Two Factor Authentication - Is It Just Not a Priority?

bmeyers

I've been struggling with using Simplicity with accounts that require Two-Factor Authentication for quite some time. Multi-Factor authentication isn't a novel thing or a fad that's going away - I did a quick search in the forum just now for "two factor" and received ~30 results, plus a couple of Product Suggestions. Candidly, the suggested work arounds are garbage (just close out the spam you receive asking for half a dozen simultaneous MFA codes, disable MFA for your Financial Institution (FI), change to manual accounts and once in a while re-connect to your financial institution).

Each of the results appear to be dealt with individually and dismissed as "it's out of our hands - the FI". Is the product team thinking about the challenges cohesively (e.g. we could make things better by changing the workflow)? Responses typically have blamed the FI for implementing industry standard, best practices to protect their customers (it's out of our hands, it's an FI setting, what can we do)? Without FI connectivity, the entire value of this product is eliminated. There are significant quality of life improvements that could be made tomorrow if prioritized by the team (something as simple as a "manual update" for accounts would be a god send and I cannot believe it would be hard to implement).

I don't mean to be negative - but there hasn't been any meaningful enhancement to this challenge since I started using the product. I waste ~10 minutes EVERY TIME I LOGIN - I dread opening the app when I need to just because it feels like a chore.

Thanks for listening.

RobWilk

Some (most?) of the people asking for 2FA here I believe are asking for simplifi to secure their simplifi account using 2FA which is not there at this time. This has nothing to do with 2FA's from financial institutions.

I will share that I have no issues with 2FA from financial institutions. Some financial institutions don't remember that you already authenticated with 2FA with simplifi, and that's something simplfii 'might' be able to fix if you report it and their 3rd party connection provider fixes it. Recently there was some kind of bug in the mobile app regarding 2FA but I think they fixed it.

I'm just another user, don't confuse me with simplifi support - they may have better answers.

Coach Natalie

Hello @bmeyers,

Thanks for posting your feedback to the Community, although I'm sorry to hear of your experience with completing MFA in Simplifi.

Unfortunately, we don't have any control over the MFA requests made by the banks, as these are made by the banks directly (meaning we cannot stop them from occurring).

https://help.simplifimoney.com/en/articles/4704254-why-do-i-need-to-re-authenticate-my-bank-with-every-refresh

As far as the MFA flow goes when there are multiple banks involved, I do believe this is something that our Product Team is reviewing to see if it can be handled a better way, as we have received additional feedback regarding this behavior in the past. In the meantime, we have some Idea posts that can be voted on and followed for updates:

https://community.simplifimoney.com/discussion/4283/ability-to-organize-mfa-prompts-when-updating-accounts-edited

https://community.simplifimoney.com/discussion/2946/avoid-mfa-every-single-time-by-using-remember-this-device-feature

Sorry for not having a better answer, but I hope this helps!

-Coach Natalie

bmeyers

I started to type a fairly lengthy response and have abandoned it. I will simply state that I was just hoping for more ownership from the product team - it's good to know that the "product team is reviewing", but without seeing meaningful change over multiple years that doesn't give me much hope for improvement. The name of this product is "Simplifi" - my daily interactions are anything but simple.

ajbopp

I had a 2FA message pop up in Simplifi a couple of weeks ago, but that was after I changed security settings on my financial institutions' accounts, so I would expect it in that case. I've never had an issue with 2FA and not many users seem to have an issue. I use Wells Fargo, Edward Jones, Fidelity, Fidelity Net Benefits, HealthEquity, and a couple of other institutions and have never had an issue with them.

A couple of questions I would have.

1. Are you experiencing this with the web browser, Android, or iPhone app?
2. Are you seeing it with every institution you have set up, or just some of them?
3. What institutions are exhibiting this behavior?

With so many people having no issues in this area and so few having multiple issues, I wonder if there isn't something going on under the covers locally.

If this issue is showing up in a web browser, it would help to know which one you're using. I might also wonder if something in settings might be causing a loss of 2FA, such as deleting cookies or cache routinely (I know some browsers do this by default and most can be configured to).

If using a device app, I'm on less certain ground here but I wonder if there isn't something in the device settings that could be toggled to account for this behavior? I'm not sure what that could be, but there are all kinds of seccurity settings for which the purpose and ramifications are vague to me.

It might also be useful to verify you get the same 2FA behavior on both an app and the web browser.

Just some thoughts.

bmeyers

Thanks for the additional thoughts, Anthony.

The results for me are the same regardless of app vs. web. I wouldn't say that I "have issues" with 2FA - rather, it just doesn't feel like use cases have been completely thought through by the product team.

As an example, I logged in this morning (was just going to run a report - didn't need to update any transactions, updated them all yesterday), I had two options to proceed:

• Dismiss 8 individual 2FA request dialogues.
• Go through 2FA process to update all transactions on 8 accounts.

I just wanted to login and click Reports without having to deal with transaction updates at all. Suggestion: If I could disable automatic transaction updates and just click a refresh button somewhere on the page that allowed me to globally or individually update accounts.

When I do go through the update process, here is another example of where the process is a mess:

• Prompt to send 2FA for Account 1, click Connect.
• Prompt to send 2FA for Account 2, click Connect.
• Prompt to send 2FA for Account 3, click Connect.
• Prompt to enter 2FA for Account 2.
  • Check text messages on phone - i now have 3. two of them do not indicate which account they came from (FI problem that has now become my problem). Fortunately, Account 2 is clearly labeled, so I enter 2FA and click Connect.
• Prompt to enter 2FA for Account 3.
  • Back to phone to check text messages. I guess which one of the remaining 2 goes to which Account, enter 2FA for Account 3 (cross fingers, because if I guess the wrong one, I will have to restart the process for this account). I enter 2FA and click Connect.
• Prompt to send 2FA for Account 4, click Connect.
• Prompt to enter 2FA for Account 1.
  • Back to phone to check text messages. Fortunately, I have deleted previously used 2FAs. While I'm clicking on the remaining 2FA, another text message for Account 4 comes in - good thing I was quick… I enter 2FA and click Connect.
• Process continues for Account 5, 6, 7, 8…

Suggestion: Handle 2FA for each account sequentially (could easily work with manual update suggestion above). Having multiple 2FAs in flight at the same time causes many issues. Poorly worded 2FA from FIs are an issue, as are mistypes, and message delays. Because these all timeout quickly, the flow above gets messier if everything doesn't go just perfectly. (As an aside, ios 17 attempts to help us by bringing the most recently received 2FA (text and email) into the keyboard automatically - it'll even offer to cleanup the 2FA message after the number is pasted into a field. Unfortunately, because there are simultaneous codes in my text messages only the last one shows up.)

I may be the only person with unlabeled text 2FAs, but I suspect much of what I described above to be consistent for all users with 2FA. My belief is that many people are just "dealing with it" - I've always been a "but it could be better" kind of guy. I was hoping to find a few folks in the forum community of like mind, but it seems like most folks are content with things the way they are :(

Respectfully,

bmeyers