We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
How often to check fund value?
Options
Comments
-
I was genuinely interested in your view. My own is that daily is too frequent, but I wonder if I am not checking frequently enough for the purposes of security (even when I do check, I'm not verifying my linked account details haven't changed - I wonder how many people actually do that). At the moment I am reliant on my email (which is fairly locked down) to alert me that anything is going on in my account between checks.InvestInPoker wrote: »Necessary is not a word I used. It is however prudent provided you do not get stressed or jubilant over investment movements - and absolutely without question reduces the chances of a hacker successfully stealing my money or a clerical error going unnoticed. I do not believe any fund platform that I know of provides adequate security.
I agree that security of these platforms is quite poor. In fact, the current security model of asking for random digits from a password makes it easier for an adversary to capture a sufficient portion of the full password if you log in frequently. A phone based authentication loop for things like changes to a linked account and SMS confirmation of dealing would be fairly easy for them to implement and tighten things up considerably.0 -
I was genuinely interested in your view. My own is that daily is too frequent, but I wonder if I am not checking frequently enough for the purposes of security (even when I do check, I'm not verifying my linked account details haven't changed - I wonder how many people actually do that).
One thing I have caught in the past from a financial institution is my address was changed. It was not a change with malicious intent, just a spelling mistake was inserted into it but all I had done was query something unrelated to my address with another department. I made a best guess somebody had looked over my account and accidently changed something.
The problems almost always start with your email being compromised though (one of the most important things to secure). Somebody with intelligence and malicious intent who has your email login could use it undetected pretty easily.At the moment I am reliant on my email (which is fairly locked down) to alert me that anything is going on in my account between checks.I agree that security of these platforms is quite poor. In fact, the current security model of asking for random digits from a password makes it easier for an adversary to capture a sufficient portion of the full password if you log in frequently. A phone based authentication loop for things like changes to a linked account and SMS confirmation of dealing would be fairly easy for them to implement and tighten things up considerably.
Agree completely. Mobile phone authentication in some way would improve things but I still would like RSA tokens to be available from online investment platforms before I am happy about the security. One thing I caught Santander doing recently was authorising an old invalid phone number of mine (which has been resold to someone else and which I changed with them) as the number to issue codes to when I try to change something. Sigh. I've seen banks update their systems and revert phone numbers on accounts back to ones from years ago.0 -
I agree RSA token security should be implemented by platform providers. Quite a few banks provide this for free with their card readers which generate a one off pin.
I've played online games where they provide an RSA token for about £10 and the subscription fee is only around £9/month for the game plus the security. In fact, adding the security token didn't increase the monthly subscription at all.0 -
I agree RSA token security should be implemented by platform providers. Quite a few banks provide this for free with their card readers which generate a one off pin.
I've played online games where they provide an RSA token for about £10 and the subscription fee is only around £9/month for the game plus the security. In fact, adding the security token didn't increase the monthly subscription at all.
Yeah I would not mind footing the cost either (and I would assume the actual cost to be a lot more than £10) to get this on my account. I hate the card reader implementation - it's user unfriendly imo. What I would like is one of these bad boys.
0 -
Is that really your idea of a "bad boy"?InvestInPoker wrote: »Yeah I would not mind footing the cost either (and I would assume the actual cost to be a lot more than £10) to get this on my account. I hate the card reader implementation - it's user unfriendly imo. What I would like is one of these bad boys.0 -
I'd tend to agree. IIRC the card readers were found to be somewhat lacking in security anyway, and they are far less convenient. Would be nice if you could just get one token and register it for multiple sites - otherwise I'd end up with quite a few. They do have the drawback that they are time-based, so can only be used for identification, not transaction signing, so that still is one drawback to a phone-based system, which does allow out of band transaction verification (assuming a phone call, not just an SMS code).InvestInPoker wrote: »Yeah I would not mind footing the cost either (and I would assume the actual cost to be a lot more than £10) to get this on my account. I hate the card reader implementation - it's user unfriendly imo.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.1K Banking & Borrowing
- 253.2K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244.1K Work, Benefits & Business
- 599.1K Mortgages, Homes & Bills
- 177K Life & Family
- 257.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards