Donate to Remove ads

Got a credit card? use our Credit Card & Finance Calculators

Thanks to Rhyd6,johnstevens77,Anonymous,MyNameIsUrl,6Tricia, for Donating to support the site

Two Factor Authentication

Investment discussion for beginners. Why you should invest your money, get help getting started
XFool
Lemon Half
Posts: 7567
Joined: November 8th, 2016, 7:21 pm
Been thanked: 1015 times

Re: Two Factor Authentication

#412777

Postby XFool » May 17th, 2021, 5:14 pm

tjh290633 wrote:
XFool wrote:I would still like to know why Barclays bothered to send me (and presumably others) one of their PinSentry machines through the post, yet to date see no prospect of ever having to use it with their credit card.

Anyone?

I run an account with Barclays for a local group. I have a PinSentry which is fine for logging in. However for trying to set up a new payee it fails every time. They have looked into it 3 times now, replaced the card and the PinSentry, all to no avail. It does not generate the code that their algorithm is expecting when you use "Respond".

My wife has a Nationwide account, and they use the "Sign" button for that purpose. Works perfectly. My Lloyds account works differently, using a text message code. Also works perfectly.

Barclay's PinSentry works fine with my Nationwide account! But why do I have one (PinSentry)?

88V8
Lemon Quarter
Posts: 2753
Joined: November 4th, 2016, 11:22 am
Has thanked: 915 times
Been thanked: 1014 times

Re: Two Factor Authentication

#413255

Postby 88V8 » May 19th, 2021, 3:45 pm

It's a mixed bag.

ii's text system works well, the text arrives almost instantly. If one miskeys it which is more than likely as they send it in rather small characters, one gets another go.

Paypal rarely insist on 2FA, when they do the text is slower but works OK albeit it's also in small type so I have to use my glasses.

Natwest were texting, but OH miskeyed one character, so now she's being punished by being made to use a card reader.
In the process we learned that almost any card reader will do, Currently an ancient Nationwide.

At least eBay aren't 2FAing, and have given up on the capchas, so it's not all bad.

V8

puffster
Lemon Pip
Posts: 88
Joined: November 16th, 2016, 9:25 pm
Has thanked: 51 times
Been thanked: 29 times

Re: Two Factor Authentication

#413265

Postby puffster » May 19th, 2021, 4:51 pm

88V8 wrote:Natwest were texting, but OH miskeyed one character, so now she's being punished by being made to use a card reader.
In the process we learned that almost any card reader will do, Currently an ancient Nationwide.

How can another card reader work? If Natwest will accept another one (not theirs) then does that mean my card reader will work as well? If so then 2FA at Natwest is broken?

Regards, Puffster

Lootman
The full Lemon
Posts: 11369
Joined: November 4th, 2016, 3:58 pm
Has thanked: 148 times
Been thanked: 2571 times

Re: Two Factor Authentication

#413266

Postby Lootman » May 19th, 2021, 4:52 pm

88V8 wrote:It's a mixed bag.

ii's text system works well, the text arrives almost instantly. If one miskeys it which is more than likely as they send it in rather small characters, one gets another go.

Paypal rarely insist on 2FA, when they do the text is slower but works OK albeit it's also in small type so I have to use my glasses.

Natwest were texting, but OH miskeyed one character, so now she's being punished by being made to use a card reader.
In the process we learned that almost any card reader will do, Currently an ancient Nationwide.

At least eBay aren't 2FAing, and have given up on the capchas, so it's not all bad.

Another advantage of instead receiving the code by email rather than text is that it is trivially easy to "copy and paste" the code from one window to another on your laptop. So no risk of mistyping the code.

That might be possible on a phone but damned if I know how to do it as easily.

murraypaul
Lemon Slice
Posts: 477
Joined: April 9th, 2021, 5:54 pm
Has thanked: 79 times
Been thanked: 170 times

Re: Two Factor Authentication

#413270

Postby murraypaul » May 19th, 2021, 5:01 pm

puffster wrote:How can another card reader work? If Natwest will accept another one (not theirs) then does that mean my card reader will work as well? If so then 2FA at Natwest is broken?


No, the card readers aren't personal to you, their purpose is to prove you are currently holding your card.

AF62
Lemon Quarter
Posts: 1884
Joined: November 27th, 2016, 8:45 am
Has thanked: 34 times
Been thanked: 584 times

Re: Two Factor Authentication

#413292

Postby AF62 » May 19th, 2021, 6:13 pm

Lootman wrote:Another advantage of instead receiving the code by email rather than text is that it is trivially easy to "copy and paste" the code from one window to another on your laptop. So no risk of mistyping the code.

That might be possible on a phone but damned if I know how to do it as easily.


On an iPhone the phone is expecting to receive the code to key into the website/app so automatically copies, pastes, and then presses 'go' for you if it comes by text.

If by email then a 'hard press' on the code on the screen will give the copy option, and then another 'hard press' where it needs to be entered will give a paste option.

Alaric
Lemon Half
Posts: 5051
Joined: November 5th, 2016, 9:05 am
Has thanked: 14 times
Been thanked: 1077 times

Re: Two Factor Authentication

#413309

Postby Alaric » May 19th, 2021, 7:05 pm

88V8 wrote:ii's text system works well, the text arrives almost instantly. If one miskeys it which is more than likely as they send it in rather small characters, one gets another go.


You have tick the box which says remember browser to avoid this process every time you login. It seems to run for about a month before needing to be refreshed. I'm not sure what the backup would be if the phone was out of action or unavailable.

EthicsGradient
2 Lemon pips
Posts: 225
Joined: March 1st, 2019, 11:33 am
Has thanked: 14 times
Been thanked: 84 times

Re: Two Factor Authentication

#413364

Postby EthicsGradient » May 19th, 2021, 10:13 pm

Alaric wrote:
88V8 wrote:ii's text system works well, the text arrives almost instantly. If one miskeys it which is more than likely as they send it in rather small characters, one gets another go.


You have tick the box which says remember browser to avoid this process every time you login. It seems to run for about a month before needing to be refreshed. I'm not sure what the backup would be if the phone was out of action or unavailable.

The backup is a random 24 character code they give a customer when they start using 2FA, which you should record separately from the device you use to do the normal authentication and browsing.

AF62
Lemon Quarter
Posts: 1884
Joined: November 27th, 2016, 8:45 am
Has thanked: 34 times
Been thanked: 584 times

Re: Two Factor Authentication

#413445

Postby AF62 » May 20th, 2021, 9:45 am

Lootman wrote:
colin wrote: I was thinking of writing that no financial institution gave me the option of 2fa via a 2nd email

I know, this is starting to drive me nuts. Today I was somewhere with no phone signal and I tried to do an online transaction three times, with three different cards, and each one insisted in wanting to send a code to my phone.

It's also a problem in many places overseas where my UK phone won't work.

Just give me the option to have the code sent to my email!!!! If anyone knows a UK credit card that offers that please let me know. They will isntantly have all my business.


Amex offer the option to send the 2FA code to log in by email or text, so may well offer the same for online transactions - none of my online transactions with them have triggered the requirement. But then you run into the issue of not everyone accepting Amex.

First Direct will be using their phone app for you to authorise the payment, so although your UK phone may not have a mobile phone signal presumably you have access to Wi-Fi if you are making an online purchase (unless you are in an internet cafe - do those still exist?) so your phone will still receive the authorisation request.

treefrog
Posts: 3
Joined: August 20th, 2021, 10:36 am
Has thanked: 1 time
Been thanked: 1 time

Re: Two Factor Authentication

#436292

Postby treefrog » August 20th, 2021, 4:34 pm

fca2019 wrote:Do you know if this makes your account any more secure? I was put off by it as with investment platform you have to download the investment platform app first on your phone and log onto this on your phone to enable two factor authentication.

However I am old fashioned and wary of having my investments on my phone, as I thought mobile phones are not secure if on public wi-fi which I use frequently? Just strikes me as a lot less secure all round.

Is Google authentication any better? Or are you just safer sticking to desktop PC without two factor authentication?

I seem to remember an old thread about this, but cannot find it. Thanks


Just as with stealing a car or breaking into a house, given a sufficiently determined attacker with sufficient resources you will never be safe, but some things are safer than others. A two factor authentication app on your phone is considerably better than any of these:

- multiple passwords / questions / passphrases (really weak, and generally not considered 2FA outside of marketing-speak)

- sending you an SMS (the SMS network wasn't designed with high security or internet banking in mind)

- sending you an email. Assuming you leave your email account logged in, anyone who gains remote access to your computer also has access to your emails.

Exactly how much more secure the 2FA app is depends on how it's designed. If you're being extra cautious then you should never use any sort of financial service whilst connected to public wifi, because even though a well-designed secure app is much more difficult to spoof than a standard web site, there's still a very slim chance that someone could interfere.

The reason the 2FA app adds security is that if a malicious person gains remote access to your computer (maybe you didn't update your web browser soon enough and then visited a malicious website, or maybe you accidentally opened an attachment in a malicious email, or maybe your children or a relative installed something they shouldn't have), then unless they also gain access to your phone, they still can't move any money.

XFool
Lemon Half
Posts: 7567
Joined: November 8th, 2016, 7:21 pm
Been thanked: 1015 times

Re: Two Factor Authentication

#442474

Postby XFool » September 15th, 2021, 1:25 pm

So, whither 2FA?

I mentioned somewhere above that Barclays sent me one of their PinSentry card reader dvices quite a long time ago. I don't have and never have had any general Barclays bank account, so this could only ever be used with my Barclaycard. So far I have never been asked to use it. Does anyone have any idea if there are any plans to use such machines for online credit card transactions? I have been using one for years for my normal online banking.

Lootman
The full Lemon
Posts: 11369
Joined: November 4th, 2016, 3:58 pm
Has thanked: 148 times
Been thanked: 2571 times

Re: Two Factor Authentication

#442478

Postby Lootman » September 15th, 2021, 1:47 pm

treefrog wrote:given a sufficiently determined attacker with sufficient resources you will never be safe, but some things are safer than others. A two factor authentication app on your phone is considerably better than any of these:

- sending you an email. Assuming you leave your email account logged in, anyone who gains remote access to your computer also has access to your emails.

The email system I use logs me out after about 10 minutes if I do not access it. To reconnect I have to sign into it again. (Except on my phone where, oddly, it never logs out).

Similarly, my home PC will go into "sleep" mode if there is no activity for a few minutes, and a code is required to wake it up.

So even if someone could operate my machine, either remotely or by breaking into my house, there would be a couple of major obstacles in the way of him doing much damage, even assuming that he also had account name and password for my bank account.

The real benefit of using email as the second factor is that I can access the code on the machine I am using to access my account. I do not need to rely on my phone having a signal or running out of charge. Also when I am overseas texts can take a while to come through, or even not arrive at all. Whilst email delivery is close to instant.

So I prefer 2FA to use email rather than a texted code. It should at least be an option.

pje16
Lemon Quarter
Posts: 1444
Joined: May 30th, 2021, 6:01 pm
Has thanked: 612 times
Been thanked: 415 times

Re: Two Factor Authentication

#442480

Postby pje16 » September 15th, 2021, 1:48 pm

Amex website ask for it sometimes
easy to bypass
Hit the cancel option re login and it lets you in
Which pillock designed that :roll:

tjh290633
Lemon Half
Posts: 6393
Joined: November 4th, 2016, 11:20 am
Has thanked: 653 times
Been thanked: 2659 times

Re: Two Factor Authentication

#442575

Postby tjh290633 » September 15th, 2021, 5:44 pm

XFool wrote:So, whither 2FA?

I mentioned somewhere above that Barclays sent me one of their PinSentry card reader dvices quite a long time ago. I don't have and never have had any general Barclays bank account, so this could only ever be used with my Barclaycard. So far I have never been asked to use it. Does anyone have any idea if there are any plans to use such machines for online credit card transactions? I have been using one for years for my normal online banking.

I run a Barclays account for a local group. The algorithm that they use for the Respond button on Pin Sentry does not work, but if you use Mobile Pin Sentry it does. It's OK for logging into the account and for paying existing payees, but you cannot set up a new Payment with it. Another thing I have found is that, when paying in cash via the local Post office, Barclays require your PIN, whereas none of the other Banks do, they just read the account details off your card. This is for a debit card. I do not have one for my personal Barclaycard, but as far as I can tell any such machine should work if needed.

As they have closed all the local branches bar one, I get the feeling that Barclays would like to get rid of their annoying customers, who would like to, or need to, accessa branch.

TJH

Lootman
The full Lemon
Posts: 11369
Joined: November 4th, 2016, 3:58 pm
Has thanked: 148 times
Been thanked: 2571 times

Re: Two Factor Authentication

#442579

Postby Lootman » September 15th, 2021, 5:51 pm

tjh290633 wrote:As they have closed all the local branches bar one, I get the feeling that Barclays would like to get rid of their annoying customers, who would like to, or need to, access a branch.

All the banks are the same. I have felt the same way about my two banks, NatWest and HSBC, for some time. Historically I have been old school and like to do my bank business in person at the branch (fortunately there are still a few within a short walk of my house).

But it is getting harder and harder. I went in to cancel a standing order recently and the clerk was almost lecturing me that I should "do it on the app". Well I do not have their app and do not want it. With NatWest I do not even have online banking and I want to be able to do everything I need in the branch. At some point I expect to be cancelled.

XFool
Lemon Half
Posts: 7567
Joined: November 8th, 2016, 7:21 pm
Been thanked: 1015 times

Re: Two Factor Authentication

#442580

Postby XFool » September 15th, 2021, 5:54 pm

tjh290633 wrote:
XFool wrote:I mentioned somewhere above that Barclays sent me one of their PinSentry card reader dvices quite a long time ago. I don't have and never have had any general Barclays bank account, so this could only ever be used with my Barclaycard. So far I have never been asked to use it. Does anyone have any idea if there are any plans to use such machines for online credit card transactions? I have been using one for years for my normal online banking.

I run a Barclays account for a local group. The algorithm that they use for the Respond button on Pin Sentry does not work, but if you use Mobile Pin Sentry it does. It's OK for logging into the account and for paying existing payees, but you cannot set up a new Payment with it.

That's odd. Do you think the flaw in in the PinSentry device (surely industry standard?) or the bank's IT? I have used PinSentry OK to log in to my non Barclays bank, but not to set up a new payment - might try that if I can remember.

tjh290633
Lemon Half
Posts: 6393
Joined: November 4th, 2016, 11:20 am
Has thanked: 653 times
Been thanked: 2659 times

Re: Two Factor Authentication

#442586

Postby tjh290633 » September 15th, 2021, 6:05 pm

XFool wrote:
tjh290633 wrote:
XFool wrote:I mentioned somewhere above that Barclays sent me one of their PinSentry card reader dvices quite a long time ago. I don't have and never have had any general Barclays bank account, so this could only ever be used with my Barclaycard. So far I have never been asked to use it. Does anyone have any idea if there are any plans to use such machines for online credit card transactions? I have been using one for years for my normal online banking.

I run a Barclays account for a local group. The algorithm that they use for the Respond button on Pin Sentry does not work, but if you use Mobile Pin Sentry it does. It's OK for logging into the account and for paying existing payees, but you cannot set up a new Payment with it.

That's odd. Do you think the flaw in in the PinSentry device (surely industry standard?) or the bank's IT? I have used PinSentry OK to log in to my non Barclays bank, but not to set up a new payment - might try that if I can remember.

It is down to the Bank. I have raised it with them a number of times, and each time it gets nowhere. To do the same thing (set up a new payee), Nationwide use the "Sign" button and that works fine. It is well nigh impossible to talk to anyone at Barclays who can deal with a technical problem. The "Respond" button never gives the result that they want. Presumably they have never tried to do what they tell you to. Totally unacceptable in my view.

TJH

jonesa1
Lemon Slice
Posts: 259
Joined: May 27th, 2019, 9:47 am
Has thanked: 104 times
Been thanked: 140 times

Re: Two Factor Authentication

#442806

Postby jonesa1 » September 16th, 2021, 6:57 pm

tjh290633 wrote: Totally unacceptable in my view.

TJH


You can always take your business elsewhere. I've just opened a Monzo account, mainly so I'm not totally dependent on my main bank in case of IT issues, it seems to operate fairly painlessly.

Midsmartin
Lemon Slice
Posts: 490
Joined: November 4th, 2016, 7:18 am
Has thanked: 103 times
Been thanked: 286 times

Re: Two Factor Authentication

#442808

Postby Midsmartin » September 16th, 2021, 7:23 pm

I see that Microsoft accounts now have the option of removing passwords entirely as a means of logging in.


Return to “How Do I Invest”

Who is online

Users browsing this forum: No registered users and 2 guests