We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Platform security
webnibbler
Posts: 167 Forumite
I'm feeling quite nervous about the level on online security offered by my platform. Does anyone else feel the same? Having considerable portion of my assets behind what is a low tech login with just a username and password (12 char max I think) is a bit of a concern. Other than this the platform is good.
I believe banks have been instructed to introduce some form of 2FA, but does anyone know if platforms are expected to reach the same standard? I'm fully expecting there's going to be some sort of state sponsored cyber attack incoming in the next months. I don't have reason to expect China to target me personally! But it would be good to know it's a bit easier than just brute forcing a simple username / password combo to gain access.
I believe banks have been instructed to introduce some form of 2FA, but does anyone know if platforms are expected to reach the same standard? I'm fully expecting there's going to be some sort of state sponsored cyber attack incoming in the next months. I don't have reason to expect China to target me personally! But it would be good to know it's a bit easier than just brute forcing a simple username / password combo to gain access.
0
Comments
-
you can raise the concern with your platform, but setting up the most random password you can would be pertinent"It is prudent when shopping for something important, not to limit yourself to Pound land/Estate Agents"
G_M/ Bowlhead99 RIP0 -
Doesn't your platform lock your account after about 3 wrong attempts to enter the password?webnibbler said:But it would be good to know it's a bit easier than just brute forcing a simple username / password combo to gain access.
0 -
Yes it's a vulnerability, I just checked and there's no option to enable 2FA. I believe changing bank details will require some additional checks so it's not super easy to steal your money, but still they could mess around with your investments and sell/buy to mess you up. Also they might block suspicious logins by geolocation, but that's only a hopeful guess.
0 -
If the hacker is smart, they will use a VPN to match the location of the userPaenymion said:Yes it's a vulnerability, I just checked and there's no option to enable 2FA. I believe changing bank details will require some additional checks so it's not super easy to steal your money, but still they could mess around with your investments and sell/buy to mess you up. Also they might block suspicious logins by geolocation, but that's only a hopeful guess."It is prudent when shopping for something important, not to limit yourself to Pound land/Estate Agents"
G_M/ Bowlhead99 RIP0 -
I'm feeling quite nervous about the level on online security offered by my platform. Does anyone else feel the same?
I don't know who your platform is so I cannot say. However, I have no issues with ours.
Its not as if you can draw money to a different bank by using your login.
I am an Independent Financial Adviser (IFA). The comments I make are just my opinion and are for discussion purposes only. They are not financial advice and you should not treat them as such. If you feel an area discussed may be relevant to you, then please seek advice from an Independent Financial Adviser local to you.1 -
One of my platforms will only work on a verified device(s) . If you try to log in via a different device , you have to go through extra security processes. No idea if this really gives much more security or not .
Also with a SIPP/pension you can not normally just go in and withdraw money on line ( the withdrawal systems are a source of frustration according to many posters on this forum )
0 -
OP please name the platform you have concerns about. You could remove your linked bank account if that bothers you, then the worst a malicious actor could do, in the unlikely event that they obtained access to your platform account, is rebalance your portfolio.
0 -
Hopefully not all into Gold ETC'sSwipe said:OP please name the platform you have concerns about. You could remove your linked bank account if that bothers you, then the worst a malicious actor could do, in the unlikely event that they obtained access to your platform account, is rebalance your portfolio.
"It is prudent when shopping for something important, not to limit yourself to Pound land/Estate Agents"
G_M/ Bowlhead99 RIP0 -
I guess there will be some retry limit on login attempts, but it's not something I've tested.dont_look_now said:Doesn't your platform lock your account after about 3 wrong attempts to enter the password?OP please name the platform you have concerns about. You could remove your linked bank account if that bothers you, then the worst a malicious actor could do, in the unlikely event that they obtained access to your platform account, is rebalance your portfolio.I didn't want to single out my platform particularly for criticism by naming them as I've used a few and they all generally a simple username / password login, albeit some have an additional second passcode. But it seems odd to me that banks are required to implement 2FA while platforms aren't. I'd guess once in an attacker would fairly easily change or add a different bank account to remove cash and then potentially sell ISA investments.
I've contacted the platform and asked if they have plans to implement more security measures.0 -
If you are only allowed to use a password for security then as long as it is using the full 12 characters, not shared with any other service and it is completely random (no words, altered words or phrases) then there is almost no chance anyone getting into the account.
Even then, that only matters if the platform itself gets hacked and the accounts are compromised. The mostly likely modern attack comes in the form of phishing and then your password is irrelevant anyway.2
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.7K Banking & Borrowing
- 253.4K Reduce Debt & Boost Income
- 454K Spending & Discounts
- 244.7K Work, Benefits & Business
- 600.1K Mortgages, Homes & Bills
- 177.3K Life & Family
- 258.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards