Mandatory TOTP for all Kite Connect apps

  • ansubur
    I don't know what is happening, but whatever happening is not for good for sure.
  • JeetKumar
    Here's a scenario:
    Somebody activated this, and are now using 2FA to login.
    Sometime later, they lost the phone, or did factory reset, or changed phone, (so many things can happen).
    Now new phone does not has google authenticator connected with zerodha.
    So how do they login?

    They cannot login, so they cannot scan new QR code as well.
    So google authenticator cannot even be setup on new phone this "second time".
    So then what happens to the account?

    All the holdings, balance, all of it is gone?

    What is the alternative of 2FA login once its activated?
    Suppose I activate 2FA for my zerodha account today.
    And after that phone is changed?
    Then how do I login?

    Even the tech companies which started this concept of 2FA, even they have not made it manditory on their own websites.
    Even today gmail etc have this as optional, not manditory...

    But somehow SEBI is feeling the need to make it manditory, without even thinking of the various situations that can arise in coming future.

    Phones can be lost, new models are launched and we buy new phone, they get broken, softwares gets corrupted...
    What is supposed to be done at that time?
    Is there an alternative?

    And is that "alternative" available in API also?

    Tell the SEBI about these issues. If you do not tell them then how will they know?
    This will create so many problems in future, I am definite about this.

    Please give an alternative to this, nothing connected to phone.
    Send the code in email, two or three minute expiry time.
    Give an alternative, something...
  • ansubur
    I'm able to place order in web browser without TOTP, but not allowed using API?
  • Matti
    @JeetKumar if you lose or change your phone, clicking on the forgot password link will allow you to reset the 2FA and login. You can then set up a new TOTP.

    I was reading your previous post and you're right about the fact that this rule is in part because some people tend to share their account details with others. While we can partially absolve ourselves of responsibility in these cases by saying that any losses incurred due to a user sharing a password isn't on us, it still leaves our customers open to fraud, and that isn't something we'd want.
  • Matti
    @ansubur yes, that's correct. This is currently for Kite Connect only. However, we're working on mandating this across all platforms.
  • JeetKumar

    Without giving any alternative to handicap people you are just "stubbornly" and very stubbornly forcing this on all platforms?
    Really no sensitivity?

    I already told you, if you want to implement this, sure go ahead.
    But give us an alternative at least.

    Your main apps are not usable by handicaps.
    You ask us to mouse hover a item in watch list to even make the buy/sell buttons appear.
    How are we supposed to hover the mouse over something without seeing it?

    This API was the only option, and now instead of providing a work around, you are just being so stubborn...

    If you want, in my zerodha account, I can upload my handicap certificate which says I am 100% handicap.
    Then can you make the account an exception to this TOTP rule?

    Don't be so stubborn please...
    Kindly show some sensitivity. Give a workaround please.
  • pranksterguru
    @JeetKumar may i recommend couple of alternates here? if you are using chrome browser to do trading you can use chrome extensions to generate totp token. this totp token is really silly and not to be taken as a serious issue really

    below is one of the chrome plugin you can use

    if you want to generate totp programmically, refer to this
  • JeetKumar
    Thanks for these. Deeply appreciated.
    I'll try the java code you linked to.
    However, the biggest problem is the 30 second time window
    With passwords I remember, I depend only on my memory and typing speed to type those passwords.

    With TOTP, I need to check the code on a third party software, read it using my screen reader software.
    This alone could take 10-15 seconds on its own.
    This is because I need to read the whole page until screen reader can reach the code part. There I have to stop and focus the screen reader on the code using keyboard keys.
    Then it reads.

    If on phone, then I need to touch items one by one until I find the part I want.
    Then it reads.

    Then return to zerodha and initiate the login process in a browser window.
    First password is done, and then in second step I enter this TOTP which has a 30 second delay.
    During all this that 30 second time window could easily expire...

    If it fails, then I have to generate a new code, and again do all this in 30 seconds...
  • pranksterguru
    logging in on using webbrowser will be tricky but logging in to mobile app shouldnt be an issue. you just need to login to mobile app once using TOTP and then enable biometric if you are using android and face id if you are using apple iphone. the next time you open the app, it will not even ask you to enter username or password.
  • JeetKumar
    I use my windows laptop to browse internet. Anyways I will try the code you have given in the last comment. Many thanks for those.
  • tickcrawler
Sign In or Register to comment.