Security of Authentication Credentials

Why doesn’t Zerodha implement two factor authentication through mobile phone OTP. Considering, data thefts taking place in high and mighty places - I wonder how secure our login credentials are ?

Shouldn’t the option of Mobile Phone OTP 2FA be given to interested clients of Zerodha ? Charges, if any, can be recovered from Clients.

On Second thoughts, One touch Finger Impression Log_in access would be great. Considering a E-Wallet company uses the same for their authentication.

Think about it 0dha

Can some one from zerodha clarify ?

Zerodha has the worst concept for authentication credentials. I mean you have now 3 passwords…
1 master password and 2 other 2FA answers (Its a joke on the name of 2FA).Any keylogger software might easily collect this info. FB, Google, Twitter, Github, pinterest provide actual 2FA. Atleast provide option to enable OTP verification.

I agree with @4poorv. Choice of mobile based 2FA should be provided for interested customers. I hope someone from Zerodha takes note.

@BharatW Does Zerodha plans to implement 2FA through mobile phones in future ?

2FA through mobile verification is just a one-time authentication right?
SEBI mandates that there has to be a 2FA layer along with the login password and that’s the protocol being followed.

1 Like

@Srinivas That’s true. 2Fa through mobile is one time authentication but it’s considered more secure than authenticating with static pass-phrases.
2FA traditionally have relied on “what you know[Login Password]” and “what you have[Mobile phone OTPs]” paradigm.
My submission is that implementation of 2FA through use of login password and Mobile phone OTPs will make the Zerodha’s authentication process more secure. It should be provided for interested clients. @NithinKamath

@nithin Is there anything in pipeline along these lines ?

OTP Login Every time A customer Login into their Account Will Increase The Brokerage House Infrastructure and Back-end Work.
It will require New Infrastructure and Database and Servers.
If they will opt for Cloud Computing technology cost can be cut While maintaing the Database which had to be active 24/7 365 days.

Imagine Market is open And you are Login in your Trading Account But the OTP server has failed or sending delay OTP msg to customers you will be stuck in the Middle of market hours.

But Change is the demand of Time.

3 Likes

Or what about throwing a challenge such as “tell the name of this color”. Now Zerodha should have a database where we deliberately would have given wrong answer for each color. Zerodha should ask at least 3 questions “Tell the color of the box?” If box is filled with red we might answer green. Even though keyloggers can detect our answers it never can know what exactly I gave the answer for the question. Is there any loophole in this mechanism?

1 Like

@Lets_Invest Insofar as the charges are concerned, I believe there are many who wouldn’t mind paying loose change for improvement in security.
Also, the OTP can be sent over through both Email and mobile phone network. Through this redundancy in delivery mechanism, OTPs can be delivered in the nick of time.

Don’t Give up @nakrj
Keep on Requesting to @Karthik One day For sure you will Receive your OTP.

Thank you.

Can anyone bring any news of any incidents of misusing trading accounts by fraudulent methods and siphoned of money?

Do you aware of mobile cloning? What OTP will do in this case?

How many of you know that hundreds of traders are just putting single character for 2FA ?

Or can you explain what are the possibilities of stealing your money from your trading account or Demat account? Can you give technical explanation ?

In these days even your cash is tracked by govt through technology ? No one can withdraw your money or shares from ATMs

Personal negligence is the reason. Using unlicensed OS without any antivirus software visiting torrent websites downloading illegal content these will pose more trouble than 2FA.

You are talking about key loggers how will they reach your home ? You all know how many companies are telling there was a data breach in their system and millions of user data was stolen

If physical security is breached then nothing can be protected. Everyone who posted in this thread please explain what security measures you have taken for your computer or phone.

I am using Windows 10 System with trend micro antivirus not done any reinstall of OS since 2009. Changed two mother boards and two harddisks still everything installed in first time is continuing. Even OS upgraded from Windows 7 to 10 no application reinstalled.

Personal discipline is ultimate it can not come by operating a switch

5 Likes

I am also so concerned about my safety in online world. I always use original OS. Now I am using Windows 10 Home which came with Laptop which bought 15 months back.

“I read in your post that you are using windows 10 with trend micro antivirus” my doubt is “is Windows defender is not enough to keep safe my laptop from virus or hacking?”. Is it necessary to have third party anti virus software to protect myself in online world?

Just a doubt. I am not that much tech savvy.

Trend micro in addition to virus scanner you can also filter and monitor websites and Net traffic. disable USB devices and CDROM etc.

If we maintain discipline of not visiting illegal content hosting websites that is good enough. I don’t open news sites on my Computer.
I read news in My mobile only. This reduces Data.

Personal discipline is most important. Windows has build virus scanner. that is OK for Home user.

1 Like

Get paid norton antivirus internet security, my pc used to crash before as I did not have antivirus, now it doesn’t have any problem and norton updates their software everyday.its one of the best in the market. Don’t buy for only 1 device it ll cost 749 for 1 pc 1 year. Instead ask your friends and buy for 5 devices for 2 years it comes to 400 per device for 2 years it saves a lot of money. And yearly 200 per device is worth for complete professional security.

2 Likes

They have hiked the price by 40 rs but still worth it.
(https://in.norton.com/norton-security-antivirus) if u visit any virus sites it won’t let you. Every site you visit norton marks green yellow or red indicating level of safety. It has stopped virus attack for me many times. And since world has turned online better get security. If u r a Jio customer install Jio security in your phone, as Jio security is Norton security actually.

1 Like

For retail consumer paid anti-virus is a waste of money, I use Windows 7 Ultimate with standard account along with in built anti-virus or very light-weight anti-virus/anti-spyware/mal-ware and never ever got any kind of virus/ransomwares in my system. You can even use virtualbox/sandboxing for opening any shady websites to isolate the threats. P.S. for the original question, the security mechanism of Zerodha (2fa) is very robust, only thing you should never give any proper answer for the questions, e.g. when it will ask you “What is your nick name?” answer it “Honu lulu”, when you will be asked “Where did you spend your honeymoon” answer it “facebook”. The moral of the story is always give irrelevant answer never give any obvious answer.

if u think 200 per year for security is not worth the risk you are exposed to for a 30k plus machine then good luck.