Wh
Oh cos it's fun to see a few mods get uppity.
None of them are uppity though? Have you had a bump to the head recently? Everything ok at home?
**** Please enable 2FA on your OcUK forum account ****
- Thread starter Feek
- Start date
None of them are uppity though? Have you had a bump to the head recently? Everything ok at home?
Don
Indeed working fine and staying logged in for 30 days on the 3 devices I use.
For me its realistically 30 secs to a minute.
I have to look for phone, load up authy, then enter the code.
I think most on here dont have an issue with 2FA, but having to redo it every 30 days will likely drop off activity, as I might be too busy to grab the phone to make that ocuk post, so would just browse as guest instead. Will see as I do like the ocuk community.
Ironic that forums are implementing this but still no 2fa at my bank like they stuck in the stone age.
Commissario
I wouldn't say grumpy but maybe a bit fed up of complaints over an attempt to protect users, we basically spent a good portion of Tuesday and Wednesday last week dealing with an issue that could easily have resulted in members losing quite large sums of money (fortunately it was spotted and dealt with quickly), and people are complaining that we're trying to prevent that from happening again, potentially without us noticing.Wow, mods are very grumpy tonight.
I can understand that some people don't like 2FA, and I wouldn't mind only enabling it for people with MM access but it seems that it's all or nothing without making things more complicated (or much more time consuming for the admins).
Can those who are having to repeatedly enter their 2FA codes let us know what browser you're using and if you've got any "privacy" add-ons?
I know my younger brother has a hell of a time with some sites as he's got his browser locked down to fairly extreme levels (and has to play "guess what needs to be allowed" to get some working properly).
My guess if you're having to repeatedly enter the code on the same browser without clearing cookies either there is something stopping the session being saved, or a tick box is not being ticked (such as the "trust this device for 30 days" ones).
Commissario
Really?
What bank so I can avoid them
I've been using 2fa with barclays for ~10 years I think, and ironically one of the 2fa checks they do now when you purchase stuff is identical to one their subsidiary (barclaycard) trailed in around 99 or 01. I wish I'd kept the trial card reader but when i got a "pin sentry" one of the first things I did was stick my barclaycard in it and it worked the same.
Christ, if this is a tech forum I cringe for the rest of the population!... It's really not hard. Tom Scott (video posted above by 5ub) is the man, watch it! No need for fiddly emails or mobile apps - get it on desktop or better yet in a browser based password manager that'll copy the 2FA code to the clipboard for you.
To the person above who said it's a PITA/overkill for people like them on a desktop PC at home... You may be, but those who phished or cracked or traded your login won't be. They're probably a bot farm in Nuisancistan or something. They don't care where you log in, it's about stopping them!
No need for fiddly emails or mobile apps - get it on desktop or better yet in a browser based password manager that'll copy the 2FA code to the clipboard for you. To the person above who said it's a PITA/overkill for people like them on a desktop PC at home... You may be, but those who phished or cracked or traded your login won't be. They're probably a bot farm in Nuisancistan or something. They don't care where you log in, it's about stopping them!
Associate
Wise words there, from sevenup
(I can hear the ban hammer falling from here!)I can confirm my OCUK forum account is now 2FA'd.
Wise words there, from sevenup
I can confirm my OCUK forum account is now 2FA'd.
You've 2FA'd so I'll let you off.
Permabanned
- Joined
- 9 Aug 2008
- Posts
- 35,707
A tech forum and people are crying about 2FA. I think OcUK should implement a 4FA.
That will shift a few of the wingers.
Password, retina scan, finger print and phone app auth.
#bosh #putthatinyourpipeandsmokeit #awesome
That will shift a few of the wingers.
Password, retina scan, finger print and phone app auth.
#bosh #putthatinyourpipeandsmokeit #awesome
Soldato
Implementing 2FA is fine, but implementing it with a login token that expires after 30 days seems very abnormal, and I suspect will lead to a lot of members not bothering anymore. I'm not speaking about me personally, but from experience over the years working on things where people have been accidentally logged out of places with much more rich/engaging content than here and where they were logged out just once, not every 30 days. I hope you find a way to implement 2FA properly.
Really?
What bank so I can avoid them
I've been using 2fa with barclays for ~10 years I think, and ironically one of the 2fa checks they do now when you purchase stuff is identical to one their subsidiary (barclaycard) trailed in around 99 or 01. I wish I'd kept the trial card reader but when i got a "pin sentry" one of the first things I did was stick my barclaycard in it and it worked the same.
Lloyds. Also no virtual disposable cards. Unless you consider requiring two passwords together as 2fa.
I am using revolut now as well, and the approach to security is night and day, I have a virtual card to use on risky sites (probably most of internet), the number of the card and date expiry changes after every use, and it has 2fa login as well.
Permabanned
- Joined
- 9 Aug 2008
- Posts
- 35,707
I think if a new browser or isp is detected would be the way to retrigger 2FA instead of a lazy expiry. I expect this is out of OCUK's hands though, they likely using a feature in the forum and didnt code it themselves.
It has been implemented properly?!
Man of Honour
I think it should be re-log in every 6 hours.
I have to log in every time I want to use the forums and every time I haven't done anything on the forums for more than a minute. Every 6 hours would be a huge improvement for me, especially since logging in to the forum now requires me to open two additional apps, log in to each, look through the junkmail and then enter the code.
The constant claims that it's only entering a code once every 30 days are only true in some circumstances. The backup codes don't work either, so I can't simply enter the same code each time I log in or go AFK during each period of 30 days.
Same here. Binning privacy and security settings for all sites in order to possibly increase security on these forums would obviously be a silly thing for me to do. Personally, I don't consider a few minor things to be fairly extreme levels, but I know that the fashion on privacy and security has changed a lot in the last ~10 years or so and nowadays caring at all is considered extreme.
It's not the 2FA I'm complaining about. It's the repeated untrue statements about what it entails. If I had to enter one code every 30 days I wouldn't care.
Last edited:
Really? 30 days is the standard for the other forums I use.
Is there anyway you can hand in 2 of the 3 devices to get a net 90 day login? Asking for a friend
You 'promiscuous women'
Bit of a pain when you access the forums from like 5-6 different devices. Most places either auth a set device for life or much longer than 30 days.