On Line Shopping One Time Password Text

[STEVIEBOY1]

Hi, Has any one doing On Line Shopping, started to receive One Time Password Texts? In addition to entering normal user name and password? Is this a new thing that has recently happened? I had it twice today, never had it before? Thanks.

 

[nlogax]

Hi, Has any one doing On Line Shopping, started to receive One Time Password Texts? In addition to entering normal user name and password? Is this a new thing that has recently happened? I had it twice today, never had it before? Thanks.

Depends on the site, but yes I've seen these a few times in recent months. Good idea I think.

 

[ajs1981]

Some sites do use this method but I would expect that they would have informed you about this. It is a method used for legitimate reasons but if they haven't informed you then I would suggest checking with the company to see if they have made any changes. Normally sites will give some prior notice to activating a feature like this so that they don't inconvenience customers so for it to be activate without warning seems a little strange.

 

[bearhugger]

It's called Two Factor Authentication, and in my experience you generally have to change a setting on the site or app to turn it on. I agree with the advice @ajs1981 has given to check it with the company just in case.
Going slightly off topic, to back checking it up, I have forwarded loads of emails purporting to be from my bank because for one reason or another they weren't quite right and probably only 1 or 2 have been genuine emails. Better to be safe than sorry.

 

[RichT54]

Even the government are doing it, as I found last month, when logging into the Government Gateway to claim a small income tax refund from HMRC.

 

[gswindale]

We had it recently enabled at work to access various applications delivered over Citrix. Very annoying when working from home without the VPN (causes another app to not work) as the way we are setup means that I have to enter a code for 1 app and then go through the same process for another app, both of which it is very useful to be in simultaneously.

 

[STEVIEBOY1]

Ok, thanks for these replies, it was a well known shopping site that did this. I have checked the orders and they seem fine.

 

[hexagon789]

Seems quite standard now, my bank usually triggers it for purchases over about £10 on average.

It can be annoying when trying to quickly buy a ticket and it comes up requiring the two part authentication to complete payment though and you're in a rush as it is!

 

[Bletchleyite]

This is very common, and you can be sure it's genuine if the site asks for it and your phone gives you it at the same time!

 

[ainsworth74]

It certainly works as well. I had a notification on my phone asking me to approve a sign in to my Steam account which was odd as I wasn't on my computer at the time! Further investigation revealed that the sign-in attempt was from Khazakstan. A swift password change followed...

 

[Puffing Devil]

Whenever you have the option you should be enabling Second Factor Authentication for all your accounts (Text/App Code).

This forum has the feature - it would be interesting to know how many people use it.

 

[Belperpete]

I believe many card companies are now implementing it, it may not be the shopping site doing it.

 

[nlogax]

I believe many card companies are now implementing it, it may not be the shopping site doing it.

Authenticator apps are the way forward. Much prefer them over texts, one-time activation URLs etc.

 

[jfollows]

It certainly works as well. I had a notification on my phone asking me to approve a sign in to my Steam account which was odd as I wasn't on my computer at the time! Further investigation revealed that the sign-in attempt was from Khazakstan. A swift password change followed...

My email password was hacked via Steam, which was not uncommon I gather. I changed Steam to enable two factor authentication - shutting the stable door I know, but at least it's unlikely to happen again.

 

[ainsworth74]

My email password was hacked via Steam, which was not uncommon I gather. I changed Steam to enable two factor authentication - shutting the stable door I know, but at least it's unlikely to happen again.

Yes I can't remember what triggered the paranoia of turning on two factor authentication for Steam but I was very pleased I had! I've had it on my Google account for yonks which hopefully keeps my email secure even if someone gets my username and password!

 

[RichT54]

Authenticator apps are the way forward. Much prefer them over texts, one-time activation URLs etc.

I have an M&S Credit card with M&S Bank and they have recently revised the login process so that you have to either use their phone app or one of those gadgets like a mini calculator to generate a one-time pass code.

When I looked in the Google Play Store for the app there were dozens and dozens of one-star reviews for it with people saying it either wouldn't start or it kept sending them round in circles and they were unable to log into their accounts, even after lengthy conversations with the help desk. The consensus was that the app is rubbish. In light of that I applied for one of the physical pass code gadgets. It took 8 days to arrive, during which time I was locked out of their online banking system.

After activating the device I was finally able to log into my account. It was a good job that I have the account set up to automatically pay off the balance each month, otherwise I would have been late paying and would then have incurred some interest, which has happened to a lot of people that were trying to use the phone app.

I agree that improving online security is a good thing, however M&S Bank's implementation is terrible and obviously had not been tested properly before being introduced.

The only reason I have the credit card is to get the rewards vouchers, but I'm not sure if it's going to be worth the extra hassle.

 

[Bletchleyite]

Monzo implements it quite well - if you do a transaction online your phone pops up a notification asking if it was you. No need to faff about entering codes or anything.

 

[nlogax]

I agree that improving online security is a good thing, however M&S Bank's implementation is terrible and obviously had not been tested properly before being introduced.

That's a real shame, and a bit of a surprise. HSBC now run that M&S operation and I'm surprised they've screwed it up considering how well things seems to work on the First Direct side of the fence.

 

[Puffing Devil]

Authy is a great and portable code generator app - you can move phones and take your codes with you. Those who have moved Google Authenticator will know the pain.

I'd also recommend LastPass for your passwords - I have no idea what my password for this forum is. All I know is my Google, LastPass and a couple of work passwords. The rest are in LastPass.

Secure away backup codes when you implement 2FA on an account and a hardware key is always a good fallback.

 

[CrispyUK]

Amazon use one time passcodes quite a lot now for account security if logging in from new devices, etc.

They are also used as part of the Verified by Visa / Mastercard SecureCode process in some cases, often where it is a retailer you haven’t purchased from before, or a large value transaction (anything potentially ‘out of sorts’).

Two factor authentication is going to become more and more prevalent, which is no bad thing where it comes to securing accounts and reducing fraud. It works on the principle of needing something you know (e.g. a password) and something you have (e.g. a device to generate/receive a code) to obtain access. The ‘something you have’ can also be a biometric, fingerprint scan, Face ID, voice signature (anyone else felt a bit daft on the phone to HMRC in an open-plan office having to repeatedly say “my voice is my password” several times when they were forcing callers to set this up? haha)