Security code login

Shame so much text used, without getting point on where I was going with my comment.

Anyway good that everyone has their opinion, I been working with enterprise clients for 10yrs so I always like counter arguments.

Cheers

No problem, at least text dont cost money, its quality vs quantity and devils in the detail.
I don’t think i will ever make it to 246 posts.

Join the club - 20yrs. Currently @Cisco.

2 Likes

This is one important feature missing from trading212 that I find very crucial for an investment or banking platform. Although possible actions for an intruder is limited, it still feels very insecure without 2fa. Some people may be okay with using only a password but it should definitely be an optional security step.

I started using trading212 a while back but absence of 2fa makes me think before depositing more.

With only password protection, I should at least be able to see active sessions from different devices and be able to remove them. Under current circumstances, it is impossible to be aware of unwanted successful logins or get notified about logins from new devices as far as I know.

I was under impression that you get logged out of existing session once you log in from new device.

So basically there is no option to have multiple sessions , atleast not in android/windows chrome/ff/app environment…

There was trick to have separate session for CFD and Invest account but it was available via iOS afaik…

I am with you on this but in the absence of 2FA; your best best at the moment is to have highly complex and long password and store it in a password manager.

usually my passwords look like this and i dont remember any of my passwords.

oq6qpnw7sbc k02ttfka£c93m!nbcyrtv3fp65osh2976gftvb!kew9w*7po14hz)ms6;dbJ7jdydk

Caveat: if trading212 's password database or for that matter credential database is stolen and cracked. We have got no chance. It has happened before with many companies out there . The most recent and large scale hack in the fintech industry was gatehub.
https://cointelegraph.com/news/gatehub-crypto-wallet-data-breach-compromises-passwords-of-14m-users

2FA was planned a lot earlier. But then came an avalanche of new clients and we had to temporarily switch our priorities to scaling.

We’ll update you with a new deadline for the 2FA release.

10 Likes

Hi Alex, any update on this? Its getting harder and harder depositing funds as the amount increases, without 2fa, especially nowadays when it is the norm. Thank you

2FA is an absolute must from an information security perspective. Anyone who suggests otherwise is wrong and misinformed.

It is the de fecto standard for account security and reducing the threat vector on authentication.

Trading212 really should kick this up their priority list. Not doing so is seriously harming credibility.

7 Likes

+1 for this. @team212 or @alexk able to advise a timeline at all please?

2 Likes

I agree need to get security sorted. 2FA / MFA is the standard and has been for many years…
At least add security question if not code/text Etc.

Do your clients ask for 2FA feature be included in their platform or prefer to avoid it? How do you secure your user login/credentials/session/transactions?
Professional advice welcome, please share how it’s done in production these days.

2 Likes

You are right. I made this post 5/6 months ago and @Team212 haven’t implemented it yet

I hope to see Google Authenticator soon on Trading 212.
It’s a priority for users

It always boils down to financials.
If it was free of charge everyone would wanted. But when there is license aka price tag, than only very few insist and even than it is very limited subset of consumers.

I personally think that education and awareness is much stronger protection of personal belongings and business data…

Educating people on best practices and what to pay attention/avoid. Goes alot farther then 2fa with uneducated consumer.

I would say average consumer is not very educated security wise, uses weak passwords, saves password in browser, uses same password for all web apps/apps… but then again you will have requests for 2fa from that same consumer.

Anyway t212 is working on it, it will be priority probably after next major release with auto invest.

Till then be smart, use passphrase, rotate on monthly base, dont share password with email and similar…

Peace

Well, I’m not using my phone because I don’t trust google play in being that safe. So for me a 2FA will be better than a simple password.

How will you leverage 2fa then, I doubt there will be physical token, most likely push notification or soft token otp/sms which require phone…

Sorry, I think I was not clear enough, I missed some words. I’m not using my phone to trade, therefore 2FA will work for me as SMS/authenticator will be used on the phone and actual trading on my PC.
By the way, I also suggested them to have 2 passwords, one for read-only, if you only want to see what is happening with your portfolio and another one for actual trading.

1 Like

2FA is de-facto industry standard for anything even remotely related to finances. Cost of money of such future is not even remotely close to cost of exposure in the event of a breach.

I can only second, that i see this future as a top priority.

2 Likes

It is in priority after auto invest stated several times.

But I doubt thiefs can benefit much from getting accout details. As AML checks would prevent him siphon money to different accounts from those used to deposit funds, so unless he gets access to your financial accounts, no monies for him…

We started working on that yesterday. Currently in design stage. Will enter implementation probably next week.

9 Likes