Last Updated on January 2, 2016 at 6:32 pm
A couple of weeks ago, I tried to login to my account with Quantum mutual fund. I had to enter my login name and password and difficult captcha* code. After getting the code wrong twice(age does take a toll), I was taken to another screen where I had choose by which way I could receive a OTP (one-time password): by email or by mobile. Then it took me to another page where I had to enter the OTP received. When I managed to do that, I was finally able to access my account. I thought this was a one-time affair, but I had to do the same when I logged in after a couple of days. Thankfully, when I checked again while writing this, the authentication via OTP had been removed. Hopefully because of negative feedback.
A while back FundsIndia (with whom I have a dormant demat account) had a similar two-step authentication which has now been removed. If I remember correctly, one had to enter one’s birthday in the second step.
The IT e-filing site also did the same thing a while back. Now the date of birth has to be entered in the same screen.
A look at online security and how it seems to be mutually exclusive to online convenience. Security always seems to be at the cost of convenience and vice-versa.
Join 32,000+ readers and get free money management solutions delivered to your inbox! Subscribe to get posts via email! (Link takes you to our email sign-up form)
🔥Enjoy massive discounts on our robo-advisory tool & courses! 🔥
First a quick note: yesterday I wrote about: Simple ways to protect our online privacy. My intention was to only point out that we should understand what information is being accessed when we use a site. I was not trying to be paranoid.
A while back, authentication meant an username and password. It then evolved to username, password and a captcha. A captcha prevents an attack from computers run by hackers.
Captcha stands for “Completely Automated Public Turing test to tell Computers and Humans Apart” phew! The Turing test evolves from a proposal by Alan Turning – part of the team which cracked the German’s enigma machine (the imitation game). Turing committed suicide after being forced to take Estrogen because of his homosexuality. The British and US never told the rest of the world that the enigma code had been cracked. This enabled them to freely spy on commonwealth (ahem!) and protectorate countries.
Today, “two-step authentication” where the user has to input two pieces of unique information is being used by many sites.
Both the above security measures have significantly reduced online convenience. Are such measures necessary is the subject of endless debate and often depends on who is arguing and what they are arguing about (duh!).
If I ran an organization I will install additional security measures primarily for good PR even if is not necessary.
Take the case of mutual fund accounts or demat accounts. They work in a closed loop. Money flows from designated bank accounts to the fund or demat account. Dividends and redemptions can only be sent to the same bank account either by an ac/payee cheque or via online transfer.
I fail to understand (and I write from a point of abject ignorance) how a captcha will provide additional security to my mutual fund account. Hackers can buy or sell units only if they knew the login and password to the attached bank account.
The possibility of that happening is pretty rare if I have a decent antivirus/anti-malware installed. At the unitholder’s level access to the AMC server would be severely restricted. So the hacker cannot gain access to it via an individual’s account. Please don’t tell me that server security is that bad!
Of course, a hacker can change my password and deny access to my account which I will have to rest offline.
Having a captcha for a blog or forum makes perfect sense. It will minimize, if not eliminate, mechanized SPAM. Hard to eliminate ‘direct’ SPAM though (see how loan providers misuse the FB comment option at freefincal).
I see no use for captcha’s with amc accounts. Please correct me if I am wrong.
The goal should be to protect the password efficiently. Then a captcha is not necessary.
A two-step authentication is a smart alternative to captcha (although they are often used together)
Here two pieces of information unique to an individual is used access an account. It is a smart alternative and does not reduce online convenience, provided one step is offline.
Online two-step authentication
Here both the password and access code have to entered online in succession. This can be a pain if I need to login often. I need to find out if password managers can handle this.
There now apps which will enable online two-step authentication for any social media sites
Offline two-step authentication
Here the password is stored in a password manager that is installed as a browser ‘add-on’. To access the password, an offline master password must be entered. I prefer this as it is much more convenient and pretty much equally secure.
In this case, the site password can be incredibly tough (13 characters with upper case, $,#,& etc.) and need not be committed to memory. There are password generators which can do this for you.
The master password is never stored anywhere except in our “little grey cells”. In our case, my wife set the master password so that she can access it even if I cannot it.
Earlier I used to maintain a book where all the site passwords were listed. I stopped updating it these days because AMCs irritate us every few months by asking us to change the password while ensuring it is not the “last 4 passwords used”. Tiresome. Like I said, security and convenience can be mutual exclusive.
Offline protection
Antivirus + spyware protection is crucial in every computer. Browser security software is also available, but somehow I have not taken to that.
Credit card protection
We take the credit card out with us only when we know we are going to use it. This reduces chance of theft and loss. The card comes with a pin, so we see no need for a card protection plan.
While purchasing online, we never save the card information on payment sites as a precaution. The CVV number provides an additional layer of protection. However, it is only a 3-digit number. So it is important to secure the card number. Some cards need a password that must be entered on an on-line keyboard. This is a pain, but is more secure.
I hope I neither sound reckless nor paranoid. Yes, we need to be secure, but I see no need to go overboard. Offline or online, nothing is 100% secure. We have not been attacked so far, only because no one choose to, or we have been plain lucky with our choices.
🔥Enjoy massive discounts on our courses, robo-advisory tool and exclusive investor circle! 🔥& join our community of 7000+ users!
Use our Robo-advisory Tool for a start-to-finish financial plan! ⇐ More than 2,500 investors and advisors use this!
Track your mutual funds and stock investments with this Google Sheet!
We also publish monthly equity mutual funds, debt and hybrid mutual funds, index funds and ETF screeners and momentum, low-volatility stock screeners.
Podcast: Let's Get RICH With PATTU! Every single Indian CAN grow their wealth! You can watch podcast episodes on the OfSpin Media Friends YouTube Channel. 🔥Now Watch Let's Get Rich With Pattu தமிழில் (in Tamil)! 🔥
- Do you have a comment about the above article? Reach out to us on Twitter: @freefincal or @pattufreefincal
- Have a question? Subscribe to our newsletter using the form below.
- Hit 'reply' to any email from us! We do not offer personalized investment advice. We can write a detailed article without mentioning your name if you have a generic question.
Join 32,000+ readers and get free money management solutions delivered to your inbox! Subscribe to get posts via email! (Link takes you to our email sign-up form)
About The Author
Dr M. Pattabiraman(PhD) is the founder, managing editor and primary author of freefincal. He is an associate professor at the Indian Institute of Technology, Madras. He has over ten years of experience publishing news analysis, research and financial product development. Connect with him via Twitter(X), Linkedin, or YouTube. Pattabiraman has co-authored three print books: (1) You can be rich too with goal-based investing (CNBC TV18) for DIY investors. (2) Gamechanger for young earners. (3) Chinchu Gets a Superpower! for kids. He has also written seven other free e-books on various money management topics. He is a patron and co-founder of “Fee-only India,” an organisation promoting unbiased, commission-free investment advice.Our flagship course! Learn to manage your portfolio like a pro to achieve your goals regardless of market conditions! ⇐ More than 3,000 investors and advisors are part of our exclusive community! Get clarity on how to plan for your goals and achieve the necessary corpus no matter the market condition is!! Watch the first lecture for free! One-time payment! No recurring fees! Life-long access to videos! Reduce fear, uncertainty and doubt while investing! Learn how to plan for your goals before and after retirement with confidence.
Our new course! Increase your income by getting people to pay for your skills! ⇐ More than 700 salaried employees, entrepreneurs and financial advisors are part of our exclusive community! Learn how to get people to pay for your skills! Whether you are a professional or small business owner who wants more clients via online visibility or a salaried person wanting a side income or passive income, we will show you how to achieve this by showcasing your skills and building a community that trusts and pays you! (watch 1st lecture for free). One-time payment! No recurring fees! Life-long access to videos!
Our new book for kids: “Chinchu Gets a Superpower!” is now available! Most investor problems can be traced to a lack of informed decision-making. We made bad decisions and money mistakes when we started earning and spent years undoing these mistakes. Why should our children go through the same pain? What is this book about? As parents, what would it be if we had to groom one ability in our children that is key not only to money management and investing but to any aspect of life? My answer: Sound Decision Making. So, in this book, we meet Chinchu, who is about to turn 10. What he wants for his birthday and how his parents plan for it, as well as teaching him several key ideas of decision-making and money management, is the narrative. What readers say!
Must-read book even for adults! This is something that every parent should teach their kids right from their young age. The importance of money management and decision making based on their wants and needs. Very nicely written in simple terms. - Arun.Buy the book: Chinchu gets a superpower for your child!
How to profit from content writing: Our new ebook is for those interested in getting side income via content writing. It is available at a 50% discount for Rs. 500 only!
Do you want to check if the market is overvalued or undervalued? Use our market valuation tool (it will work with any index!), or get the Tactical Buy/Sell timing tool!
We publish monthly mutual fund screeners and momentum, low-volatility stock screeners.
About freefincal & its content policy. Freefincal is a News Media Organization dedicated to providing original analysis, reports, reviews and insights on mutual funds, stocks, investing, retirement and personal finance developments. We do so without conflict of interest and bias. Follow us on Google News. Freefincal serves more than three million readers a year (5 million page views) with articles based only on factual information and detailed analysis by its authors. All statements made will be verified with credible and knowledgeable sources before publication. Freefincal does not publish paid articles, promotions, PR, satire or opinions without data. All opinions will be inferences backed by verifiable, reproducible evidence/data. Contact information: letters {at} freefincal {dot} com (sponsored posts or paid collaborations will not be entertained)
Connect with us on social media
- Twitter @freefincal
- Subscribe to our YouTube Videos
- Posts feed via Feedburner.
Our publications
You Can Be Rich Too with Goal-Based Investing
Published by CNBC TV18, this book is meant to help you ask the right questions and seek the correct answers, and since it comes with nine online calculators, you can also create custom solutions for your lifestyle! Get it now.Gamechanger: Forget Startups, Join Corporate & Still Live the Rich Life You Want This book is meant for young earners to get their basics right from day one! It will also help you travel to exotic places at a low cost! Get it or gift it to a young earner.
Your Ultimate Guide to Travel
This is an in-depth dive into vacation planning, finding cheap flights, budget accommodation, what to do when travelling, and how travelling slowly is better financially and psychologically, with links to the web pages and hand-holding at every step. Get the pdf for Rs 300 (instant download)