Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Servus Credit Union #8253

Closed
3 of 9 tasks
asclepiadae opened this issue Nov 16, 2024 · 2 comments · Fixed by #8371
Closed
3 of 9 tasks

Update Servus Credit Union #8253

asclepiadae opened this issue Nov 16, 2024 · 2 comments · Fixed by #8371
Labels
update site Issue/PR updates information about a site in the repo.

Comments

@asclepiadae
Copy link

asclepiadae commented Nov 16, 2024
edited
Loading

Site name

Servus Credit Union

Site URL

https://www.servus.ca/

Update reason

It now supports 2FA.

Additional information

Supported 2FA methods

  • TOTP (RFC-6238, Google Authenticator)
  • Proprietary Software (Authy, Duo, etc.)
  • U2F/WebAuthn security keys
  • Proprietary hardware (Yubico OTP, RSA keys, etc.)
  • Phone calls
  • SMS tokens
  • Email tokens

Official documentation (public-facing): https://www.servus.ca/security/protect-yourself/two-step-authentication
Blog post announcing 2FA introduction: https://www.servus.ca/blog/2020/10/two-step-authentication

Issue Eligibility

  • The issue I'm creating is not a duplicate of an existing issue.
  • The issue I'm creating is not a duplicate of an existing pull request
@asclepiadae asclepiadae added the update site Issue/PR updates information about a site in the repo. label Nov 16, 2024
@Carlgo11
Copy link
Member

Hello @asclepiadae,
thanks for submitting an issue!

After activating two-step authentication, you may be prompted to confirm your identity using Google Authenticator when you perform certain types of transactions, such as higher limit Interac e-Transfers®.
- https://www.servus.ca/blog/2020/10/two-step-authentication

What's described sounds more like authorization for specific user actions than authentication at the login phase.
We distinguish between the two in the section about authorization in Contributing.md.
Please confirm if this is the case or if 2FA is also prompted on login.

@asclepiadae
Copy link
Author

Sorry for the delayed reply here. The bank's documentation here is rather lacking, as they practice some "security through obscurity" by not publicly defining what the triggering events are (there are a few other non-2FA security measures that are also completely lacking in any documentation).

From my home connection with a stable IP (but not truly static) I cannot recall when I last had to enter my 2FA. Same goes for when I use the mobile app on my phone. However, I have been asked to enter the 2FA at login when using my laptop on college campus or through a VPN when on a public WiFi.
I obviously don't make "certain types of transactions" as I have never been asked for 2FA post-login.

If you want to leave this issue open for a few days, I can reach out to the bank and see if they can clarify. Alternatively, we can close this with auth for user actions as that's what's documented, and I can open a new issue later if there is confirmation around 2FA during login.

@Carlgo11 Carlgo11 mentioned this issue Jan 14, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
update site Issue/PR updates information about a site in the repo.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update Servus Credit Union Carlgo11/twofactorauth
2 participants
@asclepiadae @Carlgo11