Verifying device without camera?

This is schoolboy stuff. Enough to make me think about moving my ISA somewhere else. Same complaints as all the above.

The intention to enhance security is good, but the implementation is horrible in term of user experience. There must be ways to take balance between two.

This has to be a bug. I’ve only recently started being prompted to record a video on desktop. Like others, I’m the only one using this desktop computer and want to be able to trust the browser for 30 days, like before. Instead, I’m logged out multiple times a day, forced to re-enter MFA, AND get spammed with new device login emails.

I get the login email about 5 hours after the log in, which isn’t very helpful if my account had been hacked.

I also have to re-enter the MFA code if I refresh the tab

@MaxZorin I wonder if a more descriptive thread title would get more attention from the devs?

Agree with most of the users here. I complained about it and got the usual word salad the first time. The second time was basically a “sorry, not sorry, suck it up” so I am considering taking my money somewhere else. I am not a massive trader, but none of the other platforms I use are this annoying. Like everything else nowadays, it seems purposely design to annoy the user.

This is basically shutting down the browser access for everybody without stupid webcam.

It completely defeats the purpose of using the browser now, since I have to GO GET MY PHONE anyway. I might as well open the app on my phone the moment i have it in my hand. What a way to waste everybody’s time and comfort. And seriously NO OTHER OPTION to make the device “trusted”?

I’ve been using trading 212 for 4 years now and this is the first time i got pissed off and really felt the quality of the service going down. Also why do they have to keep changing the user interface every other month, not to mention the “updated” UI is usually less functional then the previous version.

Password managers are a weakness, providing a single source of failure and a prime target.

For me, that is why this frictional hassle is an additional burden because I have to cross-reference my credentials manually each time.

As far as I’m concerned, it’s less about security and more about who gets what data and for what purposes. T212 don’t do this ID verification themselves, they outsource that to Onfido.

Rather more to the point, T212 claim that this is not for security but rather to “prove that you’re human”. They’ve already fulfilled that requirement during onboarding. They don’t need facial verification for security because they’ve already got a form of 2FA authentication in place.

T212 ought to justify to us why they need to verify biology (or possibly allow us to opt out) and, at minimum, need to demonstrate how they’re complying with Articles 5 and 6 GDPR compliance of lawful basis and minimal retention/destruction of protected data minimal.

No, I don’t trust anyone when it comes to data protection matters, nor should I need to, same as T212 can’t lawfully trust us when it comes to our being who we say we are.

HI @Bogi.H,
For those struggling without a webcam on certain devices, can you not offer a solution, such as what IBKR have.

1. Login attempted on Desktop PC
2. Push notification to mobile phone
3. Authenticate Login Request with biometrics (FaceID) on mobile phone.
4. Successful login, authentication on Desktop Device.

?

This is security theatre. Anyone who has taken hold of my password and my 2MFA doesn’t need to also register their device as trusted. They already have all my money. The only difference is that I am now inconvenience every time I use my camera-less browser.

Hey everyone

Here’s some additional context to help clarify the recent security changes.

Over the past few months, we’ve prioritised strengthening our security measures. As part of this, trusting a device can now only be completed on a device with a working camera. This doesn’t restrict access to the app - you can still log in using one-time passwords as part of our multi-factor authentication. High-risk actions such as withdrawals, payment method verification, use of the 212 card, and changes to security settings are intentionally protected with the highest level of security.

We understand that re-trusting your preferred device can add some friction, but it plays an important role in keeping your funds, investments, and personal data secure. Regarding the reports of mid-session logouts, these can occur when a security token expires after 24 hours. When this happens, you’ll be asked to log in again, even if “Remember me” was selected during your previous login.

This happens a lot more than every 24 hours though. On average I see it every 3 hours at least. Sometimes more often. And if you refresh the page, you need to login and reauth.

If it was just every 24 hours, I think that would be less of a hassle. Having to reauth 2-3 times (at least) during an 8 hour session is just a frustration.

This used to be a 30 day trusted device. Now we have to re-authenticated several times a day. Close the tab? Re-auth. Refresh the tab? Re-auth. Something is not working correctly.

Even if it was working correctly, 24 hours is too frequent. Sounds like many of us have a PC that only we use. As @Nigu said, if someone already as the password and MFA, it’s already too late.

Stop molesting desktop users, mobile users are exposed 1000 times more to unwanted access than desktop users!!!

So @MaxZorin’s thread has been merged with another, which is already marked as solved…

This issue is not solved.

How am i supposed to record a video without a webcam? Why do banks not require video authentication when using their webpage access? Another 212 format not thought through AGAIN!

There’s not a sense you’ve heard our problems, particularly for desktop users, a more secure environment.

Again, I have not seen my statements since you stopped sending them to email because of these onerous impediments. This is enshittification.