**** Please enable 2FA on your OcUK forum account ****

Associate
Joined
6 Jul 2010
Posts
1,182
We've had a handful of instances over the last few days where forum members have had their accounts compromised.

I must stress that there has been no data breach at OcUK but if someone gets into your email, it's then relatively straightforward for them to access your OcUK account.

It should also go without saying that the password you use for OcUK should be unique. You should not reuse the same password for anything on the internet, it's an invitation for disaster.

We strongly encourage you to enable two factor authentication (2FA) on your OcUK forum account.

2FA is now compulsory for everyone who has been a member for six months and who has 1,000 posts. If you're not forced to enable it, we strongly encourage you to enable it anyway.

Click on your username in the top right, then select Two-Step Verification.

You'll be prompted to enter your password.

Then click to Enable Verification Code via App.

XXUrhPa.png

Thanks.
What App or Apps would you recommend to 2SV?

Thanks.
 
Soldato
Joined
2 Aug 2004
Posts
7,883
Location
Buckinghamshire
Get a password manager with the ability to store OTP codes.

My belief on that being the best method is:
Based on the best thing you can do for account security is to have unique, long and random passwords - you should be using a password manager. I've come across some people who claim they remember all their unique passwords but I find that hard to believe unless you're not frequenting many sites or your passwords aren't unique enough.

So a password manager that can also generate OTP codes means only doing it through one app. I'm sure people will say storing your password and OTP passphrase together is insecure but your vault in encrypted regardless.

I personally use Bitwarden which is great because the OTP code gets inserted into my clipboard after logging into a service so the code is ready for me to paste in. OTP function for Bitwarden is a Premium Membership function though.
 
Associate
Joined
6 Jul 2010
Posts
1,182
Get a password manager with the ability to store OTP codes.

My belief on that being the best method is:
Based on the best thing you can do for account security is to have unique, long and random passwords - you should be using a password manager. I've come across some people who claim they remember all their unique passwords but I find that hard to believe unless you're not frequenting many sites or your passwords aren't unique enough.

So a password manager that can also generate OTP codes means only doing it through one app. I'm sure people will say storing your password and OTP passphrase together is insecure but your vault in encrypted regardless.

I personally use Bitwarden which is great because the OTP code gets inserted into my clipboard after logging into a service so the code is ready for me to paste in. OTP function for Bitwarden is a Premium Membership function though.
Thanks for the advice :)
I'm currently using KeePass for my PC/Android passwords. I'm not sure if it has the OTP codes feature. But there are plugins available for it. So I'll check it out.

Are their any stand alone apps that you'd recommend?
 
Soldato
Joined
2 Aug 2004
Posts
7,883
Location
Buckinghamshire
I believe Microsoft Authenticator is well received. Authy was also well regarded but looks like that's been changed to Twilio and doesn't have that great of a review score on Google Play.
 
Soldato
Joined
20 Oct 2002
Posts
11,245
Location
Derby
I seem to be having issues with the 2FA system. When i initially activated it i could login, then get sent the authentication code to my email then i put that into the section on the website and ensured that Keep Logged in and 30Days are enabled. It took several tries on my iphone as well as my PC but it worked. Then after the 30 days up it did the same and i had the same experience, have to do it multiple times before it actually will login and stay like that.

Today i cleared out the browser history on my phone and when i tried to get the 2FA authentication i am able to log in, get the code to my email, copy that and paste into the box and confirm then it just goes back to being logged out. I log back in then it wants me to do the 2FA authentication again but it does the same. I have tried this 5 times now but it still will not authenticate the 2FA.

Is this a common issue? Is there a way to get this sorted?
 
Commissario
Joined
23 Nov 2004
Posts
41,851
Location
Herts
I seem to be having issues with the 2FA system. When i initially activated it i could login, then get sent the authentication code to my email then i put that into the section on the website and ensured that Keep Logged in and 30Days are enabled. It took several tries on my iphone as well as my PC but it worked. Then after the 30 days up it did the same and i had the same experience, have to do it multiple times before it actually will login and stay like that.

Today i cleared out the browser history on my phone and when i tried to get the 2FA authentication i am able to log in, get the code to my email, copy that and paste into the box and confirm then it just goes back to being logged out. I log back in then it wants me to do the 2FA authentication again but it does the same. I have tried this 5 times now but it still will not authenticate the 2FA.

Is this a common issue? Is there a way to get this sorted?
Which browser are you using on both devices?
 
Soldato
Joined
20 Oct 2002
Posts
11,245
Location
Derby
Think i have found the issue. Recently when i updated IOS it came up with an option to hide ip address from websites and trackers (Settings/Safari/Hide IP Address) and that seems to have been working fine up until now. I have turned it off and it authenticated the 2FA first time. I have now re-enabled it and i am still logged in fine. It looks like that cant be enabled when using the 2FA but fine to enable once the 2FA has been authenticated. :) I will just have to remember to do that in 30 days :cry:

It is possible that i didnt have the issue on Edge but was experiencing at the same time (When 2FA was first introduced) and i was misremembering.
 
Permabanned
Joined
9 Aug 2008
Posts
35,707
Well in theory it’s a VPN by Apple. So of course this is what’s going to happen as ocuk forums will think you are accessing it from a different device each time.

This is a good one to note. Problem is will people turn it off.

This could be bad.
 
Associate
Joined
4 Jul 2006
Posts
1,744
Just got held hostage by this message so HAD to turn this on, if this is being forced why is there an option to disable it?

Not come across a company so far that has this actually working, I have had to disable it on multiple sites because codes are late, time out or just flat out dont come, I cant even do banking as it wont send codes 99% of the time and majority of the time the call me system fails as well.
 
Last edited:
Associate
Joined
4 Jul 2006
Posts
1,744
i use a password manager thwt tells me if a site supports mfa and i turn it on for every single one. i havenot been forced to enable it here but i have done so anyway. every soingle site with 2fa or mfa works perfecltly, 100% of the time.

if you are haveing so many problems perhaps the issue is your end rather than being that companyes donot have it working properly.

I have tried it with ubisoft launcher, another retailer I cannot mention, my bank and none of them have worked properly when I needed it, I didnt realise til I done a search that it is required for 1,000+ posts
 
Soldato
Joined
5 Mar 2010
Posts
12,305
Just got held hostage by this message so HAD to turn this on, if this is being forced why is there an option to disable it?

Not come across a company so far that has this actually working, I have had to disable it on multiple sites because codes are late, time out or just flat out dont come, I cant even do banking as it wont send codes 99% of the time and majority of the time the call me system fails as well.

Sounds like you have flakey network signal for your phone.

I'd suggest an app like authy where you don't need to receive a message with the code. You just generate one on the fly.
 
Associate
Joined
4 Jul 2006
Posts
1,744
Sounds like you have flakey network signal for your phone.

I'd suggest an app like authy where you don't need to receive a message with the code. You just generate one on the fly.
I sent myself a message from backup phone went through fine, tried calling it was fine every time. ubisoft was via email code and the other retailer had issues with the service for several hours and I don't know what went on with the bank.

I really don't like the idea of linking accounts to another app, trying to deal with the 2fa first hand is enough of an aggro.
 
Back
Top Bottom