Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Starling Bank #3338

Merged
merged 2 commits into from
Aug 1, 2018
Merged

Add Starling Bank #3338

merged 2 commits into from
Aug 1, 2018

Conversation

ohheyrj
Copy link
Contributor

@ohheyrj ohheyrj commented Jul 31, 2018

Starling Bank is another app based challenger bank in the UK.

Although the main Starling app does not support 2FA, the developers portal does. I'm not sure if I should add in an exception for this or put this in as another site. Feedback would be welcome.

mxxcon
mxxcon approved these changes Jul 31, 2018
View reviewed changes
Copy link
Contributor

@mxxcon mxxcon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why would they implement 2fa for developers but not direct customers?🤦‍♂️

@ohheyrj
Copy link
Contributor Author

ohheyrj commented Jul 31, 2018

I know, I was surprised to find that out. Not as bad as Monzo, there login is just a email link 😱

@brycx brycx merged commit 7b2a32f into 2factorauth:master Aug 1, 2018
brycx added a commit that referenced this pull request Aug 1, 2018
@brycx
Revert "Add Starling Bank (#3338)"
4fbcd57 
This reverts commit 7b2a32f.
@ohheyrj
Copy link
Contributor Author

ohheyrj commented Aug 1, 2018

So its come to light (after I had to reinstall the app) that they do support 2FA...kind of...
When you go to sign in again it asks if you have your original phone, if you do it asks to scan a QR code from within the app on the old phone. If however you select the 'I dont have my old phone' option, it just asks for a mobile number (doesn't even have to be the one originally registered with the account) and sends a SMS to that number. Would be a much better idea for them to use the mobile number registered to the account. Not sure if anything needs changed in this pull request. I still dont think its true 2FA.

@Carlgo11
Copy link
Member

Carlgo11 commented Aug 4, 2018

@rj175 if it accepts any phone number then no, that wouldn't be a form of authentication.

@jamcat22 jamcat22 added the add site Issue/PR adds a site to the repo. label Feb 17, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brycx brycx brycx approved these changes

@mxxcon mxxcon mxxcon approved these changes

Assignees
No one assigned
Labels
add site Issue/PR adds a site to the repo.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@ohheyrj @Carlgo11 @mxxcon @brycx @jamcat22