Log In
Register
Home
Topic RSS
Facebook
Twitter
Email this6:47 pm
December 15, 2022
Offline
Can't seem to find the option to search the forums and not the entire website. Also not sure as to why my typing is stuck in bold.
Anyway I just signed up for an account (funny about having physically sign a piece of paper and email or snail mail it to them). I noticed that the so called 2 factor authentication isn't what I would expect.
All I have to do is login to the account once and any other time I login via the same device, it just lets me in. So basically if my computer is every compromised, there is no security feature for someone to drain my account. I asked them about it, and they basically said it is a feature and not a bug.
I guess the problem is that I use my cell phone as an alarm clock. So not on monitoring it 24/7. They do send a text message on successful login. But that really doesn't help, since I am the edge case for cell phone usage.
Can't use saven financial, since using a $100 feature phone with no updates for years. As opposed a $1200 flagship phone...
12:31 am
February 16, 2013
Offline
I login using the same laptop every time and I get asked to authenticate every time without fail. But then I always clear my cookies, so that may be why.
6:36 am
December 15, 2022
Offline
I really should check out my chrome extension then. It is suppose to clear everything when I press the button upon close. Either that or start using firefox in incognito mode all the time... ?
Although saying that. After I successfully login, there is no text saying that a login occurred. Very strange.
The official word is that this is normal not using 2fa to login. Something about behind the scenes the algorithm can tell if it actually you or not... I could find the quote, but you get my gist. Which is kind of frightening.
8:15 am
December 18, 2024
Offline
1. Do you do the “allow” before username and password?
2. Do you receive a text every time you login?
3. Do you receive an email every time you login in?
4. Do you login in from same device?
5. Do you login in using the same browser?
6. Do you login in, in the same time frame?
7. Do you login in on only certain days?
8. Have you called them about second factor?
I thought similar about People’s Trust. And I personally developed a second step to prevent unauthorized access my money. BUT after talking to a manager was advised that there is login protection in place.
8:19 pm
December 15, 2022
Offline
Bit of a rant below. Bottom line is for the literally extra few dollars a month in interest is worth it.
I just signed up for the account a few days ago. Apparently it's been over 5 days and haven't sent in physical signature yet. Guess better get on that one.
Not sure what "allow before login..." is.
It texts and emails me every time I login, always same computer, two browsers (firefox incognito mode or edge in regular mode). Clear cache, cookies, history, and everything else after close browser after any password related login.
Haven't phoned because they say everything is working as planned. Assumed they would be reading from the same script.
"Thank you for your email.
Our 2FA system takes into consideration different details that are captured when you log in to your account.
It is programmed in the system to trigger the verification code, should some of the criteria be met (for example, logging in on a new device or different location).
If the system performs a straight through log-in, this means that it was validated as so by the system.
Should there be an incident if your computer becomes compromised, please be sure to notify us immediately so that the necessary action can be taken."
Still not really sure why they can't just force 2fa at my request. I have already set up email to an account that a don't access on same device. Since if 2fa does come up, then can change to email vs text message.
I replied that the point of compromising a computer (keylogger etc..) is that the point is generally to not be detectable. Waiting to hear a response about how good there algorithms are.
Also asked about their security policy about having to memorize a 24 character password with symbols and lower and upper letters and numbers. Since not allowed to store credentials on device. Also said that that would mean I can't use a password manager either.
They responded that if the password manager is compromised, then they would not be responsible. I told them that it would be nice if 2fa actually existed, then that wouldn't be a problem in the first place.
As comparison At least (rip hubert) access credit union straight up says they don't have 2fa at login. But do employ it when adding in new etransfer contacts, and linking bank accounts. Too bad have to lock in money for a year (quarterly terms) to get about the same rate as oaken.
11:41 am
November 18, 2017
Offline
notsavvy: There are assorted ways of obscuring passwords that allow simple recording. For example, halves of the password recorded in different places (like passbook and wallet, though those are now blown) or part of it reversed. Or separating alternate (even and odd sequence) the parts. Or referring to a common book or document by pace, line and word with the correct leading character.
RetirEd
Please write your comments in the forum.