Online savings account log in

[pb4uski]

Looking to find out others' experiences.

I have an online savings account with Discover Bank that we have had for many years. They recently went to two factor identification and I am fine with it and familiar with it from other financial accounts that I have.

The frustrating thing is that unlike my other financial accounts which require periodic verification, Discover Bank requires me to verify every time that I log in... even if I logged out a minute ago and forgot something and want to log back in!

I can see requiring verification periodically, like once a month... or if I'm not logging in from my home computer or if I'm logging in from a different IP address that I haven't logged in from for a while... but in these cases it is from the same IP address and verifying each and every time is annoying... so much so that I'm considering a switch if it can't be changed to something more reasonable.

Have any of you had this experience? with Discover Bank or a different vendor?

 

[gwraigty]

I feel your frustration. Recently, Charles Schwab started requiring me to have an access code sent. Even though I'd check the box off to "trust this device", it wouldn't stick. DH's employer HSA with PayFlex would remember the device for a month, then require another code to be sent after the statements cut.

I got a competent tech support person at Schwab who told me it had something to do with the way bookmarks work. When they make a site change, like requiring an access code to trust the device all of a sudden, you need to update the bookmark after you've entered the code and trusted the device. Then it'll stick. He walked me through it and it worked.

Is there something in your profile that's set to require you to enter a code every time?

 

[easysurfer]

Interesting. Is logging into Discover Bank the same site and Discover Card? I have an online checking account and Discover Card and don't remember ever being asked to authorize using two factor identification. If so, maybe once but I know for sure not every time.

Is there an option to recognize your device. Most places have that option so you don't get pestered each time.

 

[gwraigty]

Is there an option to recognize your device. Most places have that option so you don't get pestered each time.

Read my post just above for why this doesn't always work.

 

[ocean view]

Check your cookie settings. The website needs to detect the cookie it left when you last verified. If you are clearing cookies automatically the website needs to ask again for verification.

 

[pb4uski]

^^^ I'm not clearing cookies automatically

 

[DenverGuy42]

I use USAA for all banking. It is 100% online.

I have to 2FA every time I log in. And I'm really not that bothered by it. The fact is - is someone was able to log into your account, they would be able to empty it. The harder that is, the better I personally sleep.

I spent my life doing software/database work. The more layers of security they add - the better in my opinion. Writing software that is unbreakable is (probably) not possible. All it takes is one programmer introducing one bad line of code somewhere to open up a possible exploit. Everything they add to make it harder to find and utilize such an exploit is a good thing to me.

So me - I'm OK. I do not check the "remember me next time" option for financial sites. It is an extra 30 seconds of my life and lets me sleep a little better.

 

[Sue J]

I've had a couple of Discover Bank accounts for many years and I log in at least once a week. I don't have to do two factor authentication. I may have had to do that if they had an upgrade or if I had a browser update. I wonder if there is a setting for this.

 

[pb4uski]

.... The fact is - is someone was able to log into your account, they would be able to empty it. ...

Please elaborate. I think they could only empty it to my other bank accounts that are authorized to be transferred to.... I guess they could try to add their bank account as a linked account, but I would get a notification... same if they tried to change the email or cell phone number associated with the account.

Mind you, I'm fine with 2FA.... it is just that every time that I log in is a nusiance.

 

[braumeister]

I've had a Discover Bank online savings account for years and I've never seen any option to set up 2FA. I've even looked for it because I use it at other banks, but haven't seen where I could set it up. Interesting that they did it to you proactively.

 

[OldShooter]

I'd double-check cookie settings. Schwab's system saves a cookie after a good login if the "remember me" box is checked. My browser is set to delete all cookies when it is shut down, so after a shutdown I have to do the dance again. If I leave the browser open, I don't.

 

[DenverGuy42]

exactly, they'd be able to transfer it out. That simple. Or pay their bills from your accounts.

and would you get the notification soon enough? Scenario, you are on that cruise of a lifetime, the first leg is two days at sea. You decided to not purchase the way overpriced internet package... Or, you are just too relaxed to care to monitor your phone.

better safe than sorry. Anything that makes it harder - I'm all for. I've had my credit cards stolen multiple times - that was an inconvenience, having someone muck around with my banking stuff - that would be a step futher.

(and all they need is your account number and routing number - and they are ready to go for a lot of things - https://banks.org/what-can-someone-do-with-your-bank-account-number/ , especially if they have access to your "profile page" on your banking site).

better safe than sorry.

 

[easysurfer]

I've had a couple of Discover Bank accounts for many years and I log in at least once a week. I don't have to do two factor authentication. I may have had to do that if they had an upgrade or if I had a browser update. I wonder if there is a setting for this.

+1. My similar experience with Discover. I remember reading somewhere on their site that they use 2FA, but the process is pretty much transparent to the user.

 

[easysurfer]

Read my post just above for why this doesn't always work.

Just exploring different possibilities .

 

[GrayHare]

better safe than sorry. Anything that makes it harder - I'm all for.

Do any banks still offer passbook accounts? In a way it's odd how that system is more secure.

 

[gwraigty]

I'd double-check cookie settings. Schwab's system saves a cookie after a good login if the "remember me" box is checked. My browser is set to delete all cookies when it is shut down, so after a shutdown I have to do the dance again. If I leave the browser open, I don't.

I'd double-checked everything possible, including that I didn't have two factor turned on in my profile. My browser is not set to delete cookies. Schwab had plenty of cookies on the list. That wasn't the problem, as confirmed by their tech support. As I posted above, the problem was an old bookmark. Even though the URL hadn't changed, the tech guy said that an old bookmark was trying to log me in from a past point in time, which was conflicting with the updates to their site. Whatever. That's my non-tech layperson's explanation. He had me delete my old bookmark, go to the website by doing a Google search, log in, get the access code, check the "remember me" box, log out, then bookmark the site again, close my browser, open my browser, log in from the new bookmark, and verify that I was able to get in without being stopped by the access code screen again. I wasn't prompted for an access code for the next several log ins over a few days, so I thought the problem was solved.

However, in the spirit of full disclosure, it doesn't seem to work anymore. I just tried it now and I'm being presented with the screen again to get the access code. Blast it!

 

[dixonge]

gwraigty - what is your OS and browser?

 

[gwraigty]

gwraigty - what is your OS and browser?

Windows 10, Google Chrome. Like pb4, I've had my account for years. I think these implementations of two factor might be buggy regarding the ability of the site to actually remember you when you check off the box. Just my totally uneducated guess.

 

[gauss]

Are you running a modern browser and operating system?

I know that I had problems like this accessing Lastpass under XP that were not present under Win7. It wasn't exactly an issue with 2FA, but rather the issue was how soon they would log you out, despite your preferences (ie 1 hour vs 1 day or so).

-gauss

 

[SunBlueSky]

My Citibank CD requires me every time, to verify with a security code. Cause I don't always have my phone nearby, I find that I check that balance less often..

 

[ziggy29]

A lot of things can cause it.

If you don't keep cookies or periodically "toss" them, you will have to reauthenticate.

Using a different device, you will (obviously) have to reauthenticate.

Using a VPN that may connect to different IP addresses, you will probably have to reauthenticate (assuming it allows login from an IP of a known VPN -- I have a hard time with Schwab on this one).

For me it's a hassle, but it beats the heck out of being hacked. Sometimes I have no idea why they are asking me to reauthenticate.

 

[pb4uski]

Are you running a modern browser and operating system? ...

Win 10 and latest version of Chrome, so yes.

 

[bingybear]

I have one brokerage that wants second verification periodically verified and verified every time if on a different machine/network. I have an other that has a dedicated fob that provides a custom 2nd verification on every login every time.

my view... the safer the better.

 

[RetireBy90]

Wells also requires 2FA every time. Often I have logged out then right back for something I forgot. Not a problem for me.

 

[jazz4cash]

Do any banks still offer passbook accounts? In a way it's odd how that system is more secure.

I was thinking if you just did not enable any online access you would have more protection from hackers. That’s what I may do for an emergency account.