Why do I have to keep entering a security code to check my bank account?

[Rand]

Why? Phone numbers as spoofed all the time as shown by all the telemarketing calls I get with official looking caller ID names.

maybe do some research instead of being lazy and asking 100 questions and arguing.
basically spoofing a phone number has nothing to do with this.

They would have to rig it such that the phone company thinks their phone is yours.
which can be done but is hard without physical access to your phone. or at least close to your phone and high level gear.

Is there a "remember me" or stay logged in box somewhere on the Cabbage site? try another web browser and log in several times?

Could just be an outdated message and they require 2FA on all logins now.

edit made an account on Cabbage just to help you.
Edit:
This is what their security page says:

Multi-factor authentication​

Multi-factor authentication helps us verify your identity, and gives your account an extra layer of security. We will text a code to 3307452181 each time you log in.

So operating at intended. keep your phone on you?

 

[atikovi]

Having only a user ID and password has not been acceptable since late 2006 per FFIEC guidelines

Just logged into my Capital One account like that.

 

[PandaBear]

What about text? How is that written message much different from an email?

You have to hack both the SMS network and the IP based network to get through you 2FA. I am sure there are ways around it and so far the weak link is people pretending to be you and get a new sim from the phone company, but for most small hack it is not worth the effort.

 

[uc50ic4more]

Why? Phone numbers as spoofed all the time as shown by all the telemarketing calls I get with official looking caller ID names.

Spoofing your number when making an outgoing call is a world away from being able to receive a confirmation text message for the sake of authorization.

 

[Hall]

Why? Phone numbers as spoofed all the time as shown by all the telemarketing calls I get with official looking caller ID names.

Why is exactly right. Why do you ask a question and then debate the answers people voluntarily give you ? Why do you ask questions if you already know the answers or don't like people's answers ?

 

[uc50ic4more]

Just logged into my Capital One account like that.

Great; and so can/ will anyone who becomes privy to that password. Without a second factor of authentication present, it'll be easy as pie.

 

[ARCOgraphite]

Having only a user ID and password has not been acceptable since late 2006 per FFIEC guidelines

Fidelity, Santander and Capital One don't require extra layers when logging on from a trusted device.
Is that part of the "guidelines" ?

Surprisingly, Edward Jones and State Farm do require extra login mojo.

 

[Silver]

Call their Indonesian help desk.

 

[Silver]

Having only a user ID and password has not been acceptable since late 2006 per FFIEC guidelines

In reality like the OP I never furnish anything beyond user and pwd to log in to dozens of sites including banks unless it's been a while or I don't have a cookie for whatever reason. Maybe I have it turned off or some other explanation but the fact remains.

 

[uc50ic4more]

Making 2FA/MFA **available** is a no-brainer, especially for sensitive institutions like banks and governments. Yet my credit union does not offer it. I am speechless that any reputable entity does not offer it.

**Mandating** is another thing. While I am fully in favour of 2FA/MFA being a de facto standard, I understand that not everyone has the capacity to use it properly.

 

[Tomioka]

Text based 2FA is "enough" but still weak since its prone to SIM-jacking. I use a 2FA authenticator app which is tied to the device the app is installed on.

IMO 2FA is the product of having weak passwords easily getting hacked or data breaches. Lost my first email address to hackers once several accounts under that email got breached. Now I use disposable emails.

 

[meadows]

I remember signing up for it because I thought it was a good idea.

 

[SubLGT]

....Of course, Russia is supposed to be hacking our banking institutions soon so maybe they are ramping up security.

Today I wanted to activate my updated CapitalOne credit card I received in the mail. I entered the activation URL provided in the letter into my browser address bar, and it seems to have been deactivated. It was not recognized as a valid address. I triple checked for typos. Hmmm.

So I called the 1-800 number instead, and the activation went smoothly.

 

[Zee09]

Today I wanted to activate my updated CapitalOne credit card I received in the mail. I entered the activation URL provided in the letter into my browser address bar, and it seems to have been deactivated. It was not recognized as a valid address. I triple checked for typos. Hmmm.

So I called the 1-800 number instead, and the activation went smoothly.

I got a scare today too with Paypal
Not sure but I couldn't run my cards.
An hour later it was resolved. Never had that before.