The security of so-called ‘two-factor authentication’ is a joke!

@Fleura (30662)
United Kingdom
September 17, 2022 2:58am CST
Ever since this was first brought in I have been saying this, but no-one is listening! If a mobile ‘phone is stolen, and this is one of the devices used by your bank in its two-factor authentication process, especially if you use a banking app on the same device, how can this possibly be secure? When banking staff try to persuade me to switch to a more technical way of accessing my account and I ask them this they just smile and assure me it’s all fine, but that I don’t have to use it if I don’t want to – in that kind of ‘Well never mind, she’s obviously just too old to understand this modern way of doing things’ kind of way. When I use online banking at home, the bank sends a supposedly secure code to my ‘phone, but because the ‘phone shows alerts even on the locked screen, anyone who picks it up and presses the button to turn the screen on can read the first five or six words of any email or text message. And guess what – the codes sent by the bank are only a few words long, normally along the lines of ‘your one-time passcode is 123456’ Now it seems a thief (or a group) have been taking advantage of this to steal thousands of pounds, and it’s so simple! Even I can see how easy it is. They just have to steal someone’s bank card and phone and they’re all set – and many people use a phone case which is also a card wallet so what could possibly be easier? Just handing everything necessary to the thief on a plate, so to speak. How to avoid this: #1 Don’t keep your bank card and ‘phone together! Those smart-looking wallets are so tempting, but don’t go for it! #2 Change your ‘phone settings so that alerts are not shown on your locked screen (instructions are in the linked news story – I just have to figure out how to do this because I fall at the first hurdle – ‘go to settings’ – how do I do that??) Of course the little alerts are rather useful, so many people won't want to do that. #3 This one is for the bank – if they just changed the messages so that they said something longer before giving the code, that would solve this particular problem. For example ‘Thanks for using online banking, Your one-time passcode is below’ You can read the story here: All rights reserved. © Text copyright Fleur 2022.
A serial thief is targeting well-off young women across London's gyms. How is she doing it?
15 people like this
16 responses
@xFiacre (13269)
• Ireland
17 Sep 22
@fleura I know several people who work in banking security trying to thwart the activities of n’er-do-wells, but they can only come up with dreadfully complicated solutions to very simple problems. No need to jabber on about protocols and encryption - just be sensible, then the army of security advisers could be dismissed and bank charges could be reduced.
5 people like this
@vandana7 (100843)
• India
1 Oct 22
Spending more time with complicated stuff will invariably make mind incapable of accepting simple solutions.... I think.
2 people like this
@xFiacre (13269)
• Ireland
17 Sep 22
@PhredWreck Or perhaps it’s a cunning ploy to disenfranchise those who don’t vote the right way.
2 people like this
@LadyDuck (472355)
• Switzerland
17 Sep 22
I fully agree about the non safety of the two factor authentication. When the bank used to send a "secret code" chart every 3 months, unless we were so idiot to print it and keep with us, no one could access that chart and the security code was generated at every log in. I do not bring with me the phone I use for the login authentication. I put the SIM in an old phone that do not even connect to the Internet, I get my code via TXT message and I use the computer for my online operations. A lot safer.
4 people like this
@LadyDuck (472355)
• Switzerland
17 Sep 22
@Fleura - I also only use my computer for online banking. I have my old cellphone to receive the secret code. I avoid doing online payments when my husband is doing something at his computer that seems important.
1 person likes this
@Fleura (30662)
• United Kingdom
18 Sep 22
@crossbones27 Makes no sense to me either, but they just look at me is though I'm way behind the times if I dare to question...
1 person likes this
@Fleura (30662)
• United Kingdom
17 Sep 22
I always use the computer for online banking but often use the mobile phone to receive the codes, because sometimes I am not at home, or else my partner is working right next to the phone and I don't want to disturb his virtual meetings when the landline rings!
1 person likes this
@snowy22315 (183464)
• United States
17 Sep 22
Good idea not to keep your purse and phone together, but if you lose your purse that contains both debit cards and phone you are really out of luck.
2 people like this
@vandana7 (100843)
• India
1 Oct 22
@Fleura Why can't they link it with iris? Kinda...will ensure that card or no card, you are good to go.
1 person likes this
@Fleura (30662)
• United Kingdom
18 Sep 22
Very true, and there's a limit to how many different things you can carry about!
2 people like this
@DaddyEvil (138916)
• United States
17 Sep 22
I don't use online banking for that reason... and have blocked anything from showing on my lock screen. Plus, there is a code to access anything in my phone.
2 people like this
@Fleura (30662)
• United Kingdom
17 Sep 22
You are obviously ahead of the banking security people!
2 people like this
@DaddyEvil (138916)
• United States
17 Sep 22
@Fleura I shut all that down as soon as I start setting up a new phone. I also don't let a phone talk to me or listen to me, either.
2 people like this
@vandana7 (100843)
• India
1 Oct 22
@Fleura He did it to ensure his one girlfriend does not know the other ...two timing stuff...sigh...guys need it for that. SMH.
2 people like this
@JudyEv (343439)
• Rockingham, Australia
17 Sep 22
Thanks @rebelann1949 for the suggestion. I've sent this on to Vince for him to read. I've read it too but I'm battling to answer my phone let alone do anything else with it.
2 people like this
@vandana7 (100843)
• India
1 Oct 22
You are a celebrity...:)
2 people like this
@vandana7 (100843)
• India
2 Oct 22
@JudyEv Because your phone is constantly ringing. Evil Grin.
2 people like this
@JudyEv (343439)
• Rockingham, Australia
2 Oct 22
@vandana7 Why? Because I can't use my phone?
2 people like this
@CarolDM (203422)
• Nashville, Tennessee
17 Sep 22
Important message for everyone to read here. I keep my phone locked and nothing comes up on my home screen.
2 people like this
@Fleura (30662)
• United Kingdom
18 Sep 22
That's good. I need to work out how to change settings, because I have noticed this issue with the codes before.
2 people like this
@CarolDM (203422)
• Nashville, Tennessee
18 Sep 22
@Fleura There is a settings icon on my phone to do that.
1 person likes this
@pumpkinjam (8811)
• United Kingdom
26 Oct 22
I said something similar to this to my husband yesterday. My bank now wants me to have face recognition for their app - I can see it is great for security but I don't want that. I said the same as you about the text authentication. I get then for other things such as PayPal but, as I said to my husband and you said here, it's redundant if the notification is on a device if the device is stolen.
1 person likes this
• United Kingdom
27 Oct 22
@Fleura if they insist on face recognition, it could lead to chopping off heads!
1 person likes this
@Fleura (30662)
• United Kingdom
26 Oct 22
I really don't understand how it's meant to be secure, it sounds anything but to me! They haven't asked for face recognition yet, I think fingerprint technology has been mentioned, but to my mind that is just asking for criminals to cut your fingers off!
1 person likes this
@Fleura (30662)
• United Kingdom
27 Oct 22
@pumpkinjam How can they not forsee these (apparently obvious) consequences?
1 person likes this
@BarBaraPrz (48012)
• St. Catharines, Ontario
17 Sep 22
I don't have a cell phone, so now if I want to check my account while I'm at Juanita's I won't be able to get the passcode. (Now that I have a laptop, I take it with me when I visit her.) And the message I get is along the lines "to check your account from a NEW location..." Home and my laptop are not NEW locations!
2 people like this
@Fleura (30662)
• United Kingdom
2 Oct 22
That is very annoying, all this security stuff seems to hinder the legitimate users more than the criminals
1 person likes this
@hotsummer (13837)
• Philippines
17 Sep 22
I do mobile banking also. Yes if your phone stolen then they can just ask for password reset using your number. But for me i use my second phone when i go out. I only do mobile banking at home with my first phone . Also I use my first number to register in different diigital payment apps. I can access and open those account in my second phone. I used a very long and difficult passwords. Even if it' got lost , they can not reset the passwords on that second phone. Even if they try, they won't receive the password reset code on that phone instead the phone i left at home will receive the link. And Even if they open my email account on my phone, they can't reset password using my email. I can easily change my passwords on my email also
1 person likes this
@Fleura (30662)
• United Kingdom
18 Sep 22
Sounds like you are really savvy and on the ball with this!
@vandana7 (100843)
• India
1 Oct 22
That is why I tend to route every receipt through a main account which is about 500 physical steps from our flat. Thereafter, I transfer amounts from this to other accounts, yes, online. Small small amounts. I never keep large amounts in any account. If there is substantial amount, there is standing instruction to convert it into FD. That way Fixed deposits cannot be accessed without me signing papers physically. One of the accounts with smaller amounts is linked to UPI so that I can use it. Your suggestion for the banks is too good...
1 person likes this
@vandana7 (100843)
• India
1 Oct 22
@Fleura Nobody ever suggested that. I am going to suggest it to my bank now.
1 person likes this
@Fleura (30662)
• United Kingdom
1 Oct 22
Sounds as though you have got good control of things. But I don't understand why the banks can't make such a simple change : (
1 person likes this
@crossbones27 (49885)
• Mojave, California
17 Sep 22
My bank is good they give options, they better be at a million dollars a late fee. I threw phone out the window. Only place I know that allows you to get into your account with out phone. I have to use my sisters phone to get into Paypal now. Dumb rules. Funny thing is my brother goes someone hacked my account in paypal and I was thinking why, you never have money. He likes to piss me off because I said technology does not make anything better and made life worse. He also know's I am pissed about paypal's dumb new rules you need a phone to log in. I have my phone so can go look at my bank of 0, you cannot.
1 person likes this
@Fleura (30662)
• United Kingdom
17 Sep 22
It's a joke, they expect you to buy all these expensive gadgets!
1 person likes this
@wolfgirl569 (109578)
• Marion, Ohio
17 Sep 22
Settings on my phone looks like a little gear if that helps you. I never have everything together.
2 people like this
@JESSY3236 (20140)
• United States
20 Sep 22
It's not just the banks that have that 2 factor thing. That is a good tip and I did it.
1 person likes this
@Fleura (30662)
• United Kingdom
20 Sep 22
No you're right, and I have noticed this problem with several institutions. Only one that I deal with sends a message long enough that the code doesn't appear on the locked screen.
1 person likes this
@Dena91 (16754)
• United States
18 Sep 22
Why we don't do any banking on our phones. Guess we are dinosaurs, we prefer face to face interaction with an actual employee of the bank. Very useful information, thanks for sharing.
1 person likes this
@Fleura (30662)
• United Kingdom
18 Sep 22
It's getting harder and harder here to get to an actual bank, so many branches have been closed! They are pushing us to use digital banking more and more - then they blame us when it isn't secure enough.
1 person likes this
@GardenGerty (161471)
• United States
17 Sep 22
There are many things we do "for convenience" that set a trap for us like this. I like to keep everything separate and I do very little on my mobile phone.
1 person likes this
@LindaOHio (183959)
• United States
17 Sep 22
I use our landline to get codes from the bank. It's an audio response.
1 person likes this
@Fleura (30662)
• United Kingdom
17 Sep 22
I always used to do that, but since Covid meant that my partner was working from home all the time I had to switch because otherwise his virtual meetings get disturbed by the phone ringing right next to him! Also sometimes I have to pay something when I'm not at home.
1 person likes this