Fund Manager
PORTFOLIO MANAGEMENT SOFTWARE
Contact Us

Two factor authentication

Questions about updating prices or transactions in Fund Manager

Postby ed4588 » Fri Dec 05, 2014 6:08 am

Many web services (especially those for which security breaks could have serious consequences) are implementing two factor authentication as an option for their log on process. In these procedures, you begin the process of logging on to a web service. In response, the service typically sends a text message containing a one-time use numeric code to your cell phone. You enter that numeric code when requested on the website as an essential step in the process of logging on. You still must enter the account password. The added security is considerable - you must have knowledge of your user name and password AND you must have access to your cell phone to log onto the service.

Two-step authentication is not without its potential problems; one may relate to a basic function of Fund Manager.

I recently became aware that Vanguard is now implementing two-factor authentication as an option for account owners. The following was included in Vanguard's description of the service:

"You may experience issues using financial aggregation tools, such as Mint.com, CashEdge, Quicken, or Yodlee, if you sign up to receive security codes. You may not be able to view your accounts through these tools. Also, you may receive a security code when the aggregation tool attempts to log on to your accounts."

Computer security experts recommend two-factor authentication frequently, and I suspect that many financial entities are going to be offering it in the near future. Has anyone experimented with it and Fund Manager at Vanguard or other sites? Mark, what are your thoughts? Being forced to choose between the best available security and the convenience of transaction downloads would be unfortunate.

Ed
ed4588
 
Posts: 6
Joined: Sun Oct 12, 2008 6:23 am

Postby Mark » Fri Dec 05, 2014 9:42 am

Hi Ed,

Interesting subject, thanks for the post...

My thoughts are that 2 factor authentication is good for the broker's websites, but this should not impact their OFX servers and the feed used to retrieve transactions by Fund Manager. These are 2 different servers (with 2 different purposes). The OFX servers follow the publicly documented OFX protocol, which does not use 2 factor authentication. It uses a username/password over a secure HTTPS connection. It does not have to be the same username/password as used by the broker's web server, but it often is.

All OFX servers follow the same protocol/rules, so no one site can just start requiring 2 factor authentication, as it isn't in the spec, and would make that server no longer an OFX compatible server.

From a security perspective, it would be more secure to issue separate username/password for the OFX server, relative to their web server.

Two factor authentication is not as critical for an OFX server, as compared to the broker's web server. I say this because you cannot initiate transactions/withdrawals or execute anything through an OFX server, it is basically a read-only interface to your account's transactions/positions/prices. A web server interface however would be well served with two factor authentication, as you can initiate transactions and account changes, etc through that interface.
Thanks,
Mark
Fund Manager - Portfolio Management Software
Mark
Site Admin
 
Posts: 11253
Joined: Thu Oct 25, 2007 2:24 pm
Location: Chandler, AZ

Postby quercus » Sun Jan 03, 2016 5:57 pm

For those who might be interested, I did some basic testing of FM with Vanguard 2FA.

Transaction retrieve worked fine - everything was exactly the same with and without 2FA enabled at Vanguard. That's consistent with Mark's explanation.

Vanguard has 2 options for 2FA, and I got the same result with each of them. ("every time I log on" vs "only when Vanguard doesn't recognize my computer or device")
quercus
 
Posts: 22
Joined: Fri May 09, 2008 11:03 pm

Postby Mark » Mon Jan 04, 2016 7:31 am

Hi quercus,

Thanks for sharing, that is good to know.
Thanks,
Mark
Fund Manager - Portfolio Management Software
Mark
Site Admin
 
Posts: 11253
Joined: Thu Oct 25, 2007 2:24 pm
Location: Chandler, AZ

Postby dbender54 » Tue Apr 12, 2016 10:23 am

A little late to the topic (I was browsing the forum topics) and I have an an account with two factor, but it's a hardware token. FM downloads happen without any problem. I have to use the token any time I login from any computer or device.
dbender54
 
Posts: 96
Joined: Wed Jul 07, 2010 5:17 pm


Return to Prices and Transactions

Who is online

Users browsing this forum: No registered users and 5 guests

FundManagerSoftware.com | Search | Site Map | About Us | Privacy Policy
Copyright © 1993-2024 Beiley Software, Inc. All rights reserved.