Hello,
I’ve recently received an email with the enforced 2nd factor authentication.
Under normal circumstances I’d be delighted as InvestEngine is finally stepping up security measures but the roll-out seems to be not that great and has not considered some use cases.
I have both personal & business account with InvestEngine and given that your solution is 2nd factor through the mobile app and given that the app currently does not support being logged into multiple accounts at the same time, it’s extremely inconvenient to use.
More-over, the fact that you opted in for a custom “phrase” 2nd factor rather than an authenticator app makes this extremely unusable. I have to consume the phrase every time I re-login in my app, generate a new one and store it in my password manager.
You also don’t support the same phone number for multiple accounts so that option also goes out of the window.
I generally think the rollout is a good step towards security but InvestEngine product team have not considered this well enough.
So what really needs to happen is:
- Allow multi-tenancy login in the app
- Roll out authenticator app 2nd factor (this is an industry standard) over your custom phrase solution
- Allow phone number to be linked to multiple accounts (business/personal)