Can some one please help me! I am frustrated trying to log in to my Neo app. I have called Neo rep. I get run around. HELP Please!!!
I don’t see an option to enable e-mail based 2FA anywhere in the Neo Financial website, or in the app. Even when trying the “forgot password” option, it indicates it will send the temporary link to my e-mail address, not my registered phone number.
Hi @AgentSmith! Just wanted to clarify a few things. We don’t have e-mail based 2FA due to the security risks involved with that. However, we do support SMS based 2FA. It’s a more secure option, and we’re always looking into new ways to make authentication both easy and safe for everyone.
When you click on “forgot password”, a reset link will be sent to your email address, and for security, the one-time code will be sent by text message.
Please reach out to us if you have any further questions!
Hi @John_Iqiliq! Thanks for sharing your experience with us. We definitely don’t want our customers feeling this way, and we’d love to make things right for you. Sending you a DM to look into this further!
Why is m’y New phone number at beginning and
the old phone number to identify New device…can’t get m’y code
Hi @Anne-Marie_La_Salle! Thanks for reaching out! Could you please clarify the issue you are facing?
Are you looking to update your phone number on your Neo account?
Please let us know! We’re here to help!
I beg to differ on the position that email is less secure than SMS. Authentication to my own email account requires passing a conditional access policy that ensures the IP address is in Canada, as well as push based MFA. SMS however has been detailed and documented ad-infinitum as an insecure method which can be intercepted by knowledgeable individuals with access to SS7 in the the phone network, or by SIM swap attacks from social engineering of the mobile carriers technical support staff to switch your service to someone elses SIM card, where they can then receive your SMS messages.
It would be nice to see Neo employ modern multi-factor methods such as app based TOTP which do not require transmitting anything over the network (which is nice for those who are travelling out of the country), or ideally passkeys which are phishing resistant. Surprisingly unlike the main Neo site, this new forum site actually supports both of these. 
Hi @AgentSmith! Thanks for the detailed feedback - we appreciate it. We’ve got several authentication and security improvements on our road-map, and input like yours helps us shape what comes next.
I’ll share your thoughts with the team, and when we roll out new security features, we’ll be sure to keep you updated!
If you have any other questions or need anything else, just let us know. We’re here to help!