2 Factor login

Hi @jeanintheuk 

The team are aware of the want for 2 factor authentication, we have nothing to announce at this time.

We’d recommend ensuring that your passwords are all unique and changed frequently.

Tom

@jeanintheuk 

I understand your query was regarding the website.

However, if your phone has the ability in install their latest iD Mobile app, you can have 2 Factor Authentication on there instead. If you so decide to give that a try (and at least with the app if you set up fingerprint authentication this should be more secure then just a password).

Here is where to find it on the app and where to activate it:

Open the iD Mobile App, tap More (4th option along the bottom) → tap on Login details → and under Use biometrics for login slide it to on.

If you have no desire to use the app, or it cannot be installed, then please accept my apologies for replying.

@Daz_S

The problem is once you have added your number on the app which does have Biometric login or pin you can then go to a web browser and login that way with just a password. There is no extra security logging in that way . Someone could port your number quite easily I assume and do other things to your account. I just tried removing the number just on the web version and it removed it from the app too. So you can’t just use the app on its own.

There should be at least SMS verification on the accounts even though that’s the least secure 2fa method. 

And I totally agree with you @jeanintheuk 

My wife for example keeps her passwords in a password/biometric secure folder on her phone. That way the only way she can gain access to them is it open that secure folder, copy the password and paste it into a browser - I told her it was better to not ask the browser to remember certain important passwords.

Or as I do - I have some saved passwords on the browser I use, but during the remember me bit I add a few random characters to the end and it prompts me to save this ‘altered’ one instead of the original. That way should some so-and-so gain access to my device and they try to log in they’ll get the incorrect password message. When I go to use it I simply remove these extra characters before signing in but tell my browser to not remember what is then my correct password.

But yes iD sorting out 2FA for their online account would, so you’d have thought, have been something they set up before the app was even developed 🙄

For the email provider I use I did set up 2FA, and with this if even I log in on my browser my phone instantly pings telling me someone tried to gain access and I then either hit the green tick or reject it by clicking the red x. I wouldn’t mind having this available too for their iD app.

Hi @Daz_S,

Thanks for your feedback.

Hopefully this is something that can be implemented in future updates.

We are always working to improve services and self-care for out=r customers so it could be something you see introduced.

Kash