+1 here - I think this must be on the top of Dev Teams' priority list as a security measure standard.
Could you guys advise on the possible implications when my account is compromised? For instance, what if someone has access to my 22Seven account with my password?
22seven is entirely read-only, so even in the case where your account is compromised, there is no way to transact on the service. It is also not possible to retrieve any login details from linked accounts.
The only information that would be accessible to someone with access to your account is the information you currently see on your profile - i.e. balances and transactions. Not even the full account numbers are available on the service as your data is mostly sanitised.
The security of your details is handled entirely by Yodlee, an international data-security company. Your details, once given to Yodlee, are encrypted immediately and stored with them until you choose to unlink your accounts or close your 22seven profile. Even on their side, no human being ever has direct access to your information.
At the end of the day, 22seven is also insured as well by AIG. In the incredibly unlikely situation where you incur losses as a result of a data-breach, 22seven would have you covered. We are also audited yearly to make sure our security measures are up to the highest standards possible.
We do indeed provide extensive support for Touch ID/passcodes on iOS. However, the reason you are being logged out is most likely because your app has been updated. Occasionally, larger updates will be required to log you out of the app
We also try to prevent you from being locked out of the app entirely in the event that you forget your passcode.
On the TouchID/passcode screen, you’ll notice there’s the option to log out of the app. This is a failsafe that will disable the passcode and return you to the regular login screen, where you can regain access to the app with your 22seven email address and password.
In the event that you forget those details, we of course have the password reset option, which isn’t possible with a passcode. Unfortunately, the result of this failsafe is that if you manually log out of the app, it will disable the passcode as well.
Of course, we'll be happy to pass on your feedback to the rest of the product team. I'm sure it is something we can improve upon.
Then my app is broken somehow because I've never had the option to authenticate with TouchID or a Passcode and see no such option in settings for the app.
It's always username/password based which is very frustrating as I only use randomized secure passwords.
****
I see this option only pops up once you enable the very insecure 4-digit passcode.
Would much prefer to have it TouchID with Password failover based and be a separate option and possibly added to login page to request to activate when first logging on.
Sorry just edited posting above after finding it myself, it's not quite the behaviour I was looking for as it's more of a screen lock than an authentication mechanism.
I don't want to TouchID or passcode every time I use the App.
I want to use my finger to login, which is something different.
We're currently investigating the implementation of two factor authentication. It's still early days, and there are quite a few routes we could take with this, but we're weighing up our options :)
I don't have peace of mind knowing that ALL my balances and transactions are behind a single email password combination.
The message further up saying "don't worry, we're insured in case of a data breach" certainly doesn't convince me that preventative measures such as 2FA aren't required.
As mentioned above, we're currently investigating the implementation of two factor authentication. In the meantime, if you use 22seven on Android or iOS, please feel free to activate a passcode and/or fingerprint/TouchID/FaceID to help prevent unauthorised access to your app.
Comments
Hi Willem,
Thanks for your awesome suggestion. We will pass it on to our Dev team for consideration.
I tend to agree; in today's age just a website password is not enough.
Please consider this guys - It's not just Instagram pictures behind your walls.
Hi Franco,
Thanks for your input and understand your concern. I can confirm that this has been passed on to our Dev team. :)
+1 here - I think this must be on the top of Dev Teams' priority list as a security measure standard.
Could you guys advise on the possible implications when my account is compromised? For instance, what if someone has access to my 22Seven account with my password?
Hi Eugene,
22seven is entirely read-only, so even in the case where your account is compromised, there is no way to transact on the service. It is also not possible to retrieve any login details from linked accounts.
The only information that would be accessible to someone with access to your account is the information you currently see on your profile - i.e. balances and transactions. Not even the full account numbers are available on the service as your data is mostly sanitised.
The security of your details is handled entirely by Yodlee, an international data-security company. Your details, once given to Yodlee, are encrypted immediately and stored with them until you choose to unlink your accounts or close your 22seven profile. Even on their side, no human being ever has direct access to your information.
At the end of the day, 22seven is also insured as well by AIG. In the incredibly unlikely situation where you incur losses as a result of a data-breach, 22seven would have you covered. We are also audited yearly to make sure our security measures are up to the highest standards possible.
More information regarding our security can be found at this link - https://www.22seven.com/how-it-works/security
I trust that this gives you a little bit more peace of mind, but if you have any further questions, you are always welcome to let us know.
Further to this I would simply like to see logins not timeout and more so to support Touch ID on iOS.
Many times 22Seven logs itself out and I don't go back to it for many weeks for purely for having a very secure password I don't memorize.
Hi Shaun,
We do indeed provide extensive support for Touch ID/passcodes on iOS. However, the reason you are being logged out is most likely because your app has been updated. Occasionally, larger updates will be required to log you out of the app
We also try to prevent you from being locked out of the app entirely in the event that you forget your passcode.
On the TouchID/passcode screen, you’ll notice there’s the option to log out of the app. This is a failsafe that will disable the passcode and return you to the regular login screen, where you can regain access to the app with your 22seven email address and password.
In the event that you forget those details, we of course have the password reset option, which isn’t possible with a passcode. Unfortunately, the result of this failsafe is that if you manually log out of the app, it will disable the passcode as well.
Of course, we'll be happy to pass on your feedback to the rest of the product team. I'm sure it is something we can improve upon.
Hi @Adam.
Then my app is broken somehow because I've never had the option to authenticate with TouchID or a Passcode and see no such option in settings for the app.
It's always username/password based which is very frustrating as I only use randomized secure passwords.
****
I see this option only pops up once you enable the very insecure 4-digit passcode.
Would much prefer to have it TouchID with Password failover based and be a separate option and possibly added to login page to request to activate when first logging on.
Hi Shaun,
You can access this feature by going to Settings -> Profile -> Passcode.
There you will find a toggle you can use to enable this setting.
Sorry just edited posting above after finding it myself, it's not quite the behaviour I was looking for as it's more of a screen lock than an authentication mechanism.
I don't want to TouchID or passcode every time I use the App.
I want to use my finger to login, which is something different.
Support for 2FA using an app like Authy would be brilliant.
Hi Wimpie,
We're currently investigating the implementation of two factor authentication. It's still early days, and there are quite a few routes we could take with this, but we're weighing up our options :)
Hi
I don't have peace of mind knowing that ALL my balances and transactions are behind a single email password combination.
The message further up saying "don't worry, we're insured in case of a data breach" certainly doesn't convince me that preventative measures such as 2FA aren't required.
Please please see if this can be made a priority?
Hi Dirk,
As mentioned above, we're currently investigating the implementation of two factor authentication. In the meantime, if you use 22seven on Android or iOS, please feel free to activate a passcode and/or fingerprint/TouchID/FaceID to help prevent unauthorised access to your app.
Please sign in to leave a comment.