**** Please enable 2FA on your OcUK forum account ****

Jean-F said:
I feel your pain, I couldn’t scan the QR code no matter what I did and I’m reasonably computer savvy.
Neither could my wife, the brains of the outfit, and she’s endowed with bucket loads of common sense.
I wrote the two lots of three number codes in and it allowed me to log on, but I can imagine deleting them by accident and being unable to log on, even though I’ve entered the back up codes in NOTES.
So if you no longer get anything from me, it isn’t because I don’t like you, I’ll be outside with my nose pressed against the windows, wondering what I did wrong, or didn’t do right.
Still, I’ll be no loss, as an American ex often said, “This is Jean-François, he marches to the beat of a different drum!”
Click to expand...
Where you scanning the code from within an authenticator app?

I made a similar error on Friday night when I hadn't cottoned on that i needed to install a specific app to use a barcode to order some food.
 
Mrs Seabiscuit said:
Fine if you only look at forums on one device but what if you do it on several, pain in the bum and badly communicated.
Click to expand...
Then you enter a code on each device, once every thirty days. Hardly a pain in the bum.

As for badly communicated, there's this thread, there was a forum wide notice pointing towards this thread and there's a notice that links you directly to the page to enable 2FA. What do you want us to do, send someone out to do it for you? :rolleyes:

Werewolf said:
I made a similar error on Friday night when I hadn't cottoned on that i needed to install a specific app to use a barcode to order some food.
Click to expand...
I gave up and went to the bar! Table 202, big burger, large G&T, thank you very much :D
 
Feek said:
Then you enter a code on each device, once every thirty days. Hardly a pain in the bum.

As for badly communicated, there's this thread, there was a forum wide notice pointing towards this thread and there's a notice that links you directly to the page to enable 2FA. What do you want us to do, send someone out to do it for you? :rolleyes:
Click to expand...
I think the point was that it went from "strongly encourage" to "your access will stop" without much notice.

2FA is a proper pain in the bum, but needed I guess.
 
No one likes additional effort to log into accounts, but also no one likes their accounts being compromised too. For us, it was important to implement it to add an additional layer of security, especially due to several accounts recently being compromised, it just makes sense.
 
Basher said:
I think the point was that it went from "strongly encourage" to "your access will stop" without much notice.
Click to expand...

It was a bit jarring to just suddenly be kicked out mid way through reading a thread.

A "we'll be making this mandatory in a day or two" type message wouldn't have gone amiss :p
 
Werewolf said:
Where you scanning the code from within an authenticator app?

I made a similar error on Friday night when I hadn't cottoned on that i needed to install a specific app to use a barcode to order some food.
Click to expand...

I think so, I downloaded an app from the App Store which said that it was for 2FA and followed the prompts, initially entering my overclockers password, which eventually took me to the QR code.
Obviously I’m still able to post at the moment, but if I logged off it would maybe be lights out for me, I don’t know.
Perhaps if it all goes south I’ll dream up a new persona and try to get back on Pistonheads or Digital Spy!
 
Kenai said:
It was a bit jarring to just suddenly be kicked out mid way through reading a thread.

A "we'll be making this mandatory in a day or two" type message wouldn't have gone amiss :p
Click to expand...
Exactly. That's where the communication failed a bit IMO.

No biggy though, just a bit frustrating to have to log in every month.

Even the feedback about being communicated badly, wasn't handled particularly well :p
 
To be fair, waiting to implement a security feature by announcing it days ahead sounds not so secure. Surely it makes sense to implement something like this as soon as possible, announced or not. :p
 
fiveub said:
To be fair, waiting to implement a security feature by announcing it days ahead sounds not so secure. Surely it makes sense to implement something like this as soon as possible, announced or not. :p
Click to expand...

In which case, why mess about with a message asking nicely to do it as if it's optional for a few days? Just get on with it if it's so super critical that delaying it is insecure :p
 
Kenai said:
In which case, why mess about with a message asking nicely to do it as if it's optional for a few days? Just get on with it if it's so super critical that delaying it is insecure :p
Click to expand...

Because some accounts were compromised that day, and it was quicker to kindly ask yourselves to enable 2FA if you want your account secured, whilst we tested and enabled it across the forum.
 
Feek said:
[..] 2FA is hardly an inconvenience. It takes a few seconds to set up and requires entering a code once a month.
Click to expand...

That's not necessarily true.

I have enter a one time code every time I log in, even if it's been 30 seconds since the last time I logged in. I just tested that to check. I have to log into two apps (email bridge, email client) and look through my email spam folder(*) to find the code, then enter it. Not just "entering a code once per month".

Of course, I could remove security and privacy measures that work for everything in order to comply. But that makes no sense in order to possibly improve security on one forum.



* OcUK forums won't allow alerts within the forums only, so the choice is no alerts at all or an email every time anyone posts in any thread I have ever posted in. Which spams my email address, so I added OcUK forums to the spam list. And yes, I have unticked the email alert box. It makes no difference.
 
fiveub said:
Because some accounts were compromised that day, and it was quicker to kindly ask yourselves to enable 2FA if you want your account secured, whilst we tested and enabled it across the forum.
Click to expand...

So it wouldn't really have been 'not so secure' to simply say "please do this now, soon it will be made mandatory" really would it? :p
 
On a related note, can I use a Yubikey to comply with the new 2FA requirements here? I've been idly thinking about getting one recently. It would be less bother and more secure than having to open two apps to read my email, look through the spam for OcUK's code and enter it, every time I log into these forums.
 
The lack of communication about when users will have to enable 2FA was a bit amateur, along with deleting a post without acknowledging that you've taken note of the massive security flaw found in the 2FA process, but it's an internet forum not a business I guess. It does however make me a bit worried that there is more to this all than meets the eye.
 
Last edited:
Feek said:
I gave up and went to the bar! Table 202, big burger, large G&T, thank you very much :D
Click to expand...
You were more with it than I was.

Although to be honest I did start the day having a shave, thinking it hadn't done much, having another shave and only realising I hadn't taken the cover off the razer as I was putting it away (cue another shave, this time without the cover), and I believe you found the hotel bar without leaving the hotel :p
 
You must log in or register to reply here.
Back
Top Bottom