2FA/Two-Factor Authentication

Hi All,

Has the team considered implementing this? I think we should at least have the option to enable 2FA, I have this option on almost all other banking/trading/crypto apps and in Freetrades case we should be able to enable it for:

  1. Accessing/opening the app itself
  2. Buying
  3. Selling
  4. Withdrawing


Why do you need it? If you’ve got Touch ID on your phone, on the app and on each transaction then why yet another thing?

It’s good practice nowadays to use 2FA where possible when there is anything sensitive or confidential such as PII (personally identifiable information) or PCI (payment card industry) information involved.

If someone was to hack/bruteforce/other - somehow gain access to my Freetrade account and login as me, what information do they have access to?

NI Number
Everything in all Activity Feeds

They may also be able to Buy and Sell funds too, why? Who knows, but they’d be well on their way to stealing your identity.

I realise we have ‘Touch ID’ or whatever it is called on Android, but I am sure there has been an occasion in the past where almost all or in fact all security controls have been bypassed. 2FA provides an additional layer of security where an attacker needs to physically have the device in order to accomplish their means.

1 Like

If they wanted to install the app on a device after cloning your phone number they’d need to access your email, so there’s a second factor already

I’m not sure if they’d need to clone your number? The right emulator would enable you to install Freetrade on just about anything I would think.

I don’t know if that’s really a second factor in this context, let’s assume Facebook is breached and all emails and passwords are leaked or sold, as is how most hacks of this ilk happen. Now the attacker has millions of user details including email addresses and passwords and a large majority of those users will be using the same password across multiple platforms.

Next up email addresses are compromised, and you can either go on from there and categorise/target accounts, or leak/sell those details onward’s to who knows as well.

It doesn’t take long before an attacker has a list of compromised email accounts all with Freetrade accounts, bank accounts, other accounts etc. And then factor in that compromised account to support an attack on X or Freetrade for example. This is business as usual for lots of online criminals these days, and I’m sure there’s a myriad of other ways one could compromise an account.

Most banking/finance/crypto apps have the security Freetrade has now, and more, 2FA. It’s just another layer of defence and it would be an option, if you don’t want to enable it you don’t have to.

1 Like