this post was submitted on 23 Feb 2024
56 points (98.3% liked)
Canada
7206 readers
358 users here now
What's going on Canada?
Communities
🍁 Meta
🗺️ Provinces / Territories
- Alberta
- British Columbia
- Manitoba
- New Brunswick
- Newfoundland and Labrador
- Northwest Territories
- Nova Scotia
- Nunavut
- Ontario
- Prince Edward Island
- Quebec
- Saskatchewan
- Yukon
🏙️ Cities / Local Communities
- Calgary (AB)
- Edmonton (AB)
- Greater Sudbury (ON)
- Halifax (NS)
- Hamilton (ON)
- Kootenays (BC)
- London (ON)
- Mississauga (ON)
- Montreal (QC)
- Nanaimo (BC)
- Oceanside (BC)
- Ottawa (ON)
- Port Alberni (BC)
- Regina (SK)
- Saskatoon (SK)
- Thunder Bay (ON)
- Toronto (ON)
- Vancouver (BC)
- Vancouver Island (BC)
- Victoria (BC)
- Waterloo (ON)
- Winnipeg (MB)
🏒 Sports
Hockey
- List of All Teams: Post on /c/hockey
- General Community: /c/Hockey
- Calgary Flames
- Edmonton Oilers
- Montréal Canadiens
- Ottawa Senators
- Toronto Maple Leafs
- Vancouver Canucks
- Winnipeg Jets
Football (NFL)
- List of All Teams:
unknown
Football (CFL)
- List of All Teams:
unknown
Baseball
- List of All Teams:
unknown
- Toronto Blue Jays
Basketball
- List of All Teams:
unknown
- Toronto Raptors
Soccer
- List of All Teams:
unknown
- General Community: /c/CanadaSoccer
- Toronto FC
💻 Universities
💵 Finance / Shopping
- Personal Finance Canada
- BAPCSalesCanada
- Canadian Investor
- Buy Canadian
- Quebec Finance
- Churning Canada
🗣️ Politics
- Canada Politics
- General:
- By Province:
🍁 Social and Culture
Rules
Reminder that the rules for lemmy.ca also apply here. See the sidebar on the homepage:
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Not OP but I wanted to read more (edit: about CRA’s approach to TOTP, before getting the chance to try it myself), I searched and found this: https://www.canada.ca/en/revenue-agency/services/e-services/cra-login-services/multi-factor-authentication-access-cra-login-services.html#toc3
Edit: This is awesome, I’m so glad I can switch away from SMS 2FA on yet another service (and such an important one). But I am curious about a few things, see below.
Some thoughts:
Anyway, sorry for the negativity. This is a great step and I shouldn’t focus on negative things. I just hate how accounts I don’t care much about like Facebook (and formerly Runescape) accounts seem to be more secure from malicious logins than my bank and possibly CRA accounts.
I also use TD. That they still allow only SMS for 2FA should be a crime.
Unfortunately I think this is the norm with big banks in Canada, and it is similar to a credit union in the US from when I briefly lived there. Security seems to be a second priority to people losing access (presumably only briefly, since they have brick and mortar locations everywhere).
Wealthsimple and Questrade seem to support TOTP but I’m not sure if you can still bypass it with SMS. I don’t think so but I haven’t dug into it.
I’ve used CIBC before and they also seem to require keeping SMS 2FA enabled. Also they send me fraud alerts over SMS, “respond Y to authorize this suspicious transaction”, and I’m dreading the day where I have to enable roaming while travelling just to send a text. They send push notifications through the app to login on a new device though, so maybe in 10 years they’ll do it for transaction approval too.
Also aside about TD: is there really no way to download a CSV file of all your transactions? My partner uses them and I think we were limited to 18 months, and may have even had to download each much separately (luckily I can use use a program like
cat
to workaround this, but that seems like a pain for most people). CIBC has irritated me in a lot of ways but I think I can download transactions from back to 2012 when I first opened my credit card, maybe earlier.Do you or anyone know about other big banks? My partner and I are looking into a joint account and I want to be able to download all transactions to CSV. Ideally we could get TOTP only (no SMS 2FA) but I’m not counting on it.
Questrade allows TOTP, SMS and some other methods, but you can select which ones you want to enable. I have only TOTP and it works as expected.
Thanks, I suspected this (I only see “authenticator app” when I log in on a new device or periodically, but I wasn’t sure.
Related: for finance related services like Questrade, I’ve stored my TOTP keys on a U2F key, Yubico in my case. Besides the hassle of managing physical keys, is there any drawback to this approach? I’m slightly worried I’ll lose all my keys in a house fire or something, but I assume there’s a recovery option.
That I don't know. I store the TOTP keys into an app on my phone an into a separated KeePass DB that's different from my regular one. Two copies of that is good enough to let me sleep at night.