Why do I have to keep entering a security code to check my bank account?

[atikovi]

I have a savings account at Kabbage. It seems that every time I want to log into my account it says,

It looks like you're logging in from a new device​

In order to protect your account, we've sent a 6-digit security code to ***-***-5201. Please enter it below to verify this device.

Then they TEXT me a code so I have to go upstairs and find my phone to read the code and enter it in. NO, I'm NOT logging in from a new device. It's from my same home computer I've logged into the account with since I've had the account for the last 6 months. Why does it think I'm on a new device? None of my other bank accounts ask to do this.

 

[Leo99]

They need to drop a cookie so they can recognize your device. Do you block their cookies?

 

[wpod]

security!

 

[chemman]

Or, do you run something like CCleaner which deletes cookies from your PC?

 

[atikovi]

They need to drop a cookie so they can recognize your device. Do you block their cookies?

No not that I know of. I have no such issue with some other banks. I do get notices from some other sites occasionally asking me permission for cookies. Can I somehow make a setting such that it automatically gives permission without having to ask?

 

[ARCOgraphite]

I have been getting this all the time with chrome and norton 360. Maybe add cabbage as a trusted site.
although just the name cabbage sounds flaky to me.

 

[atikovi]

It's Kabbage with a K and from AMEX. At 1.10% interest rate up to $100,000 it's the highest rate of any liquid bank account out there.

 

[Zee09]

Robinhood does that to me too
Of course, Russia is supposed to be hacking our banking institutions soon so maybe they are ramping up security.
One call to them may resolve your situation.

 

[Hall]

As annoying as 2-factor security can be, I'll take it vs have someone else gain access to accounts of mine

 

[atikovi]

I don't mind 2 factor security like at another bank where after I enter my user name and password they ask who is my favorite superhero among a list of these ten, but this is different and more annoying. I have to go get my phone, turn it on and check for a text. What if I don't have the phone with me or it's broken? Why can't they just email me the code?

 

[ripcord]

Blame the dark web, stolen lists of passwords with millions of entries, reverse hash attacks using rainbow tables, sophisticated phishing attacks, and the fact that the average person's password is some variation of "123123123".

 

[JohnnyG]

Some sites have gone completely to 2FA. Not the best security, but better than nothing.

 

[uc50ic4more]

If you are continuously being prompted as though you are "logging in from a new device" then they're not detecting their cookie. It's either been removed or prohibited in the first place.

2FA (Two-factor authentication)/ MFA (multi-factor authentication), while not perfect, are awfully close; and are by FAR the easiest and smartest thing(s) you can do to protect your accounts. The security benefit is ***enormous*** at the very slight cost of occasional inconvenience. I use the Authy app because it is cross-platform and has desktop apps (and syncs your data), which save me from having to know where the holy heck my phone is

 

[PandaBear]

I don't mind 2 factor security like at another bank where after I enter my user name and password they ask who is my favorite superhero among a list of these ten, but this is different and more annoying. I have to go get my phone, turn it on and check for a text. What if I don't have the phone with me or it's broken? Why can't they just email me the code?

email can be hacked. Phone goes through a different network and it is much harder to hack (unless you are a sovereign nation then all bets are off).

 

[atikovi]

email can be hacked. Phone goes through a different network and it is much harder to hack (unless you are a sovereign nation then all bets are off).

What about text? How is that written message much different from an email?

 

[Slick3914]

Because multi factor authentication is required by government regulations

 

[uc50ic4more]

What about text? How is that written message much different from an email?

You have to be in possession of your phone or the application that can receive or generate the code. It is literally a second factor of authentication. And one that is much, much, much more difficult to compromise remotely without having physical access to your devices.

 

[atikovi]

Because multi factor authentication is required by government regulations

Huh? I have accounts at other banks that don't require any input besides a username and password.

 

[atikovi]

You have to be in possession of your phone or the application that can receive or generate the code. It is literally a second factor of authentication. And one that is much, much, much more difficult to compromise remotely without having physical access to your devices.

Why? Phone numbers as spoofed all the time as shown by all the telemarketing calls I get with official looking caller ID names.

 

[Slick3914]

Huh? I have accounts at other banks that don't require any input besides a username and password.

Having only a user ID and password has not been acceptable since late 2006 per FFIEC guidelines