cb25
Posts: 3,528 
Likes: 2,668
|
Post by cb25 on Jul 30, 2018 14:21:33 GMT
Having ticked the 'do you want to reduce the use of codes' (or whatever the message was) at last login, at this login I find it asks only for email address and password, i.e. less secure than the pre-2FA situation when it used to ask one of three questions. So, I've switched 'full' 2FA back on
|
|
n
Member of DD Central
Yet another Nick
Posts: 882
Likes: 461
|
Post by n on Jul 30, 2018 14:26:30 GMT
Having ticked the 'do you want to reduce the use of codes' (or whatever the message was) at last login, at this login I find it asks only for email address and password, i.e. less secure than the pre-2FA situation when it used to ask one of three questions. So, I've switched 'full' 2FA back on I think the idea is that only happens when you use the same browser from the same location as when you ticked the box. I will find out later when I get home (and also check tomorrow that it will be able to remember 2 locations).
|
|
lara
Posts: 345
Likes: 300
|
Post by lara on Jul 30, 2018 14:31:40 GMT
Having ticked the 'do you want to reduce the use of codes' (or whatever the message was) at last login, at this login I find it asks only for email address and password, i.e. less secure than the pre-2FA situation when it used to ask one of three questions. So, I've switched 'full' 2FA back on I think the idea is that only happens when you use the same browser from the same location as when you ticked the box. I will find out later when I get home (and also check tomorrow that it will be able to remember 2 locations). And sensitive transactions are always protected by 2FA in any case.
|
|
cb25
Posts: 3,528
Likes: 2,668
|
Post by cb25 on Jul 30, 2018 15:05:08 GMT
Having ticked the 'do you want to reduce the use of codes' (or whatever the message was) at last login, at this login I find it asks only for email address and password, i.e. less secure than the pre-2FA situation when it used to ask one of three questions. So, I've switched 'full' 2FA back on I think the idea is that only happens when you use the same browser from the same location as when you ticked the box. I will find out later when I get home (and also check tomorrow that it will be able to remember 2 locations). I went back to reduced 2FA. Managed to switch between using IE and Firefox without having to use a code.
|
|
SteveT
Member of DD Central
Posts: 6,875
Likes: 7,924
|
Post by SteveT on Jul 31, 2018 7:27:13 GMT
chris , some feedback. I ticked the "Opt out" check box yesterday and successfully was readmitted without using 2FA an hour or two later. This morning, however, the AC system had forgotten my opt-out choice and required 2FA again to let me in. Having ticked the opt-out box again, I was again able to log out and log back in again without 2FA I tried the same on another AC account I manage, with exactly the same results. (Same PC of course, using Chrome on Win10)
|
|
lara
Posts: 345
Likes: 300
|
Post by lara on Jul 31, 2018 7:34:36 GMT
chris , some feedback. I ticked the "Opt out" check box yesterday and successfully was readmitted without using 2FA an hour or two later. This morning, however, the AC system had forgotten my opt-out choice and required 2FA again to let me in. Having ticked the opt-out box again, I was again able to log out and log back in again without 2FA I tried the same on another AC account I manage, with exactly the same results. (Same PC of course, using Chrome on Win10) I didn't have that problem, I was able to sign in just now without 2FA, having ticked the box yesterday.
|
|
|
|
Post by chris on Jul 31, 2018 8:10:07 GMT
chris , some feedback. I ticked the "Opt out" check box yesterday and successfully was readmitted without using 2FA an hour or two later. This morning, however, the AC system had forgotten my opt-out choice and required 2FA again to let me in. Having ticked the opt-out box again, I was again able to log out and log back in again without 2FA I tried the same on another AC account I manage, with exactly the same results. (Same PC of course, using Chrome on Win10) The mechanism is dependent on cookies to track you and the devices you use. If you clear your cookies or otherwise block them or use a plugin to restrict their usage then it won't work. I'm in holiday at the moment so connectivity is limited but any queries or strange behaviour and the lender desk should be able to support you
|
|
cb25
Posts: 3,528
Likes: 2,668
|
Post by cb25 on Jul 31, 2018 8:11:12 GMT
chris , some feedback. I ticked the "Opt out" check box yesterday and successfully was readmitted without using 2FA an hour or two later. This morning, however, the AC system had forgotten my opt-out choice and required 2FA again to let me in. Having ticked the opt-out box again, I was again able to log out and log back in again without 2FA I tried the same on another AC account I manage, with exactly the same results. (Same PC of course, using Chrome on Win10) I didn't have that problem, I was able to sign in just now without 2FA, having ticked the box yesterday. Same here
|
|
baldpate
Member of DD Central
Posts: 549
Likes: 407
|
Post by baldpate on Jul 31, 2018 9:20:06 GMT
chris , some feedback. I ticked the "Opt out" check box yesterday and successfully was readmitted without using 2FA an hour or two later. This morning, however, the AC system had forgotten my opt-out choice and required 2FA again to let me in. Having ticked the opt-out box again, I was again able to log out and log back in again without 2FA I tried the same on another AC account I manage, with exactly the same results. (Same PC of course, using Chrome on Win10) I believe that there is an issue for those such as you and I who manage multiple accounts on the same PC (all associated with the same contact number - in my case, a landline), and who wish to use the opt-out option on all accounts.
I have found that whenever you switch from one account to another you get a 2FA challenge at login, no matter that you have previously opted-out on the target account.
So, for example, with two account A/B (both with the opt-out previously set), assuming we start logged-in to account A : - Logout A - Login A (even with overnight gap) - no 2FA challenge - Logout A - Login B - challenged with 2FA (even though previously successfully opted out) - Login B - - no 2FA challenge - Logout B - Login A - challenged with 2FA (even though previously successfully opted out)
It seems as if the last logged-in account used is stored as an attribute of the associated phone number, and if you try logging in to a different account associated to the same number you get challenged, no matter you had previously set 'don't challenge'.
PS should have mentioned, all this on same PC using same browser (Firefox).
|
|
dc848
Posts: 150
Likes: 92
|
Post by dc848 on Jul 31, 2018 9:44:36 GMT
chris , some feedback. I ticked the "Opt out" check box yesterday and successfully was readmitted without using 2FA an hour or two later. This morning, however, the AC system had forgotten my opt-out choice and required 2FA again to let me in. Having ticked the opt-out box again, I was again able to log out and log back in again without 2FA I tried the same on another AC account I manage, with exactly the same results. (Same PC of course, using Chrome on Win10) I believe that there is an issue for those such as you and I who manage multiple accounts on the same PC (all associated with the same contact number - in my case, a landline), and who wish to use the opt-out option on all accounts.
I have found that whenever you switch from one account to another you get a 2FA challenge at login, no matter that you have previously opted-out on the target account.
So, for example, with two account A/B (both with the opt-out previously set), assuming we start logged-in to account A : - Logout A - Login A (even with overnight gap) - no 2FA challenge - Logout A - Login B - challenged with 2FA (even though previously successfully opted out) - Login B - - no 2FA challenge - Logout B - Login A - challenged with 2FA (even though previously successfully opted out)
It seems as if the last logged-in account used is stored as an attribute of the associated phone number, and if you try logging in to a different account associated to the same number you get challenged, no matter you had previously set 'don't challenge'.
PS should have mentioned, all this on same PC using same browser (Firefox).
Just a suggestion...
Each browser has its own set of cookies - as a workaround, maybe you could try Firefox for AccountA and Chrome for AccountB ?
|
|
|
|
Post by westcountryfunder on Jul 31, 2018 10:15:58 GMT
chris , some feedback. I ticked the "Opt out" check box yesterday and successfully was readmitted without using 2FA an hour or two later. This morning, however, the AC system had forgotten my opt-out choice and required 2FA again to let me in. Having ticked the opt-out box again, I was again able to log out and log back in again without 2FA I tried the same on another AC account I manage, with exactly the same results. (Same PC of course, using Chrome on Win10) I believe that there is an issue for those such as you and I who manage multiple accounts on the same PC (all associated with the same contact number - in my case, a landline), and who wish to use the opt-out option on all accounts.
I have found that whenever you switch from one account to another you get a 2FA challenge at login, no matter that you have previously opted-out on the target account.
So, for example, with two account A/B (both with the opt-out previously set), assuming we start logged-in to account A : - Logout A - Login A (even with overnight gap) - no 2FA challenge - Logout A - Login B - challenged with 2FA (even though previously successfully opted out) - Login B - - no 2FA challenge - Logout B - Login A - challenged with 2FA (even though previously successfully opted out)
It seems as if the last logged-in account used is stored as an attribute of the associated phone number, and if you try logging in to a different account associated to the same number you get challenged, no matter you had previously set 'don't challenge'.
PS should have mentioned, all this on same PC using same browser (Firefox).
Yes, you're quite right. What you have described is also my experience. This household has four AC accounts, and I shall be struggling to find four different browsers with which I can use the Authy extension. Oh, but no matter, once the Authy extension is running on Chrome it will keep generating tokens every 20 seconds, even when logged out of AC and Chrome closed down. So, I can use any browser, provided that I have first used Chrome and fired up Authy. Well, I suppose it's a work-around - but how clumsy.
|
|
upland
Member of DD Central
Posts: 479
Likes: 175
|
Post by upland on Jul 31, 2018 10:22:27 GMT
Reduced TFA - Much better for me. It was getting to be a nuisance as I use a landline and the BT text to number conversion spoke the value rather than the numbers so I had to replay it a few times especially if there was a zero in the number and I usually had to write it down.
|
|
bg
Member of DD Central
Posts: 1,368
Likes: 1,929
|
Post by bg on Jul 31, 2018 10:54:04 GMT
It says a lot that while the other 4 most active boards on this site are dominated by posts about either mounting defaults, unenforced recovery protocols or platform administration, AC's is dominated by one about bringing in an additional level of security.
AC should take it as a compliment.
To think not too long ago there were numerous threads with angry posters saying they were leaving AC because they didn't have any loans with 'decent' rates which the likes of C, L, FS and MT were regularly bringing. Oh dear!
|
|
|
|
Post by chris on Jul 31, 2018 11:12:43 GMT
Regarding multiple login issues, Sounds like AC is using one 2FA cookie. They should be able to enhance this quite easily to use more and have one 2FA cookie per login. (They just have to figure out a naming scheme) That's one solution . My preferred solution would be to allow lenders to link accounts with appropriate permissions and switch between them without needing to re-authenticate. Both with be evaluated for subsequent releases .
|
|
baldpate
Member of DD Central
Posts: 549
Likes: 407
|
Post by baldpate on Jul 31, 2018 11:17:12 GMT
Just a suggestion...
Each browser has its own set of cookies - as a workaround, maybe you could try Firefox for AccountA and Chrome for AccountB ? You're right, the opt-out flag is carried in a cookie (I've just noticed chris 's recent post where he seems to confirm this), so using a different browser for each account does work (confirmed with IE + Firefox). Interestingly, the authentication method (SMS/Authy) seems to be stored in association with the account (so I presume it is stored server-side?), because in my early experiments I used SMS (via landline voice message) on one of my accounts and Authy on the other, and these choices persisted once established. Perhaps Assetz decided to use a cookie because the opt-out functionality had to be grafted-on as an afterthought, and it saved changing the database?
|
|
