Remove ads

Introducing the LemonFools Personal Finance Calculators

Recommendations for brokers -- two factor authentication

grizzlegeo
Posts: 3
Joined: April 13th, 2018, 9:33 am
Has thanked: 3 times
Been thanked: 1 time

Recommendations for brokers -- two factor authentication

#131871

Postby grizzlegeo » April 13th, 2018, 9:47 am

My portfolio are starting to grow to large amounts. I'm looking for recommendations for new brokers so I can spread out my counterparty risk. In particular, does anyone know of a broker with two factor authentication that does not charge an arm and leg. Currently with HSBC (has two factor but rather pricey at 0.35% a year) and III (cheap, but no two factor).

FredBloggs
Lemon Quarter
Posts: 2139
Joined: November 12th, 2016, 8:42 am
Has thanked: 626 times
Been thanked: 399 times

Re: Recommendations for brokers -- two factor authentication

#131873

Postby FredBloggs » April 13th, 2018, 10:00 am

Just to point out that for the purpose of making a transaction at II then you need to know the trading password in addition to being able to log in. Is this enough of "two factor" or not? HTH.

scrumpyjack
2 Lemon pips
Posts: 199
Joined: November 4th, 2016, 10:15 am
Has thanked: 10 times
Been thanked: 46 times

Re: Recommendations for brokers -- two factor authentication

#131877

Postby scrumpyjack » April 13th, 2018, 10:09 am

With most brokers, you can only get money out to your linked account. So even if someone managed to get into your account, I can't really see how you can lose out.

To carry out any transaction you generally need a second (trading) password.

Most brokers have additional security questions that are triggered if you are using a PC not previously used for accessing your account and when any transaction is carried out you get an email confirming it, so you would be aware of unauthorised access immediately.

mrbrightside
Lemon Pip
Posts: 52
Joined: March 10th, 2017, 11:44 am
Has thanked: 26 times
Been thanked: 9 times

Re: Recommendations for brokers -- two factor authentication

#131879

Postby mrbrightside » April 13th, 2018, 10:18 am

AJ Bell YouInvest offer two factor authentication and reasonable fees.

https://www.youinvest.co.uk/security-ce ... y-features

HTH - Andy

vrdiver
Lemon Quarter
Posts: 1306
Joined: November 5th, 2016, 2:22 am
Has thanked: 185 times
Been thanked: 378 times

Re: Recommendations for brokers -- two factor authentication

#131880

Postby vrdiver » April 13th, 2018, 10:21 am

Youinvest have optional 2 factor authentication (as in it's optional to set up).

Their fees are reasonable depending on what you invest in (e.g. directly held equities, ETFS and ITs are good, but funds can be expensive).

They also seem pretty reliable - dividends paid promptly, PID tax reclaimed promptly where applicable etc.

Full details available from https://www.youinvest.co.uk/charges-and-rates

VRD

(no connection except as satisfied customer)

GeoffF100
Lemon Slice
Posts: 997
Joined: November 14th, 2016, 7:33 pm
Has thanked: 28 times
Been thanked: 133 times

Re: Recommendations for brokers -- two factor authentication

#131892

Postby GeoffF100 » April 13th, 2018, 10:44 am

With iWeb you get an email whenever a transaction occurs on your account. (N.B. It is not a good idea to access financial sites and receive email on the same device.) As with most brokers, you can only withdraw money to your nominated account. Two factor authentication often relies on sending a code to your mobile via a text message. There have been scandals concerning lax controls for transferring SIMs. Getting an email on your mobile may be more secure.

vrdiver
Lemon Quarter
Posts: 1306
Joined: November 5th, 2016, 2:22 am
Has thanked: 185 times
Been thanked: 378 times

Re: Recommendations for brokers -- two factor authentication

#131899

Postby vrdiver » April 13th, 2018, 10:58 am

GeoffF100 wrote:With iWeb you get an email whenever a transaction occurs on your account.

Ditto Youinvest.

Also, to the point Geoff makes re 2 factor authentication via email, couldn't agree more. (I use Google Authenticator to generate the second factor, so no email connection in the security loop, and actually not even any named link in Authenticator to the account or website that it's authenticating :)

Steveam
Lemon Pip
Posts: 76
Joined: March 18th, 2017, 10:22 pm
Has thanked: 59 times
Been thanked: 46 times

Re: Recommendations for brokers -- two factor authentication

#131908

Postby Steveam » April 13th, 2018, 11:18 am

Another recommendation for AJ Bell. Their two factor works easily to my smart phone. I wish other brokers would add something similar.

Best wishes,

Steve

syrio
Lemon Pip
Posts: 97
Joined: April 24th, 2017, 10:21 pm
Has thanked: 26 times
Been thanked: 20 times

Re: Recommendations for brokers -- two factor authentication

#138054

Postby syrio » May 10th, 2018, 12:22 pm

> Getting an email on your mobile may be more secure.

I don't think so - because if someone can get hold of your passwords (one factor) then they will be able to get your email account and intercept or forward the code. So it is really only a one factor method. Unless you have two factor on your email account I suppose, which probably makes it a bit better.

Best option is a TOTP app like Google Authenticator, Authy etc. SMS Text to a mobile isn't as secure, but a lot better than email.

GeoffF100
Lemon Slice
Posts: 997
Joined: November 14th, 2016, 7:33 pm
Has thanked: 28 times
Been thanked: 133 times

Re: Recommendations for brokers -- two factor authentication

#138111

Postby GeoffF100 » May 10th, 2018, 3:58 pm

syrio wrote:> Getting an email on your mobile may be more secure.

I don't think so - because if someone can get hold of your passwords (one factor) then they will be able to get your email account and intercept or forward the code. So it is really only a one factor method. Unless you have two factor on your email account I suppose, which probably makes it a bit better.

Best option is a TOTP app like Google Authenticator, Authy etc. SMS Text to a mobile isn't as secure, but a lot better than email.

If you receive emails on a second device (e.g. your phone), a hacker needs to penetrate both devices or intercept the email before it gets to you. The OTP is not encrypted whether you send it via a text or via email. The worry with texts is that a hacker can transfer your mobile number to another device. Receiving an encrypted message on another device would be better, using Whatsapp or something like that.

Coventry Building Society uses a very simple, cheap second factor. They send you a card with grid squares, and codes in each square. When you log in, they might ask for the codes in A6, D9 and Q0, for example.


Return to “Brokers and Share Dealing”

Who is online

Users browsing this forum: No registered users and 3 guests