een sms code zou een goeie extra beveiliging linie zijn
ik gebruik zelf mijn vingerafdruk om de app te openen en werk zeer goed
maar het werkt eigenlijk iets TE goed na mijn idee.

zo heb ik vorige maand best veel spaargeld over geschreven naar rasain om het vervolgens 6 maand
in de depositorekening vast te zetten tegen een veel betere rente percentage ( maar dat is een hele andere discussie ) en na dat ik de app geopend had was en hopa in een paar seconde weg. natuurlijk deed ik het zelf
maar het zou goed zijn als hier een extra laag aan beveiliging bij kwam . wand het ging iets TE makkelijk.

@beekie#279949 SMS is zeker geen goede toevoeging! SMS is zeer onveilig en kan zeer gemakkelijk worden misbruikt door mensen met slechte bedoelingen...

Regardless of the method used (SMS or authenticator app), enabling 2FA at least for the savings accounts would be a much valued improvement, especially since it would enable savers to have the bunq app (or run the bunq website) on one device while receiving a 2FA code on another. At the moment, once a single device is authenticated, it is possible to make a transfer to any IBAN using the passcode alone, i.e. anyone who gains access to an authenticated device and the passcode can empty the account.

I'm a new member, I just opend a savings account. But I won't deposit most of my savings in it, as long as Bunq doesn't enable 2FA! It's astonishing and almost absurd that an online bank (or ANY bank) doesn't enable 2FA these days. Please give us the 2FA option, Bunq!!

@New-Lime-Deer-2077408340#281281 Thank you all for the suggestions 🙌 We understand your concern for security and we will pass them on to our product team and they'll further research the impact of such an addition. In the meantime, rest assured, your savings are already extremely safe with bunq. You can learn more about how we keep your account safe here: https://www.bunq.com/legal/secure-banking 📚

@New-Lime-Deer-2077408340#281281 your words suggest bunq does not have 2FA, but they do; the record-selfie-video-authentication as additional factor.
If you want to express wanting a third factor, which one would you prefer? When?

Secondly, and this is a question for all: What could be the recovery method for when OTP app/generator is lost or inaccessible? (@New-Bronze-Camel-487879361)

Or when a synced Passkey is lost/inaccessible?
Or when a device-bound Passkey lost? (On phone / computer)
Or a Security Key is lost? (Device-bound Passkey on usb-stick size hardware.)

Personally, if I prefer not to fall-back on backup codes for banking.
I would suggest multiple recovery paths and let users choose. (Guide them.)

Examples:

• TimeDelay with Trusted contact (like Apple also uses).
• I guess the selfie-video-authentication could also be a fallback if the options mentioned above are an alternative path to it.
• If you allow your users to hardlock it to several Passkeys (so it works in sequence to the current authentication), the recovery method if all of them become inaccessible for some reason, could be to authenticate by transferring by 1 cent from another bank account. (_iDIN) This unfortunately does not cover everybody.
• Not sure if allowed, but DigiD?
• …?…

If you have any suggestions, share. This topic’s feature (request) is not simple when you get into it. 😅

P.s. If you want to support a feature, also mention your reason why, it might help designers/developers.

@Joeri-Silver-Lynx#281362 I guess, eID cards could also fullfill the role of the second factor. If lost, one gets a replacement from the government rather fast.

@thijsoost#281389 Could you give an example which country where bunq is operating does not issue an eID-enabled ID card to their residents?

@thijsoost#281389 I'm not too deep in the topic, but maybe eIDAS could come handy here somehow, that's EU wide I believe.

@Johannes-Aquamarine-Owl-3464147496#283414 Similar to this? https://together.bunq.com/d/57868-hack-message

@Johannes-Aquamarine-Owl-3464147496#283414 It's phishing, ignore and delete it!

Hey John! We appreciate the heads-up 🙏 The email you got isn't from us and might be an attempt at phishing. To ensure your security, avoid scanning the QR code or following any links it contains.

Can you help us delve deeper into this by reporting the email at: https://www.bunq.com/report 📢?

I would really love to have this. There is no downsides to implementing it when it is made optional. So please bunq team, add this feature! I would keep more of my money with bunq if this feature existe.

Hey Berzan 👋 Thanks for your suggestion! 🙌 Our product team is well-aware of this feature request, and they are actively assessing the implementation of new features. Your savings are secure with bunq, and you can learn more about our security measures here 📚. We value your input and your commitment to bunq.

@New-Bronze-Camel-487879361#279900 ik zou ook graag zien dat 2FA met een authenticator app (Google) mogelijk is bij Bunq.

Met de opkomst van AI video en audio generatie is het straks triviaal om van een publieke profielfoto een video te genereren die langs de bunq selfie-video controle komt. Graag zie ik ook een opt-in voor 2FA authenticator daarnaast voor meer technisch onderlegde gebruikers.

In the e-mail I got from Bunq after the latest media reports, they do mention they have 2FA. I was wondering what that is according to them.

Personally I'd love to see U2F supported, rather than an authenticator app.

@New-Black-Goose-2017851375#293155 They see phone/username + email as the first authentication layer, and the video you have to record as the second authentication layer, hence '2fa'. (At least, that's what I am guessing)