Why no Two-Factor Authentication?

Hi, 2FA or MFA have become a security standard nowadays. Even simple websites use it, not to mention online brokers. I believe this is a big minus for Trading 212 in regards to the competition, it sends an untrustworthy message. And the solution should be quite simple.

Is there a plan to introduce this feature? On both mobile app and website of course.

It’s somewhat funny that even this community forum has 2FA option, but not the actual platform… where security breaches’ impacts are astronomically higher.

Thanks!

7 Likes

Ideally they(t212) would use risk factor authentication. Where as in high risk it asks for step up auth. Meaning not just fingerprint/pass but also Sms/otp or push notific.

But lower risk would only require fingerprint/pass.

Risk is based on AI learning each users pattern aka device used , location , time etc…

Somehow , I am not impressed at having google token or MS token as 2fa when I am accessing app via mobile. It would make sense if you use mobile purely for auth, but other device to actually access the application. To have any purpose of MFA.

1 Like

2FA has been prioritised last week and will soon enter development.

24 Likes

Ah perfect! Thank you

It was also in my mind as well and good to hear that 2FA is prioritised,

really needed. is there an ETA?

You dont rush security features…

Proper complex password takes ages to break.

12+ Characters, numbers, upper lower bracket, special characters and you are good to go.

as long as a password ‘can’ accept numbers, upper and low case, special symbols. then even if your password doesnt have them all, it sees the same time protections as the hack has to go through those additional variations regardless.

It’s better if people thing of it as “passphrase” instead of “password”, ultimately if your password is just 8 characters long, it doesnt matter how complex it is and how many things can be put in it, typical password hacks involve AI and it will just brute force its way in without taking too long. if its too complex you end up recording it somewhere which then becomes the weakspot of your account.

make a passphrase of about 32 characters that is easy for you to remember without writing down anywhere and you will never face this issue. the only true protection with passwords now are length. the longer the password (that can’t be guessed), the more secure your account.

1 Like

Hello,

Any updates on this?

I am concerned of seeing some traces on the internet containing your company data which might have been phishing attempts. For example there are cached sites like fxforex or obexforex which contained your data, but these names do not seem to appear in the Companies House or FCA registries.

Either if they were real names or phishing attempts, I think in both cases these events should appear in your Help section, so people can be informed.
It seems a bit strange that you do not have a Security section …

Thank you!

I am also waiting for this to be resolved. I find it really weird financial site which claims to be super safe doesnt have such basic feature.
I am not gonna trust t212 with any substantial money before 2fa is introduced.
And to people who claim regular password are hard to hack - your password can be stolen by malware when you type it. With 2fa there is additional layer of security - your phone is required.
Sort it out pls

Yea, it’d be nice to have for an extra level of safety.

That said, nearly all hacks are done by compromising the servers of a company, not directly guessing or keyloggers on your pc.
Phishing campaigns and server breaches are the common ways nowadays. No criminal is guessing passwords or using brute force attempts in todays age.

But, seeing as Trading212 only sends funds back to the account you funded it with, it’s pretty safe. :sunglasses: :face_with_monocle:

@Ghua

1 Like

I’m in the same boat. I created this thread a while ago, but still no implementation for this critical essential feature. I’m staying away from T212 until 2FA is introduced, very untrustworthy for a financial institution not to have it.

it’s not a requirement to be a financial institution. and just having a feature doesn’t guarantee your account is safer than before. it’s wanted, but not essential.

I can can use just a password and by changing it every so often my account is just as secure as someone who doesn’t but adds an additional layer of security to their account.

It is essential because it can make your account immune to brute force and keylogger malware, practices widely used. No matter how lengthy your password is or how often you change it, it’s very simple to lose your credentials to malware having infected your PC beforehand. If you take OS security seriously, have a good antivirus and keep all software updated you are doing great! But not everyone does this, for the average user it’s quite easy to get infected with keyloggers. Plenty of torrents, fake keygens, shady websites which can be bundled with such malware.

You’re right, for now the best thing to do is have a lengthy password, regardless of complexity. Quick way to check password safety by length: https://random-ize.com/how-long-to-hack-pass

This topic doesn’t even need justification, every reputable online broker has 2FA so T212 is just getting left behind concerning security here… but I hope I am proven wrong soon :wink:

If i was professional, I would definitely not target end users. Rather I would focus on employees of t212 to get access to whole infrastructure.

Its like theft, pickpockets go for pennies, professionals go for millions.

If i was targeting end user than I would go for email as this is basically key to all locks…

But yea 2fa roxx.

if your that concerned use an on screen keyboard as a keylogger cannot determine where the user clicks!

Anyway t212 promised 2fa, so it is in pipe. Will happen sooner or later. :wink:

Having this feature is something while using it another. Not everyone should feel a necessity to use 2fa, but providing such an option is almost a must for a financing platform.

As @Vedran said, it is already on the roadmap, so we hope to have this feature soon.

2FA will be released in May.

7 Likes