Roadmap

Feature Requests


Voters 13

  • A
  • + 13 anonymous
13

Two-factor authentication and passkey

  • Open
A
 Anonymous

It would be great if one could add a second factor to authenticate with state of the art FIDO security (authenticator app with TOTP, support for hardware key passkeys). I don't feel comfortable enough using the app with such sensitive data without an extra layer.

Note that this is not the same as Face ID or Touch ID, which only provide protection against a stolen device. A second factor makes sure that even somebody who would learn the password cannot connect from anywhere in the world.

Thank you!

  • 20.04.2024 -
A

Activity Newest / Oldest

A

-1
I can´t see the real value for users here.
Security is nice, but what would happen, if someone is able to get your getquin password and logs in?
They see your portfolio, nothing else.

Even from the business perspective this wouldn´t improve any of the important KPIs like: Growth, Sales, Revenue, Retention...

These are just wasted tech resources which are limited in every company.

Instead of wasting time for such a technologies, they even could build an improved tax engine, more broker connections etc.

And just imagine the costs:
Google Authenticator has to be paid, text message provider (not everyone want´s to use Google Authenticator) has to be paid, a whole reset system has to be created etc.

Or they have to create their own 2FA App: Again for Android and IOS, which costs a lot of money and time.

For what?
That 3 people feel safer, because their password is something like "password0987654321!" and they fear, that someone would see their $50k in the tracker?

A

-1
I have to admit, that this is really useless and super complex from a technical perspective.

getquin is not even storing our broker credentials or is able to show them or to create transactions.
Even the most brokers are for "view only" access only protected with Touch-ID/Face-ID.
And you need the 2FA only for the creation of transaction and even this is not often the case.
In the most cases you need Face/Touch-ID as well as only security measurement before you can send transactions.

So why would you secure getquin more than a regular bank or brokerage account?

(And fun fact: Even banks, where you store real money, are often not even supporting hardware passkeys like YubiKey or similar devices. Why should getquin as virtual portfolio tracker, without the storage of real money, offer more security than most of the banks?)

  • A
  • A
  • A
  • A
  • A
  • A
  • + 1 others
A

A second factor would mean securing getquin exactly like a regular bank or brokerage account.

All banks and brokerages that I'm aware of use a second factor.

This feature doesn't have to be mandatory for all users, just an option.

A

Why more complex? 2FA is only used at the first login. Once a bank app is installed and configured on the phone with 2FA, the app is simply used with Face/Touch ID. 2FA makes sure nobody can install it on another phone.

A

Exactly this.
getquin can´t do anything and if you use secure passwords and don´t let your phone laying around unlocked, not happens.

And even if someone is unlocking the phone or is installing getquin on their device and is using your credentials:
The maximum they can see is your portfolio value...

Sorry, this is nothing super top secret.

A

Why would you pretend that someone else is installing getquin on their device?
Then they need your getquin credentials as well and if your password is not secure, then you have other problems, then a 2 factor authentification.

And even if they log in with your account: They can see your portfolio value. Wow. Super secret thing and if they don´t know you, what can they do with this information? Nothing, exactly.

They can´t sell anything, can´t send orders to the broker, nothing...

A

But on brokers and banks you can lose real money. In getquin everything is just virtual, as they are not storing real money.
What would you like to protect there?

Even if someone is logging in with your account, because you use a shitty password, then they can only see your portfolio value as some numbers.
Who cares?

They can´t send transactions to the brokers or store the broker credentials.

A

Bro, what would happen if someone is logging in with your account?
They see your portfolio value, that´s it...

And if you use such a weak password, that you have to fear, that someone could login with your credentials, then you have other things to worry about.