bunq Together

2FA (authenticator app)

beekie

een sms code zou een goeie extra beveiliging linie zijn
ik gebruik zelf mijn vingerafdruk om de app te openen en werk zeer goed
maar het werkt eigenlijk iets TE goed na mijn idee.

zo heb ik vorige maand best veel spaargeld over geschreven naar rasain om het vervolgens 6 maand
in de depositorekening vast te zetten tegen een veel betere rente percentage ( maar dat is een hele andere discussie ) en na dat ik de app geopend had was en hopa in een paar seconde weg. natuurlijk deed ik het zelf
maar het zou goed zijn als hier een extra laag aan beveiliging bij kwam . wand het ging iets TE makkelijk.

thijsoost

marcel SMS is zeker geen goede toevoeging! SMS is zeer onveilig en kan zeer gemakkelijk worden misbruikt door mensen met slechte bedoelingen...

New-Ivory-Baboon-278987501

Regardless of the method used (SMS or authenticator app), enabling 2FA at least for the savings accounts would be a much valued improvement, especially since it would enable savers to have the bunq app (or run the bunq website) on one device while receiving a 2FA code on another. At the moment, once a single device is authenticated, it is possible to make a transfer to any IBAN using the passcode alone, i.e. anyone who gains access to an authenticated device and the passcode can empty the account.

New-Lime-Deer-2077408340

I'm a new member, I just opend a savings account. But I won't deposit most of my savings in it, as long as Bunq doesn't enable 2FA! It's astonishing and almost absurd that an online bank (or ANY bank) doesn't enable 2FA these days. Please give us the 2FA option, Bunq!!

Alexia-Hummingbird

Martina Thank you all for the suggestions 🙌 We understand your concern for security and we will pass them on to our product team and they'll further research the impact of such an addition. In the meantime, rest assured, your savings are already extremely safe with bunq. You can learn more about how we keep your account safe here: https://www.bunq.com/legal/secure-banking 📚

Joeri-Silver-Lynx

Martina your words suggest bunq does not have 2FA, but they do; the record-selfie-video-authentication as additional factor.
If you want to express wanting a third factor, which one would you prefer? When?

Secondly, and this is a question for all: What could be the recovery method for when OTP app/generator is lost or inaccessible? (@Alex)

Or when a synced Passkey is lost/inaccessible?
Or when a device-bound Passkey lost? (On phone / computer)
Or a Security Key is lost? (Device-bound Passkey on usb-stick size hardware.)

Personally, if I prefer not to fall-back on backup codes for banking.
I would suggest multiple recovery paths and let users choose. (Guide them.)

Examples:

TimeDelay with Trusted contact (like Apple also uses).
I guess the selfie-video-authentication could also be a fallback if the options mentioned above are an alternative path to it.
If you allow your users to hardlock it to several Passkeys (so it works in sequence to the current authentication), the recovery method if all of them become inaccessible for some reason, could be to authenticate by transferring by 1 cent from another bank account. (_iDIN) This unfortunately does not cover everybody.
Not sure if allowed, but DigiD?
…?…

If you have any suggestions, share. This topic’s feature (request) is not simple when you get into it. 😅

P.s. If you want to support a feature, also mention your reason why, it might help designers/developers.

Jiopot

Joeri I guess, eID cards could also fullfill the role of the second factor. If lost, one gets a replacement from the government rather fast.

thijsoost

Sergio Probably not all countries have eID cards(?). Plus, supporting them all would be very difficult for bunq I guess

Jiopot

Thijs Could you give an example which country where bunq is operating does not issue an eID-enabled ID card to their residents?

Jiopot

Thijs I'm not too deep in the topic, but maybe eIDAS could come handy here somehow, that's EU wide I believe.

Johannes-Aquamarine-Owl-3464147496

Sergio I received an email to switch on 2FA in my Bunq-account, or elsewhere my bunq account would be closed. Email is sent from @web-bunqbericht.com.
Feels like not correct...do you agree ?

Jiopot

thijsoost

John Lipman It's phishing, ignore and delete it!

Alexia-Hummingbird

Hey John! We appreciate the heads-up 🙏 The email you got isn't from us and might be an attempt at phishing. To ensure your security, avoid scanning the QR code or following any links it contains.

Can you help us delve deeper into this by reporting the email at: https://www.bunq.com/report 📢?

berzan

I would really love to have this. There is no downsides to implementing it when it is made optional. So please bunq team, add this feature! I would keep more of my money with bunq if this feature existe.

Alexia-Hummingbird

Hey Berzan 👋 Thanks for your suggestion! 🙌 Our product team is well-aware of this feature request, and they are actively assessing the implementation of new features. Your savings are secure with bunq, and you can learn more about our security measures here 📚. We value your input and your commitment to bunq.

New-Chestnut-Whale-2403004226

Alex ik zou ook graag zien dat 2FA met een authenticator app (Google) mogelijk is bij Bunq.

Kevin-Navy-Lynx

Met de opkomst van AI video en audio generatie is het straks triviaal om van een publieke profielfoto een video te genereren die langs de bunq selfie-video controle komt. Graag zie ik ook een opt-in voor 2FA authenticator daarnaast voor meer technisch onderlegde gebruikers.

New-Black-Goose-2017851375

In the e-mail I got from Bunq after the latest media reports, they do mention they have 2FA. I was wondering what that is according to them.

Personally I'd love to see U2F supported, rather than an authenticator app.

Partydoos

Bartosz They see phone/username + email as the first authentication layer, and the video you have to record as the second authentication layer, hence '2fa'. (At least, that's what I am guessing)