Please ask your friend to setup a second throwaway account and start a thread in FCD asking for help. We’ll have to ask some questions to verify he’s the owner and we’ll get it sorted. The throwaway account will then be disabled.
**** Please enable 2FA on your OcUK forum account ****
- Thread starter Feek
- Start date
Underboss
:thumbs up:
Underboss
just took me ages logging in
got the code, then it said "error, could not verify"
it was asking for my username and password
i rebooted my PC after 6 goes, then i came to the forums again via a bookmark , this time it did not ask me for username and password, it went straight to "sent you an email with code" which worked
how odd
got the code, then it said "error, could not verify"
it was asking for my username and password
i rebooted my PC after 6 goes, then i came to the forums again via a bookmark , this time it did not ask me for username and password, it went straight to "sent you an email with code" which worked
how odd
Soldato
Is it just me or is the forum dying a death since this policy was brought in? Motors forum with week old threads on the front page which is unheard of, and lots of regular posters gone. I'd love to see the stats of monthly unique users.
Soldato
Thought that myself recently, I know of a few people that have gotten sick of having to login using 2FA all the time, not sure why it needs to expire monthly, and as mentioned by ShiWarrior above there seems to be an issue with 2FA recently.
Could have been worse. Not that long ago overclock.net had the main domain directing you to a full page captcha even when not signed in. This went on for a few months until they decided to change it.
Soldato
It is a bit of a pain when you are using a mixture of mobile, tablet, laptop and desktop devices and have multiple browsers logged in and not always the appropriate authentication method readily available - most other sites have at least 90 days or even don't ask for re-verification on the same device/browser for a very long time.
Soldato
Is it?
I mean...you can save a text file with backup codes on those devices, no? So anything that doesn't have your forum-registered email address or an authenticator app on can use those.
Soldato
Christ, it's not as if they take much work to generate new ones (one click to tick a box, another to confirm regeneration). It gives you ten codes at a time, let's say a couple of your "around half a dozen" devices need to log in that way for whatever reason:
- 0 days - codes 1&2
- 30 days - codes 3&4
- 60 days - codes 5&6
- 90 days - codes 7&8
- 120 days - codes 9&10
- then regenerate
Christ, it's not as if they take much work to generate new ones (one click to tick a box, another to confirm regeneration). It gives you ten codes at a time, let's say a couple of your "around half a dozen" devices need to log in that way for whatever reason:
If that's genuinely too onerous a task for you then maybe it's time to give up on computers
- 0 days - codes 1&2
- 30 days - codes 3&4
- 60 days - codes 5&6
- 90 days - codes 7&8
- 120 days - codes 9&10
- then regenerate
When you generate new codes all previous ones are invalid so you have to make sure all devices have the latest ones, etc. and stay on top of which set is the latest and means you can't just print out some backup codes and stick them in a safe, etc. just in case and so on.
I think you'd probably change your tune if actually doing this.
EDIT: Additionally it isn't just the OcUK forums, though pretty much all other sites/apps have much longer periods between verification - when you are dealing with it generally over lots of stuff it all adds up - something a lot of software developers, etc. don't seem to think of or don't care about.
Soldato
It's fine saying stuff like this, but if you've ever worked anywhere near UX design for websites or apps, you would know that a lot of people are indeed lazy and won't bother coming back if you log them out of something. We're still here obviously, but it's definitely a pain to keep logging in, especially as the email address I use here isn't my usual gmail address but a burner one, so I have to go and log into that.If that's genuinely too onerous a task for you then maybe it's time to give up on computers
Commissario
Keep a copy of the backup codes somewhere safeNot read the full thread but thank you for the heads up to add 2FA.
Hopefully it won't come back to burn me when I change phones
Use an authenticator app then all you need is to enter the code it generates, no need to go near your email.
Soldato
This. I use Authy as if you get a new phone you can just install it on that and all your codes are just there.
Soldato
"You're holding it wrong!".
As I said earlier, anyone with any basic app/web UX experience would know what adding something like this would do to the forum, and we're seeing it happen. Nobody on earth is going to install an authenticator to access a niche web forum.
Last edited:
Commissario
It's only needed once you've reached the criteria for MM access, that's 6 months and 1000 posts.
It was either that or we shut down MM. as there was no way we could limit it to only people who had MM access that we could find and impliment.