1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

**** Please enable 2FA on your OcUK forum account ****

Discussion in 'General Discussion' started by Feek, 14 Oct 2021.

  1. chrcoluk

    Sgarrista

    Joined: 27 Feb 2015

    Posts: 8,400

    For me its realistically 30 secs to a minute.

    I have to look for phone, load up authy, then enter the code.

    I think most on here dont have an issue with 2FA, but having to redo it every 30 days will likely drop off activity, as I might be too busy to grab the phone to make that ocuk post, so would just browse as guest instead. Will see as I do like the ocuk community.

    Ironic that forums are implementing this but still no 2fa at my bank like they stuck in the stone age.
     
  2. Werewolf

    Commissario

    Joined: 17 Oct 2002

    Posts: 30,146

    Location: Panting like a fiend

    I wouldn't say grumpy but maybe a bit fed up of complaints over an attempt to protect users, we basically spent a good portion of Tuesday and Wednesday last week dealing with an issue that could easily have resulted in members losing quite large sums of money (fortunately it was spotted and dealt with quickly), and people are complaining that we're trying to prevent that from happening again, potentially without us noticing.

    I can understand that some people don't like 2FA, and I wouldn't mind only enabling it for people with MM access but it seems that it's all or nothing without making things more complicated (or much more time consuming for the admins).


    Can those who are having to repeatedly enter their 2FA codes let us know what browser you're using and if you've got any "privacy" add-ons?
    I know my younger brother has a hell of a time with some sites as he's got his browser locked down to fairly extreme levels (and has to play "guess what needs to be allowed" to get some working properly).
    My guess if you're having to repeatedly enter the code on the same browser without clearing cookies either there is something stopping the session being saved, or a tick box is not being ticked (such as the "trust this device for 30 days" ones).
     
  3. Werewolf

    Commissario

    Joined: 17 Oct 2002

    Posts: 30,146

    Location: Panting like a fiend

    Really?

    What bank so I can avoid them:)

    I've been using 2fa with barclays for ~10 years I think, and ironically one of the 2fa checks they do now when you purchase stuff is identical to one their subsidiary (barclaycard) trailed in around 99 or 01. I wish I'd kept the trial card reader but when i got a "pin sentry" one of the first things I did was stick my barclaycard in it and it worked the same.
     
  4. Pulseammo

    Wise Guy

    Joined: 10 Jan 2006

    Posts: 1,126

    Location: Glasgow

    I thought 2FA was a legal requirement now for banks since around last year iirc?
     
  5. Rainmaker

    Sgarrista

    Joined: 18 Aug 2007

    Posts: 9,041

    Location: Liverpool

    Christ, if this is a tech forum I cringe for the rest of the population!... It's really not hard. Tom Scott (video posted above by 5ub) is the man, watch it! :) No need for fiddly emails or mobile apps - get it on desktop or better yet in a browser based password manager that'll copy the 2FA code to the clipboard for you.

    To the person above who said it's a PITA/overkill for people like them on a desktop PC at home... You may be, but those who phished or cracked or traded your login won't be. They're probably a bot farm in Nuisancistan or something. They don't care where you log in, it's about stopping them!
     
  6. FBi7

    Wise Guy

    Joined: 19 Jun 2009

    Posts: 1,126

    Location: Central Scotland

    Wise words there, from sevenup :D (I can hear the ban hammer falling from here!)

    I can confirm my OCUK forum account is now 2FA'd.
     
  7. fiveub

    Commissario

    Joined: 12 Apr 2008

    Posts: 49,042

    Location: OcUK HQ

    You've 2FA'd so I'll let you off. ;)
     
  8. Bouton Aide

    Caporegime

    Joined: 9 Aug 2008

    Posts: 29,550

    A tech forum and people are crying about 2FA. I think OcUK should implement a 4FA.

    That will shift a few of the wingers. :D

    Password, retina scan, finger print and phone app auth.

    #bosh #putthatinyourpipeandsmokeit #awesome
     
  9. Em3bbs

    Soldato

    Joined: 26 Dec 2011

    Posts: 5,478

    Location: City of London

    Implementing 2FA is fine, but implementing it with a login token that expires after 30 days seems very abnormal, and I suspect will lead to a lot of members not bothering anymore. I'm not speaking about me personally, but from experience over the years working on things where people have been accidentally logged out of places with much more rich/engaging content than here and where they were logged out just once, not every 30 days. I hope you find a way to implement 2FA properly.
     
  10. chrcoluk

    Sgarrista

    Joined: 27 Feb 2015

    Posts: 8,400

    Lloyds. Also no virtual disposable cards. Unless you consider requiring two passwords together as 2fa.

    I am using revolut now as well, and the approach to security is night and day, I have a virtual card to use on risky sites (probably most of internet), the number of the card and date expiry changes after every use, and it has 2fa login as well.
     
  11. Bouton Aide

    Caporegime

    Joined: 9 Aug 2008

    Posts: 29,550

    It's once every 30 days man! :cry:
     
  12. chrcoluk

    Sgarrista

    Joined: 27 Feb 2015

    Posts: 8,400

    I think if a new browser or isp is detected would be the way to retrigger 2FA instead of a lazy expiry. I expect this is out of OCUK's hands though, they likely using a feature in the forum and didnt code it themselves.
     
  13. Maccy

    Commissario

    Joined: 23 Nov 2004

    Posts: 38,950

    Location: Herts

    It has been implemented properly?!
     
  14. Angilion

    Man of Honour

    Joined: 5 Dec 2003

    Posts: 19,895

    Location: Just to the left of my PC

    I have to log in every time I want to use the forums and every time I haven't done anything on the forums for more than a minute. Every 6 hours would be a huge improvement for me, especially since logging in to the forum now requires me to open two additional apps, log in to each, look through the junkmail and then enter the code.

    The constant claims that it's only entering a code once every 30 days are only true in some circumstances. The backup codes don't work either, so I can't simply enter the same code each time I log in or go AFK during each period of 30 days.

    Same here. Binning privacy and security settings for all sites in order to possibly increase security on these forums would obviously be a silly thing for me to do. Personally, I don't consider a few minor things to be fairly extreme levels, but I know that the fashion on privacy and security has changed a lot in the last ~10 years or so and nowadays caring at all is considered extreme.

    It's not the 2FA I'm complaining about. It's the repeated untrue statements about what it entails. If I had to enter one code every 30 days I wouldn't care.
     
    Last edited: 18 Oct 2021
  15. Quartz

    Capodecina

    Joined: 1 Apr 2014

    Posts: 14,097

    Location: Aberdeen

    Really? 30 days is the standard for the other forums I use.
     
  16. dLockers

    Sgarrista

    Joined: 21 Jan 2010

    Posts: 8,275

    Is there anyway you can hand in 2 of the 3 devices to get a net 90 day login? Asking for a friend
     
  17. dLockers

    Sgarrista

    Joined: 21 Jan 2010

    Posts: 8,275

    You 'promiscuous women'
     
  18. Rroff

    Man of Honour

    Joined: 13 Oct 2006

    Posts: 78,358

    Bit of a pain when you access the forums from like 5-6 different devices. Most places either auth a set device for life or much longer than 30 days.
     
  19. Bouton Aide

    Caporegime

    Joined: 9 Aug 2008

    Posts: 29,550

    Are you clearing your cookies?
     
  20. jaybee

    Soldato

    Joined: 10 Jul 2008

    Posts: 5,721

    I believe this took me under 30 seconds to setup. What a bunch of moaners.