Random Verification Codes? | Motive Financial | Discussion forum

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Feed Topic RSS sp_TopicIcon
Random Verification Codes?
October 4, 2024
6:12 pm
4n2t0
Member
Members
Forum Posts: 24
Member Since:
March 12, 2016
sp_UserOfflineSmall Offline

Anyone else getting random verification codes sent to them? I received 2 today, 1 in the morning, and 1 this evening. Both times I changed my password using a 26 character random password generator, so I know the passwords are strong. It seems to have started after linking my Motive account to Oaken using the Flinks service. Also, I always change my passwords every time I use Flinks to link an account as a precautionary measure. What gives?

October 4, 2024
6:20 pm
Norman1
Member
Members
Forum Posts: 7207
Member Since:
April 6, 2013
sp_UserOfflineSmall Offline

The computer, used to change the Motive passwords, could be compromised. So, someone else has sniffed your password, however strong.

Another Motive client has entered your e-mail or phone number, in error, for their account. Consequently, you're receiving their one-time verification codes when the other Motive client signs in with their user ID and password!

October 4, 2024
6:38 pm
4n2t0
Member
Members
Forum Posts: 24
Member Since:
March 12, 2016
sp_UserOfflineSmall Offline

Unfortunately, neither of those are likely to apply to my situation. The password generator is a program called Bitwarden. My computer does not hold any password data. My email address is my first and last name, so it's highly unlikely that another client is using the same email address.

The first incident coincided with a withdrawal that Oaken made from my Motive account. I'm wondering if a verification code is being generated every time Oaken "takes a peek" at my Motive account.

I should note that although the verification codes are being sent, I do not receive an "account logged into" email, which is another feature I've setup with Motive.

Very weird behaviour and a little disconcerting. I might try breaking the link between Oaken and Motive to see if that is indeed the source of my issue.

October 5, 2024
12:14 pm
Norman1
Member
Members
Forum Posts: 7207
Member Since:
April 6, 2013
sp_UserOfflineSmall Offline

The compromised computer doesn't need to store any password info. A keylogger on the computer just needs to capture the password as it is entered.

Is the "account logged into" e-mail the notice of a login attempt or of a successful login? Without the one-time verification code, there won't be a successful Motive login.

It is odd! My understanding is the login credential is given to Flinks to do a one-time login to scrape the external account's owner, transit number, and account number. That is not done every time a transfer is requested. Just like verification with microdeposits is not done every time a transfer is requested to/from the external account.

Is Oaken really storing the Motive login credentials and attempting a Flink scrape each time a fund transfer is attempted?

October 6, 2024
11:25 am
4n2t0
Member
Members
Forum Posts: 24
Member Since:
March 12, 2016
sp_UserOfflineSmall Offline

The passwords are generated and populated through the app. There are no keystrokes to capture. The logger can't even take a screenshot because the passwords are "hidden" under asterisks when populated. They would need access to my vault, which hasn't been compromised.

The "account logged into" email signifies a successful login, which hasn't occurred. I'm just receiving the random verification code emails.

I, too, was under the impression that a one-time scrape was all the Flinks utilized. To be completely honest, I don't really trust Motive, or their platform, 100%, which is sad. My very first experience with Motive was having ~2K disappear from my account, which was later credited back due to a "technical issue". With that said, I decided to get all my money out of Motive. I have a large GIC that I cannot move, but at least it's a locked-in product.

October 6, 2024
12:11 pm
iotama
Member
Members
Forum Posts: 65
Member Since:
March 3, 2022
sp_UserOfflineSmall Offline

Third party APIs like Flinks etc will try to access the accounts one gives permission to (via giving out your username and password as a first-time consent.) It is not a one-time consent. The API credentials (separately acquired) are then stored by Flinks to be able continue handshaking with the targets. Sometimes these APIs fail to connect (and keep trying) and nobody knows whether anything has been compromised while in transit or during those botched connections.

We've had discussions about it here (and elsewhere) often.

October 6, 2024
12:14 pm
Dean
Valhalla Mountains, British Columbia
Member
Members
Forum Posts: 2163
Member Since:
January 12, 2019
sp_UserOfflineSmall Offline

.
I'd give Motive a call. Maybe there's something wrong at their end.

Their IT Dept. can look into it.

    Dean

sf-cool " Live Long, Healthy ... And Prosper! " sf-cool

October 30, 2024
12:06 am
jorno319
Member
Members
Forum Posts: 34
Member Since:
June 20, 2023
sp_UserOfflineSmall Offline

4n2t0 said
Anyone else getting random verification codes sent to them? I received 2 today, 1 in the morning, and 1 this evening. Both times I changed my password using a 26 character random password generator, so I know the passwords are strong. It seems to have started after linking my Motive account to Oaken using the Flinks service. Also, I always change my passwords every time I use Flinks to link an account as a precautionary measure. What gives?  

Did you find a resolution to this situation?

October 30, 2024
9:16 am
Dean
Valhalla Mountains, British Columbia
Member
Members
Forum Posts: 2163
Member Since:
January 12, 2019
sp_UserOfflineSmall Offline

.
4n2t0 stopped posting about this, way back on Oct. 6th. From his last comment, it sounds like he decided instead to just pack-up and leave Motive. He wouldn't be the first !

Others (including myself) have a number of concerns about them too. sf-confused

    Dean

sf-cool " Live Long, Healthy ... And Prosper! " sf-cool

October 30, 2024
9:37 am
gicbits
Member
Members
Forum Posts: 22
Member Since:
June 9, 2022
sp_UserOfflineSmall Offline

Dean said
.
4n2t0 stopped posting about this, way back on Oct. 6th. From his last comment, it sounds like he decided instead to just pack-up and leave Motive. He wouldn't be the first !

Others (including myself) have a number of concerns about them too. sf-confused

    Dean

  

I have a savings account with Motive. Can you please tell me what concerns you have with them?

October 30, 2024
10:15 am
Dean
Valhalla Mountains, British Columbia
Member
Members
Forum Posts: 2163
Member Since:
January 12, 2019
sp_UserOfflineSmall Offline

.
Gicbits

From my experience, I have no real concerns with Motive's SAs, per-se.

But for some of us, we find their old website generally Clunky and out-of-date. And the way they handle their GICs is in a HickBilly awkward manor, with misleading & missing information, and no documented maturity instructions, etc. . . .

Early this year some of us were promised their website would get a complete rebuild & update this year, but so far to date ... Nothing has happened. sf-confused

    Dean

sf-cool " Live Long, Healthy ... And Prosper! " sf-cool

October 30, 2024
2:37 pm
dougjp
Member
Members
Forum Posts: 599
Member Since:
January 9, 2011
sp_UserOfflineSmall Offline

I just wish they would spell check their verification code message and finally change it, having been advised of this months ago.

In case anyone missed what I'm talking about, the clue is - it's not our role to please our financial institution! sf-surprised

"Keep your stick on the ice. Remember, I'm pulling for you. We're all in this together." - Red Green

October 30, 2024
4:31 pm
Dean
Valhalla Mountains, British Columbia
Member
Members
Forum Posts: 2163
Member Since:
January 12, 2019
sp_UserOfflineSmall Offline

.
. . . and then there's this verification code message I got from them yesterday :

    "Please use .......... as your verification code. We will never contact you for this code. Do not reveal it to anyone else.
    .
    If you are not expecting this message, please your Financial Institution."

.
In addition to all their other faults & shortcomings, I guess proof reading their messages is not part of their Modus Operandi either. sf-embarassed

    Dean

sf-cool " Live Long, Healthy ... And Prosper! " sf-cool

Please write your comments in the forum.