hey @FidoSaad ,
I have had people trying to log in to my account using forget the password.
I learned about this when I recived text messages from fido saying this XXXX is your verification code.
To be sure it was fido sending these messages, I manually tried to change my password and yes it was the correct fido number!
Having somone get access to my fido account is catastrophic as most apps and services thatt I use are tied to my phone number and it will compromise a big security.
The fido login curently has a rate limit for number of tries but that measure is weak an not enough. The hacker can just brute force it at 30 min intervals and with no safe guard in place, they can ultimately get access after a few days.
Please enable 2FA for login and multi-step account recovery to avoid this issue.
Count me in as another advocate for two-step verification for the Fido app. Someone hacked into my account and ordered themselves an iPhone and changed my phone plan. While I have no doubt that Fido will reverse the fraudster's actions, it would've been nice to have measures in place to lower the possiblity of this event in the first place.
The use of userid/password alone is basically insecure given how relatively easy passwords can be hacked or guessed. 2 factor authentication makes hacking into an account much harder. If someone were to break into our Fido accounts, they can cause a lot of damage or steal our identities.
As a technical professional, you need to explain why this is not possible. Besides added security, 2 factor authentication via authenticator app is a widely accepted method of authentication. The recent Rogers outage revealed how brittle 2 factor authentication via text message is where if the cellular service is down, you cannot log into secure accounts.
Why is this not possible? Sites like Linkedin and Canadian financial institutions like Vancity support the use of authenticator apps. TD made their own authenticator app but it follows the same principle.
Thank you for your feedback, we’re always looking for new ways to improve our services and the Fido mobile app
Good news, we are working on bringing 2FA to the Fido mobile app in the near future. More details will be shared as soon as they become available, so please stay tuned for upcoming changes which will be described in each Fido mobile app update.
Hope this helps!
Any updates on 2FA to secure our online account? In July 2022 you said "we are working on bringing 2FA to the Fido mobile app in the near future".
2FA (TOTP, *not* SMS-based) is an essential security features for customer accounts.
I agree, I'd love to be able to secure my account with 2FA. I use Google Authenticator for many of my online accounts. With SIM swapping attacks on the rise I'm looking for ways to be proactive in locking down my mobile accounts, especially now that the CRA uses mandatory SMS 2FA (big yikes). If security is one of Fido's top priorities I believe this feature would have been added a long time ago. This is a feature I'd strongly consider switching carriers for. Please pass along this feedback, FidoNick! Cheers