Skipton BS authentication system.

dosh37 · 9 July at 4:17PM

I recently opened a Skipton BS easy access bonus saver account.

They operate two different authentication systems:-

One requires you to install an app on your 'smart' phone. That requires a device specific registration code sent through the post.

The other uses conventional 2-factor authentication and requires you to request an OTC registration code - also sent through the post.

I don't like using phone apps to manage savings accounts so I requested the OTC code.

It took so long for the OTC code to arrive through the post that I ended up installing the mobile app instead and registered my device.

Some days later the OTC registration code arrived.

I could find no information on the website to explain what happens if you register both the app and OTC codes, so I sent a secure message:-

====

While waiting for my OTC reg code to arrive through the post, I received the reg code for the Skipton app. Rather than wait for the OTC code, I installed the app on my phone and registered my mobile device.

The OTC code eventually arrived a few days later.

My question now is:-

If I register the OTC code in addition to the app, what will happen when I use my PC to manage my account?

Will the system use 2 factor authentication or will it expect to use the app on my mobile phone? Will the system prompt me to choose between the two options each time I login and/or carry out a transaction?

I can find no information on the Skipton website that explains how this works.

IMHO, having two different authentication methods is unnecessary and over complicates things for the average user.

====

Here is the reply:-

You cannot hold both codes, as you have now registered for the app code you will not be able to register for the one time code you will need to dispose of the OTC code letter as this will no longer work as you have registered the app.

====

To me this is just plain stupid!

The implication is that 2-factor authentication (OTC) is not considered sufficiently secure and that users should use mobile device specific registration instead. If that is the case, then why still offer OTC?

What happens if I change my phone?

What happens if I subsequently want to manage my savings account without using a mobile phone?

GeoffTF · 9 July at 4:35PM

I was able to switch from mobile phone authentication to SMS authentication. When I selected mobile authentication, I was under the impression that the mobile phone app was just an authenticator, but it turned out give access to my Skipton accounts from my phone. I did not want that. I was able to uninstall the app and Skipton sent me a new code in the post, but that was over a year ago.

dosh37 · 9 July at 4:45PM

GeoffTF said:

I was able to switch from mobile phone authentication to SMS authentication. When I selected mobile authentication, I was under the impression that the mobile phone app was just an authenticator, but it turned out give access to my Skipton accounts from my phone. I did not want that. I was able to uninstall the app and Skipton sent me a new code in the post, but that was over a year ago.

How did you arrange that? Secure message / phone?

Either way it seems a ridiculous way to manage user authentication.

As you can see from their reply, they offered no option to switch between the two authentication methods.

GeoffTF · 9 July at 6:08PM

dosh37 said:

GeoffTF said:

I was able to switch from mobile phone authentication to SMS authentication. When I selected mobile authentication, I was under the impression that the mobile phone app was just an authenticator, but it turned out give access to my Skipton accounts from my phone. I did not want that. I was able to uninstall the app and Skipton sent me a new code in the post, but that was over a year ago.

How did you arrange that? Secure message / phone?
Either way it seems a ridiculous way to manage user authentication.

As you can see from their reply, they offered no option to switch between the two authentication methods.

I do not have any secure messages recorded, so it was not that. I did not go into a branch either. That leaves the chat facility and a phone call. I do not remember which. You could try the chat and phone then them if that fails. I have read too many stories about people having their accounts drained when their phones are stolen to be keen on using the app.

etienneg · 9 July at 6:57PM

None of these problems would have happened if you had just been patient and waited for the OTC code to arrive in the post. Now it's likely to take you much longer to sort this out than just waiting in the first place!

dosh37 · 9 July at 7:57PM

etienneg said:

None of these problems would have happened if you had just been patient and waited for the OTC code to arrive in the post. Now it's likely to take you much longer to sort this out than just waiting in the first place!

No other online savings organisations I have encountered operate in this way so I may transfer the funds elsewhere.

masonic · 9 July at 9:39PM

I seem to have got away with just SMS for 2FA. I wouldn't install an app for a savings account. I haven't needed to receive anything in the post, thankfully.

GeoffTF · 10 July at 12:05PM

dosh37 said:

etienneg said:

None of these problems would have happened if you had just been patient and waited for the OTC code to arrive in the post. Now it's likely to take you much longer to sort this out than just waiting in the first place!
No other online savings organisations I have encountered operate in this way so I may transfer the funds elsewhere.

I have found the Skipton to be excellent. I get consistently good interest rates, email alerts, two nominated accounts, branch service, and I have my state pension paid in, earning interest from day 1.

Skipton BS authentication system.

Comments

Confirm your email address to Create Threads and Reply

🚀 Getting Started

Categories

Is this how you want to be seen?

Get our FREE Weekly email full of deals & guides - and it’s spam-free