1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

**** Please enable 2FA on your OcUK forum account ****

Discussion in 'General Discussion' started by Feek, 14 Oct 2021.

  1. ubersonic

    Capodecina

    Joined: 26 May 2009

    Posts: 21,142

    Logged in today and it forced me to enable 2FA, is this a bug or intentional? If a bug is there any way to disable it once it's enabled? Thanks.
     
  2. Maccapacca

    Don

    Joined: 13 Apr 2010

    Posts: 18,035

    Location: Sunny Sussex

    It's intentional :)
     
  3. Maccy

    Commissario

    Joined: 23 Nov 2004

    Posts: 38,950

    Location: Herts

    Nope, if you disable it then you won't be able to use the forums.
     
  4. ubersonic

    Capodecina

    Joined: 26 May 2009

    Posts: 21,142

    /sigh

    The spread of this 2FA plague is really becoming a major annoyance >.>

    *EDIT*

    Instead of disabling users forum account how about setting the opt out to disable users MM access? Would avoid inconveniencing users unnecessarily.
     
  5. andy_mk3

    Capodecina

    Joined: 5 Oct 2009

    Posts: 11,537

    Location: Lincolnshire

    Not sure how 2FA can be called a plague. It's a little less convenient, sure. But the security advantage is large.
     
  6. Werewolf

    Commissario

    Joined: 17 Oct 2002

    Posts: 30,146

    Location: Panting like a fiend

    Unfortunately it doesn't look like we can do it that way :(
    We looked into it.
     
  7. StriderX

    Caporegime

    Joined: 18 Mar 2008

    Posts: 28,352

    Security advantage for banking, stores and such make sense, but forums?

    I suppose MM is creating an exception though.
     
  8. Maccy

    Commissario

    Joined: 23 Nov 2004

    Posts: 38,950

    Location: Herts

    If you're adament you won't use 2FA then you will lose MM access, but I would advise that you use it.
     
  9. Feek

    Commissario

    Joined: 16 Oct 2002

    Posts: 233,689

    Location: In the radio shack

    Where peoples money is involved, we take matters seriously. There have been a handful of 'compromised' accounts recently (not just those referred to in this thread) where people have reused passwords and there have been fake threads created in the MM. Fortunately, each instance has been quite obvious and nobody has been caught out.

    The last thing we want is for anyone to have any second thoughts about buying in the MM, it needs to be as safe as possible.

    2FA is hardly an inconvenience. It takes a few seconds to set up and requires entering a code once a month.
     
  10. ubersonic

    Capodecina

    Joined: 26 May 2009

    Posts: 21,142

    Ahh that sucks, well at least you tried. Better than most sites.


    It's a bandwagon plague sweeping the internet and inconveniencing millions of people for little value. It's essentially a system to stop stupid people from getting hacked after they give away the password/email they use for every site when they fall for a Facebook scam and share their DOB, fav colour, mothers name, etc.

    The really annoying thing is that the people who don't need this are the ones who get impacted the most as the more tech savvy are the ones more likely to login from different machines/locations.

    The security advantages for anyone not stupid are basically zero as they don't share the answers to secret questions on Facebook or use the same login for every sit eon the internet. Hell online security is less important now than it used to be as password complexity isn't as important as it used to be these days because brute forcing protection is a standard thing on any site.

    The funny thing is, banks and payment services are adding "2FA" login as a requirement now (usually via SMS /vomit) when most of them have already had MFA for years anyway (I.E Natwest has required both online banking password and card pin for online banking since the 90's).
     
  11. Angilion

    Man of Honour

    Joined: 5 Dec 2003

    Posts: 19,895

    Location: Just to the left of my PC

    It's a bit more than that in some circumstances.

    I don't have a handheld networked computer, so no apps for me. OK, email it is. More inconvenient as I have to open and log into my email bridge for better privacy/security then open and log into my email client. No 2FA code email from OcUK. Hmm...give it a few minutes. Nope. Then I remembered that OcUK forums don't allow users to have alerts within the forum only so I had to set up a rule to send all email from the OcUK forums to the bin because I was being spammed with dozens of email alerts every day.

    Maybe I'll buy a Yubikey. They look convenient and useful.
     
  12. Frenzy

    Soldato

    Joined: 11 Sep 2009

    Posts: 5,405

    Location: Limbo

    At least they allow us to use email confirmation, wasn't happy about being made to use a mobile phone app to verify.
     
  13. StriderX

    Caporegime

    Joined: 18 Mar 2008

    Posts: 28,352

    Imagine thinking it's too much of a hassle to do something once-a-month.
     
  14. Backslick

    Gangster

    Joined: 13 Dec 2010

    Posts: 170

    That's what my ex-wife said
     
  15. DXP55

    Soldato

    Joined: 5 Aug 2013

    Posts: 5,151

    Location: Shropshire

    I have had to enable email as I am too stupid to work out how to put the app on - I kid you not I hadn't got a clue when it was asking for all sorts of things. The joys of being old and not that tech savy and only using mobiles as a phone. :confused:
     
  16. Zenduri

    Soldato

    Joined: 17 Mar 2009

    Posts: 5,413

    Location: Nottingham

    Fortuntely i had to install Authy on my phone for work last week so getting through the 2FA was pretty smooth although its still a bit fo a ballache to have 2FA on everything now days.

    It's worth it though to keep my access to the MM. Does everyone need 2FA or it just those with MM access?
     
  17. Maccy

    Commissario

    Joined: 23 Nov 2004

    Posts: 38,950

    Location: Herts

    It will force it for anyone with MM access.
     
  18. Feek

    Commissario

    Joined: 16 Oct 2002

    Posts: 233,689

    Location: In the radio shack

    Anyone who has been a member for longer than six months and has made more than 1,000 posts.
     
  19. Jean-F

    Mobster

    Joined: 14 Apr 2017

    Posts: 3,086

    Location: London

    I feel your pain, I couldn’t scan the QR code no matter what I did and I’m reasonably computer savvy.
    Neither could my wife, the brains of the outfit, and she’s endowed with bucket loads of common sense.
    I wrote the two lots of three number codes in and it allowed me to log on, but I can imagine deleting them by accident and being unable to log on, even though I’ve entered the back up codes in NOTES.
    So if you no longer get anything from me, it isn’t because I don’t like you, I’ll be outside with my nose pressed against the windows, wondering what I did wrong, or didn’t do right.
    Still, I’ll be no loss, as an American ex often said, “This is Jean-François, he marches to the beat of a different drum!”
     
  20. DeliciousStorage

    Hitman

    Joined: 29 Oct 2019

    Posts: 610

    Not necessarily for everyone, it would be a major inconvenience since my cookies are cleared every time I close my browser. The security improvement for me would be negligible since I use a strong randomly generated password with a password manager (KeePass), but I can see why it would be a requirement for people that have access to MM. I wouldn't be able to set it up anyway since OCUK won't allow me to update my email address (ProtonMail).