Need a better way to handle many OTP requests on login/refresh
App needs a better way to handle OTP requests.
Support for non-OTP aggregator access:
- Venmo needs OTP, [removed] and Venmo never needed OTP.
- Goldenstate Scholarshare needs OTP, [removed] supported the special aggregator link that did not need OTP.
Better user experience:
- Whenever I login or refresh I am bombarded by OTP requests.
- The site UX relies on async patterns, where UI elements op up, then disappear, then re-appear, this really does not work when sequential operations are required. (same with adding an account, or connecting bills).
- Biggest issue is that SMS OTP's are received out of order, and the FI's sending the OTP's do not include their names for security purposes, so when I log in I get 4 x OTP requests, and I get 3 x SMS messages, and one email. And for the SMS's I need to guess which PIN goes to which OTP request, that again pops up randomly.
I propose:
- Make all attempts to use aggregator connections that do not require OTP per session.
- For any account binding, bill binding, or OTP, make the UX synchronous/wizard, do not loose my focus when the flow may fail.
- Do not use async patterns where a spinner comes up, sometimes goes away, and sometimes out of nowhere a dialog pops up again, this is a web page, not a desktop.
Other than the app improving, is there something I can do in settings to improve the experience?
Support for non-OTP aggregator access:
- Venmo needs OTP, [removed] and Venmo never needed OTP.
- Goldenstate Scholarshare needs OTP, [removed] supported the special aggregator link that did not need OTP.
Better user experience:
- Whenever I login or refresh I am bombarded by OTP requests.
- The site UX relies on async patterns, where UI elements op up, then disappear, then re-appear, this really does not work when sequential operations are required. (same with adding an account, or connecting bills).
- Biggest issue is that SMS OTP's are received out of order, and the FI's sending the OTP's do not include their names for security purposes, so when I log in I get 4 x OTP requests, and I get 3 x SMS messages, and one email. And for the SMS's I need to guess which PIN goes to which OTP request, that again pops up randomly.
I propose:
- Make all attempts to use aggregator connections that do not require OTP per session.
- For any account binding, bill binding, or OTP, make the UX synchronous/wizard, do not loose my focus when the flow may fail.
- Do not use async patterns where a spinner comes up, sometimes goes away, and sometimes out of nowhere a dialog pops up again, this is a web page, not a desktop.
Other than the app improving, is there something I can do in settings to improve the experience?
0
Comments
-
Hello @Pieter,
Thanks for sharing your feedback with the Community!
Unfortunately, since the MFA requests are made by the banks directly, we have no control over them; more details on this can be found here. The only thing we can really recommend is to disable MFA with the bank directly, however, this can definitely lead to a lack of security.
With that said, however, it's understandable that performing multiple MFAs at once can become confusing and cumbersome. We do have a couple of Idea posts here in the Community regarding MFA that I'd definitely suggest adding your vote and feedback to.
https://community.simplifimoney.com/discussion/3506/use-oauth-apis-everywhere-they-are-available-chase-bank-of-america-etc/p1?new=1
https://community.simplifimoney.com/discussion/2946/avoid-mfa-every-single-time-by-using-remember-this-device-feature#latest
If these requests don't cover what you're looking for, you can always create a new Idea post outlining your specific request, or I can turn this post into the Idea post instead. More details on creating and voting for Ideas can be found here.
I hope this helps!
-Coach Natalie0
This discussion has been closed.