1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

**** Please enable 2FA on your OcUK forum account ****

Discussion in 'General Discussion' started by Feek, 14 Oct 2021.

  1. Feek

    Commissario

    Joined: 16 Oct 2002

    Posts: 234,246

    Location: In the radio shack

    We've had a handful of instances over the last few days where forum members have had their accounts compromised.

    I must stress that there has been no data breach at OcUK but if someone gets into your email, it's then relatively straightforward for them to access your OcUK account.

    It should also go without saying that the password you use for OcUK should be unique. You should not reuse the same password for anything on the internet, it's an invitation for disaster.

    We strongly encourage you to enable two factor authentication (2FA) on your OcUK forum account.

    2FA is now compulsory for everyone who has been a member for six months and who has 1,000 posts. If you're not forced to enable it, we strongly encourage you to enable it anyway.

    Click on your username in the top right, then select Two-Step Verification.

    You'll be prompted to enter your password.

    Then click to Enable Verification Code via App.

    [​IMG]

    Thanks.
     
  2. dLockers

    Sgarrista

    Joined: 21 Jan 2010

    Posts: 9,058

    Good post. Thanks Feek.
     
  3. Maccy

    Commissario

    Joined: 23 Nov 2004

    Posts: 39,129

    Location: Herts

    And have 2FA enabled on your emails too, otherwise the internet isn't for you.
     
  4. bayo000

    Soldato

    Joined: 28 Jan 2008

    Posts: 5,176

    Location: Manchester

    + anywhere else that supports it
     
  5. nine_tails

    Wise Guy

    Joined: 7 Mar 2015

    Posts: 1,005

    Enabled , thanks for heads up.
     
  6. Yaayuh!

    Capodecina

    Joined: 5 Nov 2010

    Posts: 22,020

    *thumbs up*
     
  7. Freakbro

    Capodecina

    Joined: 29 Jul 2010

    Posts: 20,440

    Location: Lincs

    Done.

    I recently started using the MS authenticator and there doesn't seem that much I can enable it on! I've got a plusnet email address and I don't think I can enable 2fa on that, unless anyone knows different?
     
  8. mrk

    Man of Honour

    Joined: 18 Oct 2002

    Posts: 89,440

    Location: South Coast

    What other services do you use? Your ISP email/account system probably doesn't have app based 2FA but they should have login verification surely?

    In my MS app I have 20 accounts in there with app based 2FA support, this ranges from Zoom to STEAM/Origin etc.
     
  9. Ekim

    Mobster

    Joined: 18 Oct 2002

    Posts: 2,911

    Location: London

    I've had it enabled for a while. Is there a way to stop it logging you out every 30 days to ask for a new code?
     
  10. mmj_uk

    Caporegime

    Joined: 26 Dec 2003

    Posts: 25,691

    Why the push for 2FA if there has been no security breach? securing an email address is basic internet that most people have managed for 20+ years.

    What with the COVID passports will people be able to do anything in the future without a mobile phone? hey guys link everything to your mobile phone so we can monitor all of your text messages and see all of your accounts and whenever you login. Bye bye privacy.

    Chinese social credit system here we come.
     
  11. Ree

    Wise Guy

    Joined: 22 Aug 2016

    Posts: 2,443

    That's a relief about no breach as that would've made the MM a minefield and I would've hated to see someone get scammed.
     
  12. VaderDSL

    Capodecina

    Joined: 18 Oct 2002

    Posts: 15,804

    Location: Manchester

    On here? A few people got phished I believe and the phished accounts immediately posted on members market trying to scam people.
     
  13. mrk

    Man of Honour

    Joined: 18 Oct 2002

    Posts: 89,440

    Location: South Coast

    Easy on the tinfoil hats folks....
     
  14. dLockers

    Sgarrista

    Joined: 21 Jan 2010

    Posts: 9,058

    Because passwords are inherently insecure.
     
  15. Freakbro

    Capodecina

    Joined: 29 Jul 2010

    Posts: 20,440

    Location: Lincs

    I've only managed to enable it on 4 (inc OCUK now) and thats MS, Amazon and Paypal - and I don't even really use Amazon and Paypal :p I'll go check Steam now.

    I'll check if plusnet has any login verification, but I think it's just email/password!

    Edit : Nope can't find any extra protection on Plusnet :-/
     
    Last edited: 14 Oct 2021
  16. peterwalkley

    Mobster

    Joined: 23 Feb 2009

    Posts: 4,108

    Location: South Wirral

    Don't say that ... muppets will start panic buying :D
     
  17. Feek

    Commissario

    Joined: 16 Oct 2002

    Posts: 234,246

    Location: In the radio shack

    Because we want to protect our members and the first thing that happened after these accounts were compromised was that they posted in MM trying to scam people.
     
  18. Azza

    Caporegime

    Joined: 6 Dec 2005

    Posts: 35,949

    Location: Birmingham

    Let me guess one of the accounts accessed was @robfosters ?
     
  19. Freakbro

    Capodecina

    Joined: 29 Jul 2010

    Posts: 20,440

    Location: Lincs

    Just spoke to Plusnet and nope they have no extra security on their email account! The woman said "That's why you need a really secure password" but when I pointed out no-one really brute forces a password, they are gained by phising/logging etc so it doesn't matter how complicated it is, she just agreed and the conversation tailed off into silence....
     
  20. dLockers

    Sgarrista

    Joined: 21 Jan 2010

    Posts: 9,058

    What were you expecting the dear in the call centre to do about your whinge? :confused: Did you feel good 'out knowledging' a call center assistant?

    Vote with your wallet or GTFO.

    Edit: also, who uses their ISP email in 2021?