**** Please enable 2FA on your OcUK forum account ****

Soldato
Joined
3 Oct 2009
Posts
19,832
Location
Wales
Why the push for 2FA if there has been no security breach? securing an email address is basic internet that most people have managed for 20+ years.

What with the COVID passports will people be able to do anything in the future without a mobile phone? hey guys link everything to your mobile phone so we can monitor all of your text messages and see all of your accounts and whenever you login. Bye bye privacy.

Chinese social credit system here we come.
My work use Google authenticator on our personal devices for a log in to the remote server. Recently had an issue where I couldn't charge my phone as it thought it had moisture in the charging port and was quickly running out of battery. Would have been a good way to get out of working.
 

Sho

Sho

Soldato
Joined
21 Sep 2006
Posts
4,755
Location
Oldham
Only gripe is the 30 days. If you can remove that or increase to 60/90 days will be much appreciated
 
Caporegime
Joined
9 Aug 2008
Posts
30,291
Location
127.0.0.1
My work use Google authenticator on our personal devices for a log in to the remote server. Recently had an issue where I couldn't charge my phone as it thought it had moisture in the charging port and was quickly running out of battery. Would have been a good way to get out of working.

Then there would be a backup way, i.e use another user.
 
Soldato
Joined
30 Jan 2009
Posts
16,877
Location
Aquilonem Londinensi
Nah I'll let the Russians have my account. I don't use creds here that I use elsewhere, the email is an old one I barely use and my authenticator is already chock full. How many have had their accounts compromised? A symptom of something more sinister?
 
Soldato
Joined
18 Feb 2007
Posts
11,211
Location
London
Microsoft Authenticator can be installed on a tablet as well. I have it installed on my iPad and my back up iPhone 6s.

Cool, didn't know you could have installed on multiple devices, I have it on my iPhone, if I install on my iPad is it easy to sync the one time codes?
 
Associate
Joined
13 Jun 2016
Posts
1,291
Location
UK
A good alternative to Google Authenticator is Aegis, open source and allows you to take encrypted backups of your 2FA details in case you lose your mobile device.

Personally I use KeepassXC :)
 
Commissario
Joined
23 Nov 2004
Posts
39,598
Location
Herts
For the record, it will be compulsory to have 2FA on for anyone who has MM access soon.
 
Caporegime
Joined
21 Nov 2005
Posts
37,223
Location
Cornwall
Left my previous place of employment last Feb and my manager immediately disabled 2FA on every site I had enabled it on because a handful of people complained it was too difficult to use and a massive inconvenience.

A year and a single phishing email later, some Russians walked on to their network and Hello Kitty ran riot which cost them their entire domain and over a million pounds.

I love 2FA/MFA and would expect every single person on a computer forum such as this to be using it.
 

Pho

Pho

Soldato
Joined
18 Oct 2002
Posts
9,275
Location
Derbyshire
That's why I wound up turning it off on this site. 30 days per device just became irritating.

This!

I love two factor. I use it pretty much everywhere I can, but I feel like I'm constantly getting nagged to sign into some service again because of the short expirations. And it's usually always when I've left my phone in another room.

My company has forced two factor for domain/email logins which is great. But they also disabled all biometric login options through group policy (fingerprint scanner, Windows hello face scan etc) so I now have a really weak windows/email password that I have to remember to login with quickly rather than a secure randomly generated one :rolleyes:
 
Soldato
Joined
8 Dec 2002
Posts
18,768
Location
North Yorkshire
Left my previous place of employment last Feb and my manager immediately disabled 2FA on every site I had enabled it on because a handful of people complained it was too difficult to use and a massive inconvenience.

A year and a single phishing email later, some Russians walked on to their network and Hello Kitty ran riot which cost them their entire domain and over a million pounds.

I love 2FA/MFA and would expect every single person on a computer forum such as this to be using it.

I hope you are feeling quite smug!:D I remember you mentioning that place was not the greatest!
 
Caporegime
Joined
21 Nov 2005
Posts
37,223
Location
Cornwall
I hope you are feeling quite smug!:D I remember you mentioning that place was not the greatest!
Loved the place, loved most of the staff and people I worked with but a single complaint from one user often led to management forcing policy changes on IT so I was just glad not to be there when it happened.

A lot of my former colleagues, who are also close friends, were run in to the ground churning our devices for almost two months straight. They were promised double time but had to fight for time and half when the original offer was removed after the work was complete.
 
Associate
Joined
21 Oct 2002
Posts
1,558
Location
South East England
Thank you for the heads up, enabled 2FA via an authenticator app now, but previously had 2FA via email setup.

Quick question - does it matter if both email and app authentication are enabled? Will the forums know to use the authenticator app first, or should I deactivate the email option?

Apologies it asked already, but couldn't see the question in the thread.

UPDATE: Just tried to login via a different browser (Edge) and it defaults to requesting the Authenticator App codes - with options for Email and Backup codes below. So I guess the question becomes whether the email option is an unnecessary option if using the app method, and you should only use one option + the backup codes?
 
Last edited:
Soldato
Joined
22 Oct 2002
Posts
7,384
Location
Near Cheltenham
This!

I love two factor. I use it pretty much everywhere I can, but I feel like I'm constantly getting nagged to sign into some service again because of the short expirations. And it's usually always when I've left my phone in another room.

My company has forced two factor for domain/email logins which is great. But they also disabled all biometric login options through group policy (fingerprint scanner, Windows hello face scan etc) so I now have a really weak windows/email password that I have to remember to login with quickly rather than a secure randomly generated one :rolleyes:

This is the issue, make things too complicated and it doesn't quite work out as planned.

I still store my OTP and creds in a password manager (for everything but critical banking etc), so one complex password and knowing my email for the password manager is all that is required, but I do find this removes any barrier to using 2FA where ever I can. Banking/Financial/Legal stuff I do not store the 2FA's together, they are separate.
 
Top Bottom