1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

**** Please enable 2FA on your OcUK forum account ****

Discussion in 'General Discussion' started by Feek, 14 Oct 2021.

  1. Werewolf

    Commissario

    Joined: 17 Oct 2002

    Posts: 30,153

    Location: Panting like a fiend

    Where you scanning the code from within an authenticator app?

    I made a similar error on Friday night when I hadn't cottoned on that i needed to install a specific app to use a barcode to order some food.
     
  2. Mrs Seabiscuit

    Mobster

    Joined: 21 Sep 2008

    Posts: 4,320

    Location: somewhere out there!

    I hate all websites that insist on 2FV at least it will remember my pc for 30 days. Woop :mad:
    Fine if you only look at forums on one device but what if you do it on several, pain in the bum and badly communicated.
     
  3. new boy

    Mobster

    Joined: 25 Jun 2009

    Posts: 3,385

    Location: Weston-super-Mare

    Thought I'd been robfosters'd when I logged in and saw the alert earlier, glad to see it's not just me.
     
  4. Feek

    Commissario

    Joined: 16 Oct 2002

    Posts: 233,701

    Location: In the radio shack

    Then you enter a code on each device, once every thirty days. Hardly a pain in the bum.

    As for badly communicated, there's this thread, there was a forum wide notice pointing towards this thread and there's a notice that links you directly to the page to enable 2FA. What do you want us to do, send someone out to do it for you? :rolleyes:

    I gave up and went to the bar! Table 202, big burger, large G&T, thank you very much :D
     
  5. Basher

    Sgarrista

    Joined: 18 Oct 2002

    Posts: 9,152

    I think the point was that it went from "strongly encourage" to "your access will stop" without much notice.

    2FA is a proper pain in the bum, but needed I guess.
     
  6. fiveub

    Commissario

    Joined: 12 Apr 2008

    Posts: 49,043

    Location: OcUK HQ

    No one likes additional effort to log into accounts, but also no one likes their accounts being compromised too. For us, it was important to implement it to add an additional layer of security, especially due to several accounts recently being compromised, it just makes sense.
     
  7. Kenai

    Capodecina

    Joined: 5 Apr 2009

    Posts: 22,056

    It was a bit jarring to just suddenly be kicked out mid way through reading a thread.

    A "we'll be making this mandatory in a day or two" type message wouldn't have gone amiss :p
     
  8. Jean-F

    Mobster

    Joined: 14 Apr 2017

    Posts: 3,089

    Location: London

    I think so, I downloaded an app from the App Store which said that it was for 2FA and followed the prompts, initially entering my overclockers password, which eventually took me to the QR code.
    Obviously I’m still able to post at the moment, but if I logged off it would maybe be lights out for me, I don’t know.
    Perhaps if it all goes south I’ll dream up a new persona and try to get back on Pistonheads or Digital Spy!
     
  9. Mrs Seabiscuit

    Mobster

    Joined: 21 Sep 2008

    Posts: 4,320

    Location: somewhere out there!

    Now young man, lets agree to disagree on that! Tut tut.
     
  10. Basher

    Sgarrista

    Joined: 18 Oct 2002

    Posts: 9,152

    Exactly. That's where the communication failed a bit IMO.

    No biggy though, just a bit frustrating to have to log in every month.

    Even the feedback about being communicated badly, wasn't handled particularly well :p
     
  11. Mrs Seabiscuit

    Mobster

    Joined: 21 Sep 2008

    Posts: 4,320

    Location: somewhere out there!

    Precisely the point I was making.

    Think @Feek is feelin` grumpy today. :D Sore head from dons night out no doubt. :D
     
  12. fiveub

    Commissario

    Joined: 12 Apr 2008

    Posts: 49,043

    Location: OcUK HQ

    To be fair, waiting to implement a security feature by announcing it days ahead sounds not so secure. Surely it makes sense to implement something like this as soon as possible, announced or not. :p
     
  13. Mrs Seabiscuit

    Mobster

    Joined: 21 Sep 2008

    Posts: 4,320

    Location: somewhere out there!

    Well 5UB. :D :D :D:D:D:D
     
  14. Kenai

    Capodecina

    Joined: 5 Apr 2009

    Posts: 22,056

    In which case, why mess about with a message asking nicely to do it as if it's optional for a few days? Just get on with it if it's so super critical that delaying it is insecure :p
     
  15. fiveub

    Commissario

    Joined: 12 Apr 2008

    Posts: 49,043

    Location: OcUK HQ

    Because some accounts were compromised that day, and it was quicker to kindly ask yourselves to enable 2FA if you want your account secured, whilst we tested and enabled it across the forum.
     
  16. Angilion

    Man of Honour

    Joined: 5 Dec 2003

    Posts: 19,906

    Location: Just to the left of my PC

    That's not necessarily true.

    I have enter a one time code every time I log in, even if it's been 30 seconds since the last time I logged in. I just tested that to check. I have to log into two apps (email bridge, email client) and look through my email spam folder(*) to find the code, then enter it. Not just "entering a code once per month".

    Of course, I could remove security and privacy measures that work for everything in order to comply. But that makes no sense in order to possibly improve security on one forum.



    * OcUK forums won't allow alerts within the forums only, so the choice is no alerts at all or an email every time anyone posts in any thread I have ever posted in. Which spams my email address, so I added OcUK forums to the spam list. And yes, I have unticked the email alert box. It makes no difference.
     
  17. Kenai

    Capodecina

    Joined: 5 Apr 2009

    Posts: 22,056

    So it wouldn't really have been 'not so secure' to simply say "please do this now, soon it will be made mandatory" really would it? :p
     
  18. Angilion

    Man of Honour

    Joined: 5 Dec 2003

    Posts: 19,906

    Location: Just to the left of my PC

    On a related note, can I use a Yubikey to comply with the new 2FA requirements here? I've been idly thinking about getting one recently. It would be less bother and more secure than having to open two apps to read my email, look through the spam for OcUK's code and enter it, every time I log into these forums.
     
  19. Em3bbs

    Soldato

    Joined: 26 Dec 2011

    Posts: 5,478

    Location: City of London

    The lack of communication about when users will have to enable 2FA was a bit amateur, along with deleting a post without acknowledging that you've taken note of the massive security flaw found in the 2FA process, but it's an internet forum not a business I guess. It does however make me a bit worried that there is more to this all than meets the eye.
     
    Last edited: 18 Oct 2021
  20. Werewolf

    Commissario

    Joined: 17 Oct 2002

    Posts: 30,153

    Location: Panting like a fiend

    You were more with it than I was.

    Although to be honest I did start the day having a shave, thinking it hadn't done much, having another shave and only realising I hadn't taken the cover off the razer as I was putting it away (cue another shave, this time without the cover), and I believe you found the hotel bar without leaving the hotel :p
     
  21. Maccy

    Commissario

    Joined: 23 Nov 2004

    Posts: 38,955

    Location: Herts

    Tbf, I did say a few times it will be compulsory for those with MM access...