologies if this topic is buried under the "...you've been warned " thread. I can't seem to find the option to search for specific terms under a specific forum or post. Don't really want to have to use control-f command over 21 pages of text.Basically since they don't offer 2fa, are there any other security options I can use to prevent unauthorized access to my account? Text and email alerts for withdrawals are fine. But if a third party compromised my account and email money transfer out. That money is gone and nothing I can do to get it back.
Should have moved money out and setup new tfsa elsewhere two months ago. But kept putting it off.
The best way to maintain security of your accounts anywhere is to actively monitor
them.
7:40 am
December 15, 2022
Offline
phrank said
The best way to maintain security of your accounts anywhere is to actively monitor
them.
That's not even a question. I have email and text alerts setup for logins, withdrawlas, deposits... basically everything available is set to on.
I'm assuming to link an external bank account would take time. So even if compromised, that doesn't seem like a possible scenerio to go undetected.
My concern is that it's pretty easy to send an etransfer to a new contact. And don't think it can be easily reveresed or insured. So even if I got an alert on my phone saying that the account has been logged in (not by me). Likely by the time I am able to contact the credit union via phone, someone could have already sent the etransfer. Moneys gone. I realize there are max limits per day, but that's still pretty painful.
Hope that is a better explanation.
7:49 am
August 4, 2010
Offline
Without 2-factor authentication, it is especially important to use a strong, unique password. For extra peace of mind, don't store it in your browser's password storage system. Don't log into your banking from public wifi or similarly unknown systems where there is the possibility of some sort of adversary-in-the-middle situation.
If you have a strong password that is only in your head and in the bank's system, there's limited opportunity for compromise.
10:12 am
January 3, 2009
Offline
notsavvy said
Hope that is a better explanation.
If it's an option, try to keep as little money as possible liquid.
I don't keep money in HISA in multiple institutions, only one.
All others I only have GICs and no lines of credit.
It's sort of like having a mortgage or HELOC on your house to prevent someone from selling it fraudulently.
My point wasn't explained well either and that is that no form of protection is better than you monitoring yourself. I see a lot of people who are not like you and don't monitor because they put too much faith in security measures.
10:35 am
January 12, 2019
Offline
.
I have to agree with the OP (Notsavvy) ... All online FIs should have 2FA.
We can activate all the security measures & notifications available, but as it's been recently shown (at Oaken), they can Malfunction and/or Fail.
Perhaps it's time we all start to petition Access CU to implement 2FA on their site. With any luck, it may already be in the works.
- Dean
P.S.
And I also agree with Phrank (Post #2).
I check all my online accounts every
day. It usually only takes me ~10min.
And it also helps me to keep all my
passwords memorized 
.
" Live Long, Healthy ... And Prosper! "
11:43 am
August 4, 2010
Offline
I don't think Oaken has 2FA either, and Access seems to share a lot of Oaken infrastructure DNA - probably through Concentra or something.
12:50 pm
January 12, 2019
Offline
.
You're right ⬆, NorthernRaven ... Oaken does Not have 2FA. And that's part of what made their malfunctioning Security Notification System even Scarier ❗
It would be interesting to know which FIs do have 2FA. Of all the FIs I deal
with (7), only Tangerine and Motive have 2FA.
Hopefully someday, 2FA will become an FI industry standard.
- Dean
" Live Long, Healthy ... And Prosper! "
3:51 pm
January 9, 2011
Offline
2FA (MFA), if provided for in multiple ways that everybody can use, is of course highly advisable. However with the lack of thinking a few of the banks, insurance companies, governments and (gasp of all people) telecoms put into it, it can easily turn into a disaster that permanently locks a good percentage of people out of essential services.
So petitioning etc. should not happen until first those Companies demanding it have to make it work, with all possible multiple options for everybody.
PayPal does it best by starting with a choice of SMS, or an automated phone call to your Home phone, or a code sent to the e-mail they have on file. The latter two are time limited, commonly with Companies I've noticed 10 minutes but some are shorter. This is the proper way to do it, providing for those who can't receive SMS (about 10% of the population), people who are traveling with a laptop as opposed to a desktop computer at home for example.
On the complete opposite side of the spectrum, we have Rogers that seems intent on, for no known reason, intentionally causing great stress on customers even as competitors are pushing hard to get Rogers customers to leave them.
Rogers instituted MFA with this prior promise in its Q&A.:
" I don’t have a mobile number to use for MFA, will I lose access to my email?
- You’ll still be able to access your email and skip adding a wireless recovery number for now. When skipping is no longer available, we’ll let you know how to set up a different verification method, or you can contact us for help updating your account security. "
Then, (with the kind of hair brained advanced thinking and planning that also resulted in a 3 day complete outage a few years ago, due to not thinking through the 'obvious' regarding a workaround to a key router problem), they instituted MFA without notice and still refuse to set up a "different verification method", and contacting them repeatedly gets nowhere. Ie; there are NO MFA options as promised in writing, still!.
Most of the others requiring MFA do it with e-mail. Some with an automated phone call with code. Nobody that I know of except Rogers has a problem with technology to the extent that they can't figure out how to provide any MFA options! 
"Keep your stick on the ice. Remember, I'm pulling for you. We're all in this together." - Red Green
9:22 pm
December 15, 2022
Offline
Dean said
.
I have to agree with the OP (Notsavvy) ... All online FIs should have 2FA.We can activate all the security measures & notifications available, but as it's been recently shown (at Oaken), they can Malfunction and/or Fail.
Perhaps it's time we all start to petition Access CU to implement 2FA on their site. With any luck, it may already be in the works.
Dean
P.S.
And I also agree with Phrank (Post #2).
I check all my online accounts every
day. It usually only takes me ~10min.
And it also helps me to keep all my
passwords memorized
I had messaged them online and was told that quite a few customers have already been asking for this option. Just seems a shame that this day and age that 2fa isn't mandatory!
Appreciate all the responses.
5:17 am
November 8, 2018
Offline
notsavvy said
Basically since they don't offer 2fa, are there any other security options I can use to prevent unauthorized access to my account? Text and email alerts for withdrawals are fine. But if a third party compromised my account and email money transfer out. That money is gone and nothing I can do to get it back.
Should have moved money out and setup new tfsa elsewhere two months ago. But kept putting it off.
The best security option would be to move funds to other FIs, those that offers better security options.
As for TFSA/RRSP/RRIF, where moving funds might not be easy or convenient, park these funds at non-redeemable GICs.
I do check my accounts on a regular basis, but if account is compromised, which often includes notifications disabled or redirected elsewhere, by the time I check next time money will be gone. Which means, checking balances regularly is good, but not enough.
7:11 am
November 18, 2017
Offline
Passwords are perfectly good with proper practise. Don't just keep them in your head and in the system you can and will forget them.
There are safe memory systems, such as coding the password before recording it (remember substitution digits for letters? spelling backward ), or putting a dot or underline on a word on a page in a book, with a post-it or bookmark in the book and nothing special to identify the book.
Or you can use indirect methods: record something like "My first girlfriend's birthday from 40 years ago," or "My favourite neighbour when I lived in Liverpool." Anything nobody else can research or know. Even obscure literary facts.
One can also put parts of a password (either encoded or not) in more than one place. Let's say your password is B00ger@g! You could split it into alternate characters:
B0e@! 0grg
Then reverse the first part:
!@e0B 0grg
And store each half in a separate place. Or three separate places. You only have to learn one coding or splitting system, and it needn't change. You can and should come up with your own coding methods.
Messaging a second factor means revealing your mobile number and probably incurring charges if you don't have an unlimited plan; E-mail is a completely insecure communications system to begin with.
RetirEd
7:31 am
November 8, 2018
Offline
People trying to hack into banking accounts usually don't bother with guessing passwords. Any modern banking system will lock account after 3-5 unsuccessful login attempts. Chances of getting password right so quickly as very low.
Bad actors go straight to "Forgot password" and this is how they get in.
A separate case is app such as keylogger on PC or smartphone. It'll record login and password credentials user entered. Having very strong password is of no use, as it will be recorded by keylogger as is, and transmitted to bad actor.
Yes, strong passwords are must, but just strong passwords alone are not enough.
5:45 pm
November 18, 2017
Offline
Absolutely, a keylogger is unstoppable - so be careful not to attract one! These hints are useful in any case.
RetirEd
7:09 pm
January 12, 2019
Offline
.
Question . . .
While we're on the Password Security subject, what do you folks think about storing such critical information on Encrypted Memory Sticks (USB drives) ?
- Dean
" Live Long, Healthy ... And Prosper! "
4:07 am
December 15, 2022
Offline
Appreciate all the info. Will definitely take it all in and use those security practices.
4:53 am
March 30, 2017
Offline
Alexandre said
People trying to hack into banking accounts usually don't bother with guessing passwords. Any modern banking system will lock account after 3-5 unsuccessful login attempts. Chances of getting password right so quickly as very low.Bad actors go straight to "Forgot password" and this is how they get in.
A separate case is app such as keylogger on PC or smartphone. It'll record login and password credentials user entered. Having very strong password is of no use, as it will be recorded by keylogger as is, and transmitted to bad actor.
Yes, strong passwords are must, but just strong passwords alone are not enough.
Totally agree. Password only as a protection measure is inadequate no matter how secure a password may be.
2FA is the minimum for any FI these days in my mind.
In this day and time, it does not make sense not to implement, and use some may not have phone data plan / email as an excuse.
6:06 am
February 7, 2019
Offline
savemoresaveoften said
Totally agree. Password only as a protection measure is inadequate no matter how secure a password may be.
2FA is the minimum for any FI these days in my mind.
In this day and time, it does not make sense not to implement, and use some may not have phone data plan / email as an excuse.
Online banking possible without email?
| CGO |
Please write your comments in the forum.