Skip to main content

The cost of making online banking safer means losing a little of the “anywhere, any time” convenience that makes it so great.

You can see this trade-off in the reaction to a security process called two-step authentication that Toronto-Dominion Bank has been rolling out for the past couple of months. This measure will make customers safer, but it’s going to bug some seniors because it’s a hassle to use unless you have a cellphone and are comfortable with texting.

TD is currently offering clients the option to designate one or more of their electronic devices – laptop, desktop computer, tablet or phone – as a trusted device that won’t require additional authentication when they log in to a bank or investment account. For other devices, maybe a just-purchased computer, one used at work or one in a hotel’s business centre, you’ll need a special access code to complete the login process. This code is sent to you on your smartphone by text, or you can call TD to get your account unlocked.

Story continues below advertisement

Two-step authentication (sometimes referred to as two-factor authentication) replaces the security questions that are frequently used to ensure the person who logged into an account online is actually a customer. Cybersecurity experts think these questions are a lame way to protect client privacy – they’re often guessable if a hacker has even a little information about you.

Online brokerage BMO InvestorLine and robo-adviser WealthSimple are among the financial institutions that have adopted two-step authentication. A few banks use a version of this type of security when clients want to complete certain transactions online, say changing personal contact info. But TD’s move may be the most sweeping introduction of two-step authentication in online banking so far. A couple of the bank’s clients have contacted me directly to complain, and many others have been discussing the pros and cons on my Facebook personal finance page.

A TD spokeswoman described two-step authentication as being more secure and offering more protection for customers. “In light of what’s happening in the wider cyberecosystem, it’s more important than ever that we do this,” she said.

If you’re one of those people who is never without their smartphone, two-step authentication is a non-issue. But what if you’re not part of the smartphone generation? That’s the issue raised by David Murray, a retired Globe reader and TD customer in Niagara-on-the-Lake, Ont. “The problem arises when the customer (such as an 'oldie’ like me) does not have a cellphone and is away from his/her home landline.”

TD acknowledges that travel has been clients' biggest issue related to two-step authentication. If you want to use a device that isn’t known to the bank, you’ll either have to find a way to call the bank on a landline, or use your cellphone and possibly incur roaming costs. Note: It’s not a great idea to log into your financial accounts from a computer in a hotel because of the risk it’s infected with spyware that captures your personal information.

We hear more and more about data breaches at banks and other businesses, but they almost always involve the institution itself. We saw that in May, when Bank of Montreal and online bank Simplii Financial warned that fraudsters may have accessed personal data for a combined 90,000 or so clients.

But criminals also go after data at a personal level as well. That’s the story behind the malware (malevolent software) and phishing e-mails designed to get control of your computer or your personal information.

Story continues below advertisement

TD says its customers will be prompted to switch from security questions to the two-step authentication in the months ahead, and that the roll-out will continue through 2018. The Facebook discussion on two-step authentication suggests clients are evenly split about whether they like and value it. In an e-mail, one unhappy TD customer told me he is thinking of leaving the bank over this new security measure.

Convenience is the price to be paid when improving the security of online banking. The alternative is to be more vulnerable to a criminal element that is always probing for weakness in online security. You should be more worried about a bank that isn’t using two-step authentication than one that is.

Report an error Editorial code of conduct
Tickers mentioned in this story
Unchecking box will stop auto data updates
Comments

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • All comments will be reviewed by one or more moderators before being posted to the site. This should only take a few moments.
  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed. Commenters who repeatedly violate community guidelines may be suspended, causing them to temporarily lose their ability to engage with comments.

Read our community guidelines here

Discussion loading ...

Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.
Cannabis pro newsletter