Good idea until the âhackerâ in said scenario is using your phone. The authentication code will be delivered to the device (s)he is using.
Added email authentication sent to the address you used when signing up would solve the issue or having new cards added or old cards removed.
Granted itâs not as secure as requiring email authentication on every withdrawal, but in my scenario, the worst that can happen is the hacker withdraws money back into your own bank account. Perhaps at a loss, yes, but my personal risk tolerance wouldnât mind that. Iâd feel it a bit of a nuisance having to check my email every time I withdraw.
@Vedran iâve noticed your anti-security discussions/comments in other threads including this one and they leave me shocked/perplexedâŚ
Most of our clients(enterprises) use 2FA at all levels and depending on their roles and access 2FA is mandatory/required, some even with multiple conditional access requirements. Based on my experience i would say it reduced exposure by at least 90%, easily.
Moving on, Iâm not sure about this case scenario OG mentioned but 2FA âISâ long due and @Team212 knows this. It reduces exposure by a lot and builds confidence in the crowds. Not only in the scenario where your password is compromised but the actual servers are (even if you say they are 99.99% secure because of XYZ).
Long story short, we need the option of opting in/out instead of no option.
Crypto is another beast though. Itâs too complicated.
I log in with 2fa to my platform of choice (Bitstamp) to buy Bitcoin.
If I want Alt coins, I then log into Binance with a captcha and 2fa and move my Bitcoin from BitStamp to Binance, again with 2fa from Bitstampâs side to confirm the send.
Then to store crypto in my wallet I have to enter a 6 digit code on my ledger and log into my ledger app, and send the crypto from Binance to that, with yet again 2fa from Binance to confirm the send.
Then more or less the reverse if I want to send the money back to fiat currency.
Overkill if you ask me. And crypto advocates wonder why it hasnât taken off!
I suppose that you got notification (e-mail) when account is funded, so only thing that could happen is that you get free money from the âhackerâ.
Itâs even a good thing, for example my mother wants to put some money in her granddaughter pie, but she lives on small island without bank branch so she has to go to local post and withdraw money and send it to me so I told her keep money in her bank account. I planned to help her open her account at t212, maybe itâs better long term solution.
Indeed, I have contrary opinion. That is shocking. We should all think alike.
Instead of selling products, folks should get proper education and common sense. 2fa used by uneducated person has same strengths if not less then educated person with passphrase.
It is basically similar to door locks, you can buy the best one, if someone wants to rob your home badly and he is skilled he will probably break in. No matter what you have as home security.
But anyway this topic is getting chewed over and over.
When t212 release 2fa, you use it, I wonât. Will feel safe nonetheless.
I must admit, the more and more funds I lump into T212, the more concerned I get that no 2FA is available. I use Face ID to log into the app, which I know is fairly secure but obviously if my login details are comprised via a hacker attack of some kind, having that 2FA either via Google Authentication App or via text / email is just another layer of security. I would prefer a combination. So Face ID / password plus google auth code plus the option of either email / text OTPC on top⌠just to add several levels of extra security.
This should be on log in and on any withdrawals when already in the app or website.
Would be nice for T2T to issue a response on this once they have had the time to look into it.
Yet another proof that 83% of statistics are made on the spot (<- including this one)
So from the 1000 clients you have, before 2FA 300 were getting hacked after 2FA only 30 are getting hacked.
Nothing improves security more than education of your users, that is why ISMS (iso 27001) does not mandate anything like 2FA instead it enforces education about security most notably for social engineering and phishing.
I got nothing against 2FA, its great and I use it when available but for an attackers point of view it is another layer of obscurity and yeah security through obscurity works up until a point.
It is shown in quite a few studies, some of the industry wide âsecurity featuresâ does not improve but actually hurt security. (not talking about 2FA) For example forcing users to change passwords periodically, or coming up with a pseudo secure limitation like âno dates, at least one number, 1 special character, lower and upper case charactersâ
How many of those users than go for âPassw0rd_1â next month âPassw0rd_2â Having a password like âicannotdancewithunderwearâ beats the above 2 strategies
but⌠I digress⌠what were we talking about on this soggy saturday?
Very worrying if this happens to be true. Whilst funding from other card should be fine, any withdrawals should generate a OTP to Phone/email to confirm withdrawal in addition to account password. This may add another layer of security IMHO!
It would be interesting to get a response from @team212 on this on Monday, even if it was just done with 10 GBP (it might not work for larger amounts as pointed out above). A message from them clarifying this for everyoneâs peace of mind.
A couple of weeks ago I withdrew ÂŁ16k from my account.
Iâd recently added a new card, but had only used that card to add a relatively small amount. The system wouldnât let me withdraw to the newer card on that occasion. However it has subsequently.
There clearly are some fairly good systems in place but soon the better on Multi factor authentication
âNothing improves security more than education of your users,â
Oh God no, if youâve ever worked in anything that required health and safety youâd have come across the least effective solutions are education and behaviour modification. Literally anything that doesnt rely on the user/operator, is safer.
They donât!
Users are having their accounts âhackedâ, probably their emails are compromised (pretty easy to happen if you use gmail and chrome) and they do not have 2FA enabled.
As far as I managed to read, Robinhood servers were not affected, itâs really focused on users.
