6:12 pm
March 12, 2016
Anyone else getting random verification codes sent to them? I received 2 today, 1 in the morning, and 1 this evening. Both times I changed my password using a 26 character random password generator, so I know the passwords are strong. It seems to have started after linking my Motive account to Oaken using the Flinks service. Also, I always change my passwords every time I use Flinks to link an account as a precautionary measure. What gives?
6:20 pm
April 6, 2013
The computer, used to change the Motive passwords, could be compromised. So, someone else has sniffed your password, however strong.
Another Motive client has entered your e-mail or phone number, in error, for their account. Consequently, you're receiving their one-time verification codes when the other Motive client signs in with their user ID and password!
6:38 pm
March 12, 2016
Unfortunately, neither of those are likely to apply to my situation. The password generator is a program called Bitwarden. My computer does not hold any password data. My email address is my first and last name, so it's highly unlikely that another client is using the same email address.
The first incident coincided with a withdrawal that Oaken made from my Motive account. I'm wondering if a verification code is being generated every time Oaken "takes a peek" at my Motive account.
I should note that although the verification codes are being sent, I do not receive an "account logged into" email, which is another feature I've setup with Motive.
Very weird behaviour and a little disconcerting. I might try breaking the link between Oaken and Motive to see if that is indeed the source of my issue.
12:14 pm
April 6, 2013
The compromised computer doesn't need to store any password info. A keylogger on the computer just needs to capture the password as it is entered.
Is the "account logged into" e-mail the notice of a login attempt or of a successful login? Without the one-time verification code, there won't be a successful Motive login.
It is odd! My understanding is the login credential is given to Flinks to do a one-time login to scrape the external account's owner, transit number, and account number. That is not done every time a transfer is requested. Just like verification with microdeposits is not done every time a transfer is requested to/from the external account.
Is Oaken really storing the Motive login credentials and attempting a Flink scrape each time a fund transfer is attempted?
11:25 am
March 12, 2016
The passwords are generated and populated through the app. There are no keystrokes to capture. The logger can't even take a screenshot because the passwords are "hidden" under asterisks when populated. They would need access to my vault, which hasn't been compromised.
The "account logged into" email signifies a successful login, which hasn't occurred. I'm just receiving the random verification code emails.
I, too, was under the impression that a one-time scrape was all the Flinks utilized. To be completely honest, I don't really trust Motive, or their platform, 100%, which is sad. My very first experience with Motive was having ~2K disappear from my account, which was later credited back due to a "technical issue". With that said, I decided to get all my money out of Motive. I have a large GIC that I cannot move, but at least it's a locked-in product.
12:11 pm
March 3, 2022
Third party APIs like Flinks etc will try to access the accounts one gives permission to (via giving out your username and password as a first-time consent.) It is not a one-time consent. The API credentials (separately acquired) are then stored by Flinks to be able continue handshaking with the targets. Sometimes these APIs fail to connect (and keep trying) and nobody knows whether anything has been compromised while in transit or during those botched connections.
We've had discussions about it here (and elsewhere) often.
12:14 pm
January 12, 2019
12:06 am
June 20, 2023
4n2t0 said
Anyone else getting random verification codes sent to them? I received 2 today, 1 in the morning, and 1 this evening. Both times I changed my password using a 26 character random password generator, so I know the passwords are strong. It seems to have started after linking my Motive account to Oaken using the Flinks service. Also, I always change my passwords every time I use Flinks to link an account as a precautionary measure. What gives?
Did you find a resolution to this situation?
9:16 am
January 12, 2019
9:37 am
June 9, 2022
Dean said
.
4n2t0 stopped posting about this, way back on Oct. 6th. From his last comment, it sounds like he decided instead to just pack-up and leave Motive. He wouldn't be the first !Others (including myself) have a number of concerns about them too.
Dean
I have a savings account with Motive. Can you please tell me what concerns you have with them?
10:15 am
January 12, 2019
.
Gicbits ⬆
From my experience, I have no real concerns with Motive's SAs, per-se.
But for some of us, we find their old website generally Clunky and out-of-date. And the way they handle their GICs is in a HickBilly awkward manor, with misleading & missing information, and no documented maturity instructions, etc. . . .
Early this year some of us were promised their website would get a complete rebuild & update this year, but so far to date ... Nothing has happened.
- Dean
" Live Long, Healthy ... And Prosper! "
2:37 pm
January 9, 2011
I just wish they would spell check their verification code message and finally change it, having been advised of this months ago.
In case anyone missed what I'm talking about, the clue is - it's not our role to please our financial institution!
"Keep your stick on the ice. Remember, I'm pulling for you. We're all in this together." - Red Green
4:31 pm
January 12, 2019
.
. . . and then there's this verification code message I got from them yesterday :
- "Please use .......... as your verification code. We will never contact you for this code. Do not reveal it to anyone else.
.
If you are not expecting this message, please your Financial Institution."
.
In addition to all their other faults & shortcomings, I guess proof reading their messages is not part of their Modus Operandi either.
- Dean
" Live Long, Healthy ... And Prosper! "
Please write your comments in the forum.