Two Factor Authentication

Yesterday I failed to log into my Britline account of 25 years…as it requested a two factor authentication. New to me…it then said I didn’t have one set up and locked me out. MY advisor now states that every 90 days this is required and that I must get a code via a mobile phone…and that is the only way.
However I, like many others, DO NO USE a mobile phones…
No other option has been suggested so I cannot access/check my accounts.
Anyone else had similar issue? WHY do companies assume everyone DOES use a mobile phone? I have had this in the UK with MBNA, whihc was upheld by teh Financial Ombudsman, and MBNA had to provide an alternative.

I do sympathise, but the facts are that mobile phones (although we all know that they are much more than that) are so widespread that many companies regard them as ubiquitous. The fact that the devices enable (comparatively) secure communications means that their use for guaranteeing transactions is likely to increase, rather than decrease, in the near future.

It is possible that Britline may be able to supply a card reader to allow you to verify your identity. Or it may be simpler to get a mobile phone - they can be very useful…

Yes CA have been doing that to me every few months and I keep a free use mobile phone simply as a phone and they send a new code by SMS once I get on the bank site. This was a cheap supermarket brand mobile phone and is capable of receiving the internet via Wifi but as it costs me nothing for two hours of free use each month I use it as an emergency tool and nothing more, the main computer is where I use the internet and I for one, am glad not to have become a finger pushing junkie which is often very rude indeed especially at the meal table.

I used to log in to my London bank account with a small digital device, issued by the bank, which would generate a random 6-figure number for me which would give me access to my account. Perfect. Had no problem with it. Been doing it for years.

Then they changed that to a new smartphone app. method of producing random numbers. I had a smartphone but hated using it to log in to my account – found the process confusing. But I had no option but to use my bank’s smartphone app. and have now finally mastered it. Wasn’t too difficult in the end.

But there is trepidation involved in that I’m worried that if I tap in the wrong password on the smartphone, smartphones have such small keys and it’s too easily done, that I’d be brutally locked out. And then you have to ring up and talk to what sounds ominously like AI voices. And you have to provide proof that you are who you say you are!

Progress I’m afraid!

I have no desire to use a mobile phone - and MBNA eventually supplied a small card reader which works fine. Credit Agricole are acting against Payment Services Regulations 2017 and related EU standards.
> "… its expectations of firms when it comes to implementing SCA
> measures. In particular, that it expects firms to develop SCA solutions
> that work for all groups of consumers. This means that firms may need to
> provide several different methods of authentication for their customers.
> Significantly it is the stated that this includes methods that do not
> rely on mobile phones to cater for consumers who will not have or won´t
> want to use a mobile phone. "

I’m pleased that it has worked out well for you.

Well there you are then. Just tell CA that and I’m sure they’ll sort you out one way or another.

haha…I think the silence from CA to my suggestion is deafening!!!
I have ask them to escalate or I shall have to do so…somewhere.

We have mobile phones but we live under a cliff, so to get a code I have to run up the road, and hope I don’t time out by the time I return! Most times I just phone credit agricole and waste staff time by getting them to do something I could have done in seconds if it wasn’t for this blasted 2 factor authentication,


When you contact CA don’t barge right in. and remember to be polite and stick to the niceties. That counts for a lot in France (and on this forum…)


All well and good this 2 factor security but when these companies get hacked they will have your mobile number as well and possibly access to its data.

They should use T-OTP then they just need to know the HOTP parameters and the shared secret. There’s even open source implementations such as FreeOTP so there’s no need to develop their own version. It mitigates against SIM swap attacks too.

1 Like

Are you talking about a smartphone or a mobile phone @Gprit ? If the former then I will have a problem in the future with both my banks, English and French.

I believe that only a mobile phone is necessary @David_Spardo … I certainly don’t have a smartphone… I’ve a stoneage mobile which allows me to make contact if I need to and also to receive calls/messages… no internet or stuff like that…

That’s a relief. :joy:

I confirm not a smartphone required.

I suspect Britline is neglecting to mention the other CA standard solution - ask them about Securipass. Think it might still need their app on your phone but it’s definitely not an SMS - it’s a code you choose, it’s attached to your account and you enter it to approve a transaction.

I have one of those… but nothing to do with Apps/Phones…
CA sent me a letter with a “lifetime” code to use to confirm transactions as and when necessary…

I’m looking forward to when we can forget about usernames and passwords, and just use FIDO2 authentication. I already use a Yubikey for work.

Probably because it’s not 1950.

Sorry, couldn’t resist, but I would turn it around and ask why on earth someone wouldn’t. Even just for mishap while out and about, the advantages are significant.