Your browser isn't supported
It looks like you're using an old web browser. To get the most out of the site and to ensure guides display correctly, we suggest upgrading your browser now. Download the latest:

Welcome to the MSE Forums

We're home to a fantastic community of MoneySavers but anyone can post. Please exercise caution & report spam, illegal, offensive or libellous posts/messages: click "report" or email forumteam@. Skimlinks & other affiliated links are turned on

Search
  • FIRST POST
    • Imnoexpert
    • By Imnoexpert 11th Dec 17, 2:00 AM
    • 314Posts
    • 133Thanks
    Imnoexpert
    III New Website
    • #1
    • 11th Dec 17, 2:00 AM
    III New Website 11th Dec 17 at 2:00 AM
    I was going to post this in the old III thread where we have all lambasted them for their shortcomings, however perhaps there should be a fresh start because....

    The new site looks good at first glance. Much better visually, more modern looking, with access to Morningstar Portfolio Tools and just altogether much more joined up.

    A couple of things look a little odd. My funds download in 'ticker' order rather than alphabetical by name, and I haven't worked out how to get historic transactions (maybe me).

    Anyway let's hope this is a long thread about all the things they get right in the future.
Page 1
    • Linton
    • By Linton 11th Dec 17, 7:07 AM
    • 10,180 Posts
    • 10,552 Thanks
    Linton
    • #2
    • 11th Dec 17, 7:07 AM
    • #2
    • 11th Dec 17, 7:07 AM
    I agree it looks good. I have sent them messages asking about historic transactions and setting up dividend oay away.
    • anselld
    • By anselld 11th Dec 17, 7:18 AM
    • 6,024 Posts
    • 5,757 Thanks
    anselld
    • #3
    • 11th Dec 17, 7:18 AM
    • #3
    • 11th Dec 17, 7:18 AM
    Trivial improvements at four times the cost in my case.
    I dread to think how long it will take to produce a tax certificate after a mid year platform change and without any transfer of transaction history.
    • ctdctd
    • By ctdctd 11th Dec 17, 8:29 AM
    • 895 Posts
    • 738 Thanks
    ctdctd
    • #4
    • 11th Dec 17, 8:29 AM
    • #4
    • 11th Dec 17, 8:29 AM
    They seem to have moved everything to their new platform when they said they would.
    All my ISA and SIPP account information is correct.

    Congratulations for getting it all working - I'm sure a lot happened behind the scenes over the weekend!


    Lack of transaction history is only a minor issue for me as I have everything recorded in my spreadsheet.

    Now to play with it for a bit and work out which buttons to press!
    Do Money Saving sites make you buy more bargains - and spend more money?
    • EdSwippet
    • By EdSwippet 11th Dec 17, 9:37 AM
    • 854 Posts
    • 828 Thanks
    EdSwippet
    • #5
    • 11th Dec 17, 9:37 AM
    • #5
    • 11th Dec 17, 9:37 AM
    ... I haven't worked out how to get historic transactions.
    Originally posted by Imnoexpert
    I found my old documents and trading history within 'account' > 'document history', by selecting 'Migrated Documents' from the 'Document Type' selection menu.
    • Linton
    • By Linton 11th Dec 17, 9:53 AM
    • 10,180 Posts
    • 10,552 Thanks
    Linton
    • #6
    • 11th Dec 17, 9:53 AM
    • #6
    • 11th Dec 17, 9:53 AM
    I found my old documents and trading history within 'account' > 'document history', by selecting 'Migrated Documents' from the 'Document Type' selection menu.
    Originally posted by EdSwippet
    Thanks. This contains a full annual Statement upto April 2017 and subsequent trading contract notes. However there isnt any cash transaction data after the end of the annual Statement until the last weekend when the new system started.
    • greenglide
    • By greenglide 11th Dec 17, 9:57 AM
    • 3,230 Posts
    • 2,111 Thanks
    greenglide
    • #7
    • 11th Dec 17, 9:57 AM
    • #7
    • 11th Dec 17, 9:57 AM
    .... and the "new" platform is the existing TD platform, isn't it!

    TD had "refreshed" this just before they were taken over.
    • Linton
    • By Linton 11th Dec 17, 12:04 PM
    • 10,180 Posts
    • 10,552 Thanks
    Linton
    • #8
    • 11th Dec 17, 12:04 PM
    • #8
    • 11th Dec 17, 12:04 PM
    Message from ii:

    Thank you for your secure message dated 10 December 2017.

    Your historical data is in the process of being migrated on to the new
    platform. We expect this to be complete by Wednesday. I am sorry for any
    inconvenience this may cause.
    • silvermum
    • By silvermum 11th Dec 17, 1:20 PM
    • 138 Posts
    • 44 Thanks
    silvermum
    • #9
    • 11th Dec 17, 1:20 PM
    • #9
    • 11th Dec 17, 1:20 PM
    Doesn't look too bad so far... I was also slightly panicked at having lost historical data, so hopefully that will be forthcoming asap.

    Some slight irritations about the SIPP : my employer pays in during first week of the month, so given the timing of the changeover, no payment was made for Dec. However I've just read something that says that all employer contributions will now be collected on 1st month, so I am going to have to find some way of getting them to pay extra before April!
    Also, SIPP holders, BE AWARE, it looks as if we have to re-submit Expression of Wishes forms to the new provider....
    • aguy187
    • By aguy187 12th Dec 17, 9:45 AM
    • 4 Posts
    • 0 Thanks
    aguy187
    I've only had a brief look, some things I've found so far:

    1) Major red flag. They want specific characters from my password, showing the password isn't (and presumably has never been) stored securely.

    2) The site looks more modern, but I've never liked Web 2.0. I can look at whitespace by staring at an empty desktop, I want the most information possible in the page to save having to click around. Yes, something like the old portfolio is there but there's a giant blue banner across the most important part of the screen telling you about the new portfolio. The actual holdings are shown as a minor inconsequential part of the page.

    3) History is gone, as mentioned above, though % gains and losses aren't, showing previous trade info has been migrated in some form.

    4) Dividend reinvestment is turned off now by default, but you wouldn't know as neither portfolio view shows what the current settings are.
    • fwor
    • By fwor 12th Dec 17, 11:50 AM
    • 6,093 Posts
    • 4,149 Thanks
    fwor
    1) Major red flag. They want specific characters from my password, showing the password isn't (and presumably has never been) stored securely.
    Originally posted by aguy187
    How can you infer that? What's to stop them storing each character separately and securely?
    • benalder284
    • By benalder284 12th Dec 17, 12:07 PM
    • 75 Posts
    • 50 Thanks
    benalder284
    Anyone else NOT had their monthly direct debit taken from their bank account which normally happens for me around the 10th (i.e. in the middle of the move to the new site)?


    Overall - can live with the change; don't actually use the site that much - passive portfolio with minimal re-balancing usually done via re-directing monthly contributions.
    • LHW99
    • By LHW99 12th Dec 17, 12:30 PM
    • 1,662 Posts
    • 1,524 Thanks
    LHW99
    Didn't manage to get the x-ray tool working, but that may be because its accessed using a cross-script which are turned off by default in my browser.
    Otherwise found most of what I wanted (after a quick panic because it shows shares / IT's and funds on different tabs rather than all together).
    • aguy187
    • By aguy187 12th Dec 17, 12:52 PM
    • 4 Posts
    • 0 Thanks
    aguy187
    What's to stop them storing each character separately and securely?
    Well, they could be hashing each character individually and storing them all, this would still be less secure than the old system with a password and pin, provided the old system stored the password correctly. More likely they're not hashing the password at all, or they are encrypting it in a reversible way. Hopefully if the latter they are using some kind of black box type solution where the validating characters go in and 'Yes' or 'No' comes out.

    Regardless of the method, the new single password system is both less secure and less convenient(*) than the old.

    (*for me at least, my passwords for all sites are the longest strings of random gibberish the sites will let me have)
    • EdSwippet
    • By EdSwippet 12th Dec 17, 1:01 PM
    • 854 Posts
    • 828 Thanks
    EdSwippet
    More likely they're not hashing the password at all, or they are encrypting it in a reversible way.
    Originally posted by aguy187
    I don't see this as necessarily "more likely" at all. There are several ways to store only hashes and still request n-of-m partial passwords. For example, generate and store multiple hashes for every account, one for each implemented permutation of n-of-m password challenges.
    • aguy187
    • By aguy187 12th Dec 17, 1:33 PM
    • 4 Posts
    • 0 Thanks
    aguy187
    assuming you are correct, as I said: "this would still be less secure than the old system with a password and pin".
    • EdSwippet
    • By EdSwippet 12th Dec 17, 1:48 PM
    • 854 Posts
    • 828 Thanks
    EdSwippet
    assuming you are correct, as I said: "this would still be less secure than the old system with a password and pin".
    Originally posted by aguy187
    I don't see why.

    But even if it is, there is also a separate and distinct full 'dealing password' that is required for trading, for cash withdrawals, and for any change to nominated bank account.
    • cloud_dog
    • By cloud_dog 12th Dec 17, 2:01 PM
    • 3,996 Posts
    • 2,411 Thanks
    cloud_dog
    Regardless of the method, the new single password system is both less secure and less convenient(*) than the old.
    Originally posted by aguy187
    I would disagree. It enhances security, just in case you have a key logger on your system
    Personal Responsibility - Sad but True

    Sometimes.... I am like a dog with a bone
    • aguy187
    • By aguy187 12th Dec 17, 2:13 PM
    • 4 Posts
    • 0 Thanks
    aguy187
    I hadn't setup a dealing password, but I have now!

    If you'd like some light reading on why standalone "give us x characters from your password" systems are eminently hackable I can recommend this study:

    groups.inf.ed.ac.uk/security/passwords/pps.pdf

    (sorry, for the format, I'm not allowed to post this as a link)
    • cloud_dog
    • By cloud_dog 12th Dec 17, 3:48 PM
    • 3,996 Posts
    • 2,411 Thanks
    cloud_dog
    I hadn't setup a dealing password, but I have now!

    If you'd like some light reading on why standalone "give us x characters from your password" systems are eminently hackable I can recommend this study:

    groups.inf.ed.ac.uk/security/passwords/pps.pdf

    (sorry, for the format, I'm not allowed to post this as a link)
    Originally posted by aguy187
    That's great but that is basically a statistical analysis, where the more characters you have to enter the higher the probability of it not being correct. Its basic premise is also focussed on the current implementation of a number of primarily UK institutions rather than defining the best protocol to use for this type of password and analysing accordingly.

    Indeed, the report actually states...

    With k=1, only the PIN case yields a >50% success rate (k=2 for the alphanumeric case), so it can be argued that the partial mechanism provides some improvement over normal password authentication where an observer learns a complete password in a single step.

    Where an account is hacked via brute force attack on an institution you will have far more financial protection (recovery of monies) than if someone sees, learns, guesses your password and simply withdraws funds.

    Whilst brute force or stealth hacking must by their very nature affect many many people in a single attack it would be interesting to know the propensity of unauthorised people uncovering passwords and using this information fraudulently.

    I think attributing 'value' to a password (or any security measure) is really about who is at risk? For a brute force attack I would be covered, for an individual finding out my credentials and using them and for me to prove it wasn't actually me would in all likelihood be nearly impossible.
    Last edited by cloud_dog; 12-12-2017 at 4:03 PM.
    Personal Responsibility - Sad but True

    Sometimes.... I am like a dog with a bone
Welcome to our new Forum!

Our aim is to save you money quickly and easily. We hope you like it!

Forum Team Contact us

Live Stats

2,602Posts Today

8,366Users online

Martin's Twitter