**** Please enable 2FA on your OcUK forum account ****

Commissario
Joined
17 Oct 2002
Posts
32,996
Location
Panting like a fiend
I feel your pain, I couldn’t scan the QR code no matter what I did and I’m reasonably computer savvy.
Neither could my wife, the brains of the outfit, and she’s endowed with bucket loads of common sense.
I wrote the two lots of three number codes in and it allowed me to log on, but I can imagine deleting them by accident and being unable to log on, even though I’ve entered the back up codes in NOTES.
So if you no longer get anything from me, it isn’t because I don’t like you, I’ll be outside with my nose pressed against the windows, wondering what I did wrong, or didn’t do right.
Still, I’ll be no loss, as an American ex often said, “This is Jean-François, he marches to the beat of a different drum!”
Where you scanning the code from within an authenticator app?

I made a similar error on Friday night when I hadn't cottoned on that i needed to install a specific app to use a barcode to order some food.
 
Commissario
OP
Joined
16 Oct 2002
Posts
2,646
Location
In the radio shack
Fine if you only look at forums on one device but what if you do it on several, pain in the bum and badly communicated.
Then you enter a code on each device, once every thirty days. Hardly a pain in the bum.

As for badly communicated, there's this thread, there was a forum wide notice pointing towards this thread and there's a notice that links you directly to the page to enable 2FA. What do you want us to do, send someone out to do it for you? :rolleyes:

I made a similar error on Friday night when I hadn't cottoned on that i needed to install a specific app to use a barcode to order some food.
I gave up and went to the bar! Table 202, big burger, large G&T, thank you very much :D
 
Soldato
Joined
18 Oct 2002
Posts
9,158
Then you enter a code on each device, once every thirty days. Hardly a pain in the bum.

As for badly communicated, there's this thread, there was a forum wide notice pointing towards this thread and there's a notice that links you directly to the page to enable 2FA. What do you want us to do, send someone out to do it for you? :rolleyes:
I think the point was that it went from "strongly encourage" to "your access will stop" without much notice.

2FA is a proper pain in the bum, but needed I guess.
 
OcUK Staff
Joined
12 Apr 2008
Posts
49,283
Location
OcUK HQ
No one likes additional effort to log into accounts, but also no one likes their accounts being compromised too. For us, it was important to implement it to add an additional layer of security, especially due to several accounts recently being compromised, it just makes sense.
 
Soldato
Joined
5 Apr 2009
Posts
24,796
I think the point was that it went from "strongly encourage" to "your access will stop" without much notice.

It was a bit jarring to just suddenly be kicked out mid way through reading a thread.

A "we'll be making this mandatory in a day or two" type message wouldn't have gone amiss :p
 
Man of Honour
Joined
14 Apr 2017
Posts
3,511
Location
London
Where you scanning the code from within an authenticator app?

I made a similar error on Friday night when I hadn't cottoned on that i needed to install a specific app to use a barcode to order some food.

I think so, I downloaded an app from the App Store which said that it was for 2FA and followed the prompts, initially entering my overclockers password, which eventually took me to the QR code.
Obviously I’m still able to post at the moment, but if I logged off it would maybe be lights out for me, I don’t know.
Perhaps if it all goes south I’ll dream up a new persona and try to get back on Pistonheads or Digital Spy!
 
Soldato
Joined
18 Oct 2002
Posts
9,158
It was a bit jarring to just suddenly be kicked out mid way through reading a thread.

A "we'll be making this mandatory in a day or two" type message wouldn't have gone amiss :p
Exactly. That's where the communication failed a bit IMO.

No biggy though, just a bit frustrating to have to log in every month.

Even the feedback about being communicated badly, wasn't handled particularly well :p
 
OcUK Staff
Joined
12 Apr 2008
Posts
49,283
Location
OcUK HQ
To be fair, waiting to implement a security feature by announcing it days ahead sounds not so secure. Surely it makes sense to implement something like this as soon as possible, announced or not. :p
 
Soldato
Joined
5 Apr 2009
Posts
24,796
To be fair, waiting to implement a security feature by announcing it days ahead sounds not so secure. Surely it makes sense to implement something like this as soon as possible, announced or not. :p

In which case, why mess about with a message asking nicely to do it as if it's optional for a few days? Just get on with it if it's so super critical that delaying it is insecure :p
 
OcUK Staff
Joined
12 Apr 2008
Posts
49,283
Location
OcUK HQ
In which case, why mess about with a message asking nicely to do it as if it's optional for a few days? Just get on with it if it's so super critical that delaying it is insecure :p

Because some accounts were compromised that day, and it was quicker to kindly ask yourselves to enable 2FA if you want your account secured, whilst we tested and enabled it across the forum.
 
Man of Honour
Joined
5 Dec 2003
Posts
20,997
Location
Just to the left of my PC
[..] 2FA is hardly an inconvenience. It takes a few seconds to set up and requires entering a code once a month.

That's not necessarily true.

I have enter a one time code every time I log in, even if it's been 30 seconds since the last time I logged in. I just tested that to check. I have to log into two apps (email bridge, email client) and look through my email spam folder(*) to find the code, then enter it. Not just "entering a code once per month".

Of course, I could remove security and privacy measures that work for everything in order to comply. But that makes no sense in order to possibly improve security on one forum.



* OcUK forums won't allow alerts within the forums only, so the choice is no alerts at all or an email every time anyone posts in any thread I have ever posted in. Which spams my email address, so I added OcUK forums to the spam list. And yes, I have unticked the email alert box. It makes no difference.
 
Soldato
Joined
5 Apr 2009
Posts
24,796
Because some accounts were compromised that day, and it was quicker to kindly ask yourselves to enable 2FA if you want your account secured, whilst we tested and enabled it across the forum.

So it wouldn't really have been 'not so secure' to simply say "please do this now, soon it will be made mandatory" really would it? :p
 
Man of Honour
Joined
5 Dec 2003
Posts
20,997
Location
Just to the left of my PC
On a related note, can I use a Yubikey to comply with the new 2FA requirements here? I've been idly thinking about getting one recently. It would be less bother and more secure than having to open two apps to read my email, look through the spam for OcUK's code and enter it, every time I log into these forums.
 
Soldato
Joined
26 Dec 2011
Posts
5,830
Location
City of London
The lack of communication about when users will have to enable 2FA was a bit amateur, along with deleting a post without acknowledging that you've taken note of the massive security flaw found in the 2FA process, but it's an internet forum not a business I guess. It does however make me a bit worried that there is more to this all than meets the eye.
 
Last edited:
Commissario
Joined
17 Oct 2002
Posts
32,996
Location
Panting like a fiend
I gave up and went to the bar! Table 202, big burger, large G&T, thank you very much :D
You were more with it than I was.

Although to be honest I did start the day having a shave, thinking it hadn't done much, having another shave and only realising I hadn't taken the cover off the razer as I was putting it away (cue another shave, this time without the cover), and I believe you found the hotel bar without leaving the hotel :p
 
Back
Top Bottom