Verification Required!

[LCF-AT]

Hi Ted,

just a question.Since yesterday I always get that Verification Required box after login.Good for me that I did remember the answer for that question but today I get that Verification Required box another time.Why this?I dont wanna get this each time if I login.Did you change any forum settings to force that Verification Required box or whats behind?Maybe you can tell me or us whats the reason for this behavior.Thank you.

greetz

[Techlord]

Well, I was not so lucky yesterday. I had forgotten the answer to my question and was locked out for an hour, haha

After that I racked my brains all evening and finally remembered what I'd put as the answer. Before that, I needed to reset my password using the "Forgot Password", just to gain entry into the forum

[LCF-AT]

Sorry to hear that Techlord.I also just did remember randonmly.

One more thing I have seen today.I also did open randonmly my webconsole on T4Y and inside I can find this info....

This is a browser feature intended for developers. Do not paste any code here given to you by someone else. It may compromise your account or have other negative side effects.

...whats this again?Never seen that before on any other sites checking my webconsole.Seems to be any JAVA Script issue.So have I care about that or something?

greetz

[Techlord]

I did not open the web console to check ...

However, I think the script attempts to look for a cookie on one's system, and if it can't fnd it, then decides to ask the security questions etc.

It also attempts to fingerprint the system/browser that we are using in an attempt to identify if we are logging in from a "system that we logged in earlier from" but it decided that I was attempting a login from a different system lol

This happens if we are using a "Private Browsing" option in the browser, like many of us do ...

[Teddy Rogers]

22 hours ago, LCF-AT said:

Since yesterday I always get that Verification Required box after login.Good for me that I did remember the answer for that question but today I get that Verification Required box another time.Why this?I

Yes, I changed some settings with the board to force two-factor authentication when logging in from a new device. If you are using something like NoScript, private browsing, etc. then you will likely consistently experience this problem when logging in to the board. I enabled it to add an extra layer of security as some members here, in 2017 (going on 2018), are still flagrantly choosing to use the same login details across multiple websites they visit and are risking the security of their account.

19 hours ago, LCF-AT said:

This is a browser feature intended for developers. Do not paste any code here given to you by someone else. It may compromise your account or have other negative side effects.

No, you need not worry about this just so long as you adhere to the message...

Ted.

[LCF-AT]

Hi guys,

so I dont use Private Browsing for T4Y.Only thing what I have enabled is the do not track option in Firefox.I use same settings as before too / access site from same device but now I get that Verification Required box every day if I login.The NoScript AddOn is set on trusted for T4Y.Not sure whether I should like it or not (VRBox).

Aha,no worry.Does it mean I better should not mod the root script hmm.

greetz

[Techlord]

@LCF-AT : It depends on a cookie being present in your browser, to decide whether its a "known" system that you are logging in from or not... So whatever settings you use, if the cookies are gone, then it asks for verification.

For example, just log off from the tuts4you site but do not close your broswer. Then immediately attempt to login from that same browser that was left open. You will see that the site does not ask for verification. If you do close your browser (and if the settings remove cookies) then it will ask for verification at the next login. At least it is so on my system.

I did not do extensive studies on this though but this appears to be reason.

Edited November 29, 2017 by Techlord

[kao]

@Teddy Rogers: that is just bloody ridiculous. I just spent good 30 minutes trying to open the forum from my new mobile. 

1) Opening the forum from a new device requires answering "security question". No, I don't remember what random answer I entered when it nagged me few months ago.
2) As an alternative it suggests "open the forum from known device and reconfigure the security settings". I do exactly as suggested.
3) Turns out that reconfiguring security settings also requires answering security question. How very helpful! 
4) As a 2nd alternative it suggests to recover access via email. Click recover via email and wait for email to arrive.
5) ...only to find out that there is no way to turn off that bloody thing. You can only set a different answer to question or use even less convenient Google authenticator.

 

To sum it up - if your email is compromised, you're screwed anyway - since you can request the reset of security question from the unknown device. So, in fact it doesn't add any extra security, just annoyance.
Please, at least allow users to switch off this crap (at their own risk)! 

 

[Teddy Rogers]

Congratulations on receiving your new mobile device. The intention was not to add an additional layer of security to members' email accounts, I have no control over how members manage or secure them. If a members' email account is compromised I think they will have more pressing concerns to worry about than unauthorised access to this community. The intention of the change was to add an additional layer of security to accounts here to prevent unauthorised access from new/unknown devices. From the negative feedback I have received this past week all it has done is introduce a layer of complexity, I obviously underestimated the impact of this change. With this in mind I have rolled it back and apologies for the unintended confusion and stress it has caused to all affected members...

Ted.

[LCF-AT]

Hi Ted,

so I think we all have nothing against some more security etc but to get that VR-Box every day after login to answer it was really irritating also if I login always from same device.Would be maybe better if you just log the location to create a small profile about the users and if this dosent match after a login you can let popup the VR-Box to answer etc.Something like that you know.Just only a idea so I am no server admin (Server: Teddy, it took me...) like you.

greetz