**** Please enable 2FA on your OcUK forum account ****

[Feek]

We've had a handful of instances over the last few days where forum members have had their accounts compromised.

I must stress that there has been no data breach at OcUK but if someone gets into your email, it's then relatively straightforward for them to access your OcUK account.

It should also go without saying that the password you use for OcUK should be unique. You should not reuse the same password for anything on the internet, it's an invitation for disaster.

We strongly encourage you to enable two factor authentication (2FA) on your OcUK forum account.

2FA is now compulsory for everyone who has been a member for six months and who has 1,000 posts. If you're not forced to enable it, we strongly encourage you to enable it anyway.

Click on your username in the top right, then select Two-Step Verification.

You'll be prompted to enter your password.

Then click to Enable Verification Code via App.



Thanks.

 

[Feek]

Why the push for 2FA if there has been no security breach? securing an email address is basic internet that most people have managed for 20+ years.

Because we want to protect our members and the first thing that happened after these accounts were compromised was that they posted in MM trying to scam people.

 

[Feek]

Any chance of giving people the option to sign in with Google or Microsoft accounts so that the auth workflow is handled by those companies and all the systems they have in place?

That's not even under consideration at the moment, no.

 

[Feek]

Just done thanks, how long has 2FA been on here?

Since we moved to Xenforo so over four years!

 

[Feek]

How can i change my email please?

You should be able to go into your account and change your email address first. Then when that’s done, enable 2FA. If you have problems, start a thread in FCD and we’ll do it for you.

 

[Feek]

How can i change my email please?

https://forums.overclockers.co.uk/account/contact-details

No.

/edit - Forgive me, I misread the link.

Yes.

 

[Feek]

?

I misread the link, sorry.

 

[Feek]

Nah I'll let the Russians have my account.

It's been nice knowing you.

and my authenticator is already chock full

Authenticators have a limit?

How many have had their accounts compromised?

Even one is one too many.

 

[Feek]

That's why I wound up turning it off on this site. 30 days per device just became irritating.

Ten seconds once a month per device is irritating?

 

[Feek]

Umm it's asked for my QR code again, this is the second time in a week! Already set to 60 days, and no I haven't changed IP or phone device

You should only be asked for your six digit numeric code every 30 days. If you're being prompted more often then you're doing something with cookies.

 

[Feek]

I suppose MM is creating an exception though.

Where peoples money is involved, we take matters seriously. There have been a handful of 'compromised' accounts recently (not just those referred to in this thread) where people have reused passwords and there have been fake threads created in the MM. Fortunately, each instance has been quite obvious and nobody has been caught out.

The last thing we want is for anyone to have any second thoughts about buying in the MM, it needs to be as safe as possible.

Would avoid inconveniencing users unnecessarily.

2FA is hardly an inconvenience. It takes a few seconds to set up and requires entering a code once a month.

 

[Feek]

Does everyone need 2FA or it just those with MM access?

Anyone who has been a member for longer than six months and has made more than 1,000 posts.

 

[Feek]

Fine if you only look at forums on one device but what if you do it on several, pain in the bum and badly communicated.

Then you enter a code on each device, once every thirty days. Hardly a pain in the bum.

As for badly communicated, there's this thread, there was a forum wide notice pointing towards this thread and there's a notice that links you directly to the page to enable 2FA. What do you want us to do, send someone out to do it for you?

I made a similar error on Friday night when I hadn't cottoned on that i needed to install a specific app to use a barcode to order some food.

I gave up and went to the bar! Table 202, big burger, large G&T, thank you very much

 

[Feek]

On a related topic, are things like GMail or Outlook emails permitted for forum registration emails now?

Yes, they have been for years.

 

[Feek]

Time wise could have banked 100 2fa log in’s rather than moaning

That's the fantastic irony of it. Spend longer whinging that something takes a few seconds once a month than it actually takes to enter the codes for the next year.

 

[Feek]

Lloyds.

from the Lloyds website:

“When you bank online, we use two-factor authentication (2FA) to make sure it’s you. This makes it harder for someone to get into your account, even if they guess your password.”

 

[Feek]

Already had to redo the 2FA.

Make sure the box is ticked to stay logged in and don't block cookies or keep clearing them.

The mods and OcUK staff have been using 2FA for a very long time, it works perfectly well. The only reason it will keep asking for authentication is if you're blocking the cookies or haven't ticked the box to stay logged in.

 

[Feek]

Time is costly and doing 2FA multiple times a day does reduce productivity.

Don't keep logging out then.

 

[Feek]

Personally I don't think it goes far enough, I think we should expire passwords every six months.

 

[Feek]

I'm sure you guys already thought about it but could you not make 2FA just a requirement of the MM access?

This has been asked and answered multiple times in the thread so I'll just confirm that we have considered this and no, it's not possible.