We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
2FA authorization
Options
jimlambe
Posts: 4 Newbie
Does anybody know which banks use secure 2FA authorization (via an app or hardware token) and not use insecure OTP via SMS.
There is very little I can find about this
Jim!
There is very little I can find about this
Jim!
0
Comments
-
Does anybody know which banks use secure 2FA authorization (via an app or hardware token) and not use insecure OTP via SMS.
There is very little I can find about this
Jim!
First Direct are forcing this on their customers. Whilst more enlightened banks such as BOS have a system whereby you can authenticate (trust) your hardware device, FD are back in the Stone Age with a separate device needed to even log on.0 -
I started a thread last year looking to summarise the 2FA posture adopted by each of the main players - I haven't updated it for a while once the implementation deadline was deferred but I expect it'll become a more prominent issue again as we get closer to March:
https://forums.moneysavingexpert.com/discussion/6021774/strong-customer-authentication-now-delayed-changes-to-online-verification0 -
Lloyds, Halifax and presumably Bank of Scotland use telephone calls.
HSBC uses an app or a physical security dongle. They are the only bank to take this approach.
Nationwide, NatWest, RBS and the Co-operative Bank use card readers (Nationwide, optionally, can send you SMS OTPs for logging on to online banking only - or you can use a card reader.)
Monzo uses emails.
Santander are essentially the only major bank solely using texted OTPs.urs sinserly,
~~joosy jeezus~~0 -
Santander also use authentication through the app for some transactions.JuicyJesus wrote: »Santander are essentially the only major bank solely using texted OTPs.0 -
First Direct (HSBC) not only use secure 2FA as above but also
1. only allow one instance of their banking app and
2. use voice ID to prevent anyone calling up and pretending to be you.
Their physical dongle is tied to your account ie no one can use their own dongle on your account.
FD also do not allow you to reset internet banking credentials using your debit card you have to call if you 'forget' your internet banking logon details - protected by voice ID
This in my view make FD the most secure bank of the lot.0 -
First Direct (HSBC) not only use secure 2FA as above but also
1. only allow one instance of their banking app and
2. use voice ID to prevent anyone calling up and pretending to be you.
Their physical dongle is tied to your account ie no one can use their own dongle on your account.
FD also do not allow you to reset internet banking credentials using your debit card you have to call if you 'forget' your internet banking logon details - protected by voice ID
This in my view make FD the most secure bank of the lot.
And the most difficult to interact with.0 -
They should rename themselves into the Marmite Bank as some people don't like them at all and others swear by them.johnsmith1890 wrote: »And the most difficult to interact with.0 -
JuicyJesus wrote: »Nationwide, NatWest, RBS and the Co-operative Bank use card readers
Santander are essentially the only major bank solely using texted OTPs.
Co-op/Smile have stopped using card readers in favour of text codes.0 -
I don't think you are going to be able to escape this for online debit card transactions unfortunately, even if you can for logging in to internet banking and setting up bank transfers.0
-
As others have said, I think it's only HSBC that offer access via a separate electronic gizmo.
Great, until the battery dies :cool:
- and assuming you carry the gizmo with you at all times.
If you want real old skool, then Skipton have a grid card specific to you. Works a bit like an electronic gizmo, but no fear of any dead batteries
- but you only need the grid card to authorise certain transactions; logging in can be done without the grid card.
Which leads me to a question over HSBC that perhaps someone could assist me with, please?
Before my HSBC gizmo battery died, I could access my online HSBC account either using the gizmo, or using an additional password (although that only gave limitted access); this was a godsend when the HSBC gizmo died.
Since then, I have received a new, replacement HSBC gizmo (as they are not designed to allow you to simply replace a dead battery). Ever since I have had this new gizmo, I am only allowed access to my online account using that security gizmo.
Does anyone know if there is anyway to reinstate the alternative of limited access I used to have that required only the second password?0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.9K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244K Work, Benefits & Business
- 598.8K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards