Welcome to Community at BECU, a place for anyone who wants to talk about money, saving, investments and everything in between. Have a question or just want to get the community’s opinion on something? This is the place. It’s a great resource for peer-to-peer advice, access to the latest BECU news and behind the scene’s insights from BECU’s experts.
I'll have to echo the comments about people concerned SMS may not be secure enough. Here is a few scenarios I can think of: Example #1: Phone gets stolen. Even if it is passcode locked, presumably someone could put the sim card in a new phone and get txt messages. This is why it is a good idea to call your carrier and disable the phone's SIM card as soon as possible after it gets stolen. Example #2: Potential interception of the code by a 3rd party hacker in the middle exploiting some security vulnerability. E.g. "SS7" hacking. Example #3: Someone claiming to be you convinces your carrier to port your number over to an account they control (this would be a type of "social engineering" attack). Unfortunately, protecting from hackers is not simple these days. Of course one would also need the username and password, in addition to the one-time SMS code, to do something bad. Two-factor auth methods like Google Authenticator, Authy, RSA and yubikeys certainly seem to be better protected against the "man-in-the-middle" and "social engineering" attack vectors then SMS.
... View more
Looks like other people had the same idea. This feature is what prompted me to sign up for this idea exchange. Here's what I was going to post as a new idea: 1. It's common for people to want to manage there money using 3rd party applications (e.g. Mint, YNAB) 2. These applications tend to ask for username/password. That seems like a bad idea to give them out though. I want the ability for 3rd party applications to access my financial transactions, but not have to give out my standard username/password. What would be nice is unique access tokens for 3rd party apps. This can provide limited read-only access and these can be revoked at will per app. As an example, think Github's "personal access tokens" feature. P.S. Huge plus if the feature/api is well documented for developers :)
... View more