Two Factor Authentication

Hi

It would be great for security and trust to add 2FA to your website for added security.

5

Comments

14 comments
  • Hi Willem,

    Thanks for your awesome suggestion. We will pass it on to our Dev team for consideration.

    1
    Comment actions Permalink
  • I tend to agree; in today's age just a website password is not enough.

    Please consider this guys - It's not just Instagram pictures behind your walls.

    1
    Comment actions Permalink
  • Hi Franco,

    Thanks for your input and understand your concern. I can confirm that this has been passed on to our Dev team. :)

    1
    Comment actions Permalink
  • +1 here - I think this must be on the top of Dev Teams' priority list as a security measure standard.

     

    Could you guys advise on the possible implications when my account is compromised? For instance, what if someone has access to my 22Seven account with my password?

    0
    Comment actions Permalink
  • Hi Eugene,

    22seven is entirely read-only, so even in the case where your account is compromised, there is no way to transact on the service. It is also not possible to retrieve any login details from linked accounts.

    The only information that would be accessible to someone with access to your account is the information you currently see on your profile - i.e. balances and transactions. Not even the full account numbers are available on the service as your data is mostly sanitised.

    The security of your details is handled entirely by Yodlee, an international data-security company. Your details, once given to Yodlee, are encrypted immediately and stored with them until you choose to unlink your accounts or close your 22seven profile. Even on their side, no human being ever has direct access to your information.

    At the end of the day, 22seven is also insured as well by AIG. In the incredibly unlikely situation where you incur losses as a result of a data-breach, 22seven would have you covered. We are also audited yearly to make sure our security measures are up to the highest standards possible.

    More information regarding our security can be found at this link - https://www.22seven.com/how-it-works/security

    I trust that this gives you a little bit more peace of mind, but if you have any further questions, you are always welcome to let us know.

    0
    Comment actions Permalink
  • Further to this I would simply like to see logins not timeout and more so to support Touch ID on iOS.

    Many times 22Seven logs itself out and I don't go back to it for many weeks for purely for having a very secure password I don't memorize. 

    0
    Comment actions Permalink
  • Hi Shaun,

    We do indeed provide extensive support for Touch ID/passcodes on iOS. However, the reason you are being logged out is most likely because your app has been updated. Occasionally, larger updates will be required to log you out of the app

    We also try to prevent you from being locked out of the app entirely in the event that you forget your passcode.

    On the TouchID/passcode screen, you’ll notice there’s the option to log out of the app. This is a failsafe that will disable the passcode and return you to the regular login screen, where you can regain access to the app with your 22seven email address and password.

    In the event that you forget those details, we of course have the password reset option, which isn’t possible with a passcode. Unfortunately, the result of this failsafe is that if you manually log out of the app, it will disable the passcode as well.

    Of course, we'll be happy to pass on your feedback to the rest of the product team. I'm sure it is something we can improve upon.

    1
    Comment actions Permalink
  • Hi @Adam.

    Then my app is broken somehow because I've never had the option to authenticate with TouchID or a Passcode and see no such option in settings for the app.

    It's always username/password based which is very frustrating as I only use randomized secure passwords.

     

    ****

     

    I see this option only pops up once you enable the very insecure 4-digit passcode.

    Would much prefer to have it TouchID with Password failover based and be a separate option and possibly added to login page to request to activate when first logging on.

    0
    Comment actions Permalink
  • Hi Shaun,

    You can access this feature by going to Settings -> Profile -> Passcode.

    There you will find a toggle you can use to enable this setting.

    0
    Comment actions Permalink
  • Sorry just edited posting above after finding it myself, it's not quite the behaviour I was looking for as it's more of a screen lock than an authentication mechanism.


    I don't want to TouchID or passcode every time I use the App.


    I want to use my finger to login, which is something different.

    0
    Comment actions Permalink
  • Support for 2FA using an app like Authy would be brilliant.

    0
    Comment actions Permalink
  • Hi Wimpie,

    We're currently investigating the implementation of two factor authentication. It's still early days, and there are quite a few routes we could take with this, but we're weighing up our options :)

    0
    Comment actions Permalink
  • Hi

    I don't have peace of mind knowing that ALL my balances and transactions are behind a single email password combination.

    The message further up saying "don't worry, we're insured in case of a data breach" certainly doesn't convince me that preventative measures such as 2FA aren't required.

    Please please see if this can be made a priority?

    0
    Comment actions Permalink
  • Hi Dirk,


    As mentioned above, we're currently investigating the implementation of two factor authentication. In the meantime, if you use 22seven on Android or iOS, please feel free to activate a passcode and/or fingerprint/TouchID/FaceID to help prevent unauthorised access to your app.

    0
    Comment actions Permalink

Please sign in to leave a comment.