Hi, 2FA or MFA have become a security standard nowadays. Even simple websites use it, not to mention online brokers. I believe this is a big minus for Trading 212 in regards to the competition, it sends an untrustworthy message. And the solution should be quite simple.
Is there a plan to introduce this feature? On both mobile app and website of course.
Itās somewhat funny that even this community forum has 2FA option, but not the actual platformā¦ where security breachesā impacts are astronomically higher.
Ideally they(t212) would use risk factor authentication. Where as in high risk it asks for step up auth. Meaning not just fingerprint/pass but also Sms/otp or push notific.
But lower risk would only require fingerprint/pass.
Risk is based on AI learning each users pattern aka device used , location , time etcā¦
Somehow , I am not impressed at having google token or MS token as 2fa when I am accessing app via mobile. It would make sense if you use mobile purely for auth, but other device to actually access the application. To have any purpose of MFA.
as long as a password ācanā accept numbers, upper and low case, special symbols. then even if your password doesnt have them all, it sees the same time protections as the hack has to go through those additional variations regardless.
Itās better if people thing of it as āpassphraseā instead of āpasswordā, ultimately if your password is just 8 characters long, it doesnt matter how complex it is and how many things can be put in it, typical password hacks involve AI and it will just brute force its way in without taking too long. if its too complex you end up recording it somewhere which then becomes the weakspot of your account.
make a passphrase of about 32 characters that is easy for you to remember without writing down anywhere and you will never face this issue. the only true protection with passwords now are length. the longer the password (that canāt be guessed), the more secure your account.
I am concerned of seeing some traces on the internet containing your company data which might have been phishing attempts. For example there are cached sites like fxforex or obexforex which contained your data, but these names do not seem to appear in the Companies House or FCA registries.
Either if they were real names or phishing attempts, I think in both cases these events should appear in your Help section, so people can be informed.
It seems a bit strange that you do not have a Security section ā¦
I am also waiting for this to be resolved. I find it really weird financial site which claims to be super safe doesnt have such basic feature.
I am not gonna trust t212 with any substantial money before 2fa is introduced.
And to people who claim regular password are hard to hack - your password can be stolen by malware when you type it. With 2fa there is additional layer of security - your phone is required.
Sort it out pls
Yea, itād be nice to have for an extra level of safety.
That said, nearly all hacks are done by compromising the servers of a company, not directly guessing or keyloggers on your pc.
Phishing campaigns and server breaches are the common ways nowadays. No criminal is guessing passwords or using brute force attempts in todays age.
But, seeing as Trading212 only sends funds back to the account you funded it with, itās pretty safe.
Iām in the same boat. I created this thread a while ago, but still no implementation for this critical essential feature. Iām staying away from T212 until 2FA is introduced, very untrustworthy for a financial institution not to have it.
itās not a requirement to be a financial institution. and just having a feature doesnāt guarantee your account is safer than before. itās wanted, but not essential.
I can can use just a password and by changing it every so often my account is just as secure as someone who doesnāt but adds an additional layer of security to their account.
It is essential because it can make your account immune to brute force and keylogger malware, practices widely used. No matter how lengthy your password is or how often you change it, itās very simple to lose your credentials to malware having infected your PC beforehand. If you take OS security seriously, have a good antivirus and keep all software updated you are doing great! But not everyone does this, for the average user itās quite easy to get infected with keyloggers. Plenty of torrents, fake keygens, shady websites which can be bundled with such malware.
Youāre right, for now the best thing to do is have a lengthy password, regardless of complexity. Quick way to check password safety by length: https://random-ize.com/how-long-to-hack-pass
This topic doesnāt even need justification, every reputable online broker has 2FA so T212 is just getting left behind concerning security hereā¦ but I hope I am proven wrong soon
Having this feature is something while using it another. Not everyone should feel a necessity to use 2fa, but providing such an option is almost a must for a financing platform.
As @Vedran said, it is already on the roadmap, so we hope to have this feature soon.
