**** Please enable 2FA on your OcUK forum account ****
- Thread starter Feek
- Start date
Caporegime
What MFA app was it? If you used Authy then you could have logged into a PC with it and then also restore on a new mobile if you can no longer get into your current mobile.
MFA on here can be reset yeh, same way you set it up.
Commissario
I believe that you can go into your account and disable MFA then re-enable it. If you have an issue doing that, please start a thread in FCD and we’ll help you through it.
Associate
- Joined
- 6 Jul 2010
- Posts
- 1,160
What App or Apps would you recommend to 2SV?We've had a handful of instances over the last few days where forum members have had their accounts compromised.
I must stress that there has been no data breach at OcUK but if someone gets into your email, it's then relatively straightforward for them to access your OcUK account.
It should also go without saying that the password you use for OcUK should be unique. You should not reuse the same password for anything on the internet, it's an invitation for disaster.
We strongly encourage you to enable two factor authentication (2FA) on your OcUK forum account.
2FA is now compulsory for everyone who has been a member for six months and who has 1,000 posts. If you're not forced to enable it, we strongly encourage you to enable it anyway.
Click on your username in the top right, then select Two-Step Verification.
You'll be prompted to enter your password.
Then click to Enable Verification Code via App.
Thanks.
Thanks.
Soldato
Get a password manager with the ability to store OTP codes.
My belief on that being the best method is:
Based on the best thing you can do for account security is to have unique, long and random passwords - you should be using a password manager. I've come across some people who claim they remember all their unique passwords but I find that hard to believe unless you're not frequenting many sites or your passwords aren't unique enough.
So a password manager that can also generate OTP codes means only doing it through one app. I'm sure people will say storing your password and OTP passphrase together is insecure but your vault in encrypted regardless.
I personally use Bitwarden which is great because the OTP code gets inserted into my clipboard after logging into a service so the code is ready for me to paste in. OTP function for Bitwarden is a Premium Membership function though.
My belief on that being the best method is:
Based on the best thing you can do for account security is to have unique, long and random passwords - you should be using a password manager. I've come across some people who claim they remember all their unique passwords but I find that hard to believe unless you're not frequenting many sites or your passwords aren't unique enough.
So a password manager that can also generate OTP codes means only doing it through one app. I'm sure people will say storing your password and OTP passphrase together is insecure but your vault in encrypted regardless.
I personally use Bitwarden which is great because the OTP code gets inserted into my clipboard after logging into a service so the code is ready for me to paste in. OTP function for Bitwarden is a Premium Membership function though.
Associate
- Joined
- 6 Jul 2010
- Posts
- 1,160
Thanks for the advice
I'm currently using KeePass for my PC/Android passwords. I'm not sure if it has the OTP codes feature. But there are plugins available for it. So I'll check it out.
Are their any stand alone apps that you'd recommend?
Soldato
I believe Microsoft Authenticator is well received. Authy was also well regarded but looks like that's been changed to Twilio and doesn't have that great of a review score on Google Play.
Associate
- Joined
- 6 Jul 2010
- Posts
- 1,160
Thank you
Soldato
I seem to be having issues with the 2FA system. When i initially activated it i could login, then get sent the authentication code to my email then i put that into the section on the website and ensured that Keep Logged in and 30Days are enabled. It took several tries on my iphone as well as my PC but it worked. Then after the 30 days up it did the same and i had the same experience, have to do it multiple times before it actually will login and stay like that.
Today i cleared out the browser history on my phone and when i tried to get the 2FA authentication i am able to log in, get the code to my email, copy that and paste into the box and confirm then it just goes back to being logged out. I log back in then it wants me to do the 2FA authentication again but it does the same. I have tried this 5 times now but it still will not authenticate the 2FA.
Is this a common issue? Is there a way to get this sorted?
Today i cleared out the browser history on my phone and when i tried to get the 2FA authentication i am able to log in, get the code to my email, copy that and paste into the box and confirm then it just goes back to being logged out. I log back in then it wants me to do the 2FA authentication again but it does the same. I have tried this 5 times now but it still will not authenticate the 2FA.
Is this a common issue? Is there a way to get this sorted?
Which browser are you using on both devices?
Soldato
Safari on Iphone 11 on IOS 15.1
Edge on PC (Dont hate me)
Edge on PC (Dont hate me)
Private browsing mode enabled? Tried other browsers on both devices?
Soldato
Think i have found the issue. Recently when i updated IOS it came up with an option to hide ip address from websites and trackers (Settings/Safari/Hide IP Address) and that seems to have been working fine up until now. I have turned it off and it authenticated the 2FA first time. I have now re-enabled it and i am still logged in fine. It looks like that cant be enabled when using the 2FA but fine to enable once the 2FA has been authenticated. I will just have to remember to do that in 30 days 
It is possible that i didnt have the issue on Edge but was experiencing at the same time (When 2FA was first introduced) and i was misremembering.
I will just have to remember to do that in 30 days It is possible that i didnt have the issue on Edge but was experiencing at the same time (When 2FA was first introduced) and i was misremembering.
Caporegime
Well in theory it’s a VPN by Apple. So of course this is what’s going to happen as ocuk forums will think you are accessing it from a different device each time.
This is a good one to note. Problem is will people turn it off.
This could be bad.
This is a good one to note. Problem is will people turn it off.
This could be bad.
Associate
- Joined
- 4 Jul 2006
- Posts
- 1,073
Just got held hostage by this message so HAD to turn this on, if this is being forced why is there an option to disable it?
Not come across a company so far that has this actually working, I have had to disable it on multiple sites because codes are late, time out or just flat out dont come, I cant even do banking as it wont send codes 99% of the time and majority of the time the call me system fails as well.
Not come across a company so far that has this actually working, I have had to disable it on multiple sites because codes are late, time out or just flat out dont come, I cant even do banking as it wont send codes 99% of the time and majority of the time the call me system fails as well.
Last edited:
Associate
i use a password manager thwt tells me if a site supports mfa and i turn it on for every single one. i havenot been forced to enable it here but i have done so anyway. every soingle site with 2fa or mfa works perfecltly, 100% of the time.
if you are haveing so many problems perhaps the issue is your end rather than being that companyes donot have it working properly.
Associate
- Joined
- 4 Jul 2006
- Posts
- 1,073
I have tried it with ubisoft launcher, another retailer I cannot mention, my bank and none of them have worked properly when I needed it, I didnt realise til I done a search that it is required for 1,000+ posts
Sounds like you have flakey network signal for your phone.
I'd suggest an app like authy where you don't need to receive a message with the code. You just generate one on the fly.
Associate
- Joined
- 4 Jul 2006
- Posts
- 1,073
I sent myself a message from backup phone went through fine, tried calling it was fine every time. ubisoft was via email code and the other retailer had issues with the service for several hours and I don't know what went on with the bank.
I really don't like the idea of linking accounts to another app, trying to deal with the 2fa first hand is enough of an aggro.