Verification Required - Loop!

[LCF-AT]

Hi Ted,

since yesterday I get that VR Nag to see on login to enter my answer.All working so far but why I'am getting that NAG today again?Never happend before.Only getting that security NAG one time in a half year or year and now I got it twice in two days already.Did you change something or do we get the NAG all to see each time on login now?Maybe you can tell use something about it.Thanks.

greetz

[Teddy Rogers]

I have enforced 2FA for newly logged in devices.

If you do not want to keep seeing this message please make an exception not to delete/ clear Tuts 4 You site data/ cookies...

Ted.

[LCF-AT]

Hey Ted,

I do delete all cookies on browser exit.I will not add any exception for T4Y.Just remove that new enabled settings back Ted or try to configure it more to normal and not so aggressive to ask that Security Question on EACH login.That sucks.You can ask for it like you did before too or in a similar interval (few months or half year or just on device change etc) but not like it is now = pretty bad you know.So I hope you can do something in that direction to make that new settings working more in normal state (without to keep cookies) etc.That would be nice Ted.

PS: "I have enforced 2FA for newly logged in devices" - I'am using same device as always so why do I get that verification NAG each time now?Since 3 days.Has it something to do with latest Firefox brower & cookie something etc?As I said, my device is same and if I understand you right then I shouldn't get that NAG anymore right?

greetz

[Teddy Rogers]

31 minutes ago, LCF-AT said:

You can ask for it like you did before too or in a similar interval (few months or half year or just on device change etc

Nothing has changed here. It works exactly the same, over the same duration, providing you do not delete cookies.

31 minutes ago, LCF-AT said:

I'am using same device as always so why do I get that verification NAG each time now?

When you login a unique key is assigned to the browser and stored as a cookie. When you next login, and if the unique key matches, it is treated as a known and approved device. If you delete cookies you lose that unique information.

31 minutes ago, LCF-AT said:

Has it something to do with latest Firefox brower & cookie something etc?

Nothing wrong with Firefox. My suggestion would be in Firefox settings add "https://forum.tuts4you.com/" to your whitelist so that cookies are not deleted when you exit the browser...

Ted.

[fearless]

I use a firefox addon called ForgetMeNot to auto delete cookies from most sites and to keep cookies for sites that I want to stay logged into

[LCF-AT]

Hi,

so before I also didn't need to keep a cookie for T4Y so why now?Just because you enabled that 2FA.What was wrong with the used modus for logins before?So what comes next?Checking out from which country you do login and more checks like this etc and deny the login or VR Nag?I know other sites who using extreme checks like this what really sucks sometimes but there you can setup everything in the settings what means the user has some control.

So whats the solution now:

A.) Enable TY4 cookie not to delete on browser exit or occasionally = I have to use the cookie ever  = 👎

B.) Keep deleting cookies and keep filling the VR Nag each time on login = 👎

Both solutions are not pretty well.Why should I keep my cookie / login to stay logged into the whole time?Are you doing it with homebanking too?I don't think so right.Nobody keeps their cookie/s alive to leave a clean browser or just clean it during browsing to keep some privacy in times where every move gets collected.I'am not paranoid but in some cases we should just keep the church in the village.The question is whether its necessary to use enforced 2FA on T4Y now with that VR NAG?So before everything was also working well without problems and the VR NAG did just pop up rarly and that was also alright.Anyway, not sure whether I'am the only person who is thinking that way but I really find it a little exaggerated.You didn't not just only enforce the new login method with the 2FA you also did enforce your users now to choose between point A or B and in my case as normal user I'am not happy with that choice I have now.

PS: Of course just my opinion only so far but I really don't like changes.

greetz

[Teddy Rogers]

15 hours ago, LCF-AT said:

Why should I keep my cookie / login to stay logged into the whole time?

You do not have to stay logged in, and you only need to keep the cookie containing the device key.

15 hours ago, LCF-AT said:

Are you doing it with homebanking too?I don't think so right.

You must be crazy if you do not have or utilise some form of 2FA for home banking.

16 hours ago, LCF-AT said:

The question is whether its necessary to use enforced 2FA on T4Y now

There are good reasons why I have chosen to enabled it.

For the majority of users they are likely not to even notice the change until (they login from another device or) their device key expires which, I think is set around ~1.5 years...

Ted.

[Loki]

Cookies are a basic web mechanic. They are not all evil and are not all for DMP type tracking.

Deleting all cookies is like permanently using Chrome's incognito mode. That mode is separate for a reason..... it breaks the basic mechanic of remembering sessions where you want to be remembered. You're not being tracked across sites and deleting those cookies just gives you a personal headache logging in each time. Your choice, clearly, but deleting 'every' cookie is like tidying a cupboard by throwing everything away, rather than sorting out the junk.

Given how much people share passwords, 2FA should be standard across all sites these days so I struggle to see how T4U is the only site causing issues.

[LCF-AT]

Hi again,

ok I tried to add T4Y to my FF settings as exectpion to keep the cookie but somehow it dosent work.Each time if I restart FF T4Y is gone from my exception list and I have to answer that verification again. What now?

I did press save too of course.Whats wrong here?

greetz

[fearless]

On 7/8/2021 at 11:50 AM, fearless said:

I use a firefox addon called ForgetMeNot to auto delete cookies from most sites and to keep cookies for sites that I want to stay logged into

 

[kao]

13 hours ago, LCF-AT said:

Each time if I restart FF T4Y is gone from my exception list

Maybe, just maybe, it's your PC setup that's somehow f*ckt?.. 🤔

 

[LCF-AT]

Hi,

I had also to change this setting....

....to this above.Now my exception for T4Y keeps saved.The settings at all are a little confusing.Now you would think that you do allow to keep all Cookies but as I can see only T4Y cookie keeps alive and all others are gone on restart also with unchecked Cookie.So at the moment it works to keep login in T4Y & to re-login after logout without getting that VR NAG anymore.

greetz

[LCF-AT]

Hi again,

I see that yesterday the forum got a new update (T4Y was not usable at that time).Remember, I did allow T4Y to keep the cookies on my PC to keep the unique key to prevent to answer the V question +/- to login etc.So yesterday I just did quit my browser (without to logout) and today I go to T4Y and was still logged in = Ok so far.Now I checked out the forum for new posts / PMs etc and then I just quit the browser without to log out (just came on X button on browser to exit it) and did re-start my FF browser and go back to T4Y but this time I was no more logged in (= why?) what makes me wonder because my cookie dosent get deleted for T4Y as I told before.Now I tried to login but this failed and I got that message to see..

...whats that now?I am no more logged in anymore and need to wait the whole time!?Ah come on Ted!Really?

I also had some upload issues to upload images....

....but now it seems to work again.So what is this with the new update Ted?Did add MORE security things?Just wanna be sure how to handle the new situation to get disallowed to login / wait / whatever you know.Somehow its getting really a little bit ridiculous you know.Just explain it to me in a easy way for super idiots like me now.You told me to keep cookis for T4Y and I did and the last few days all was working good with T4Y.Yesterday you made a major update and I was no more logged in after browser exit & restart so what happend with my key?Why do I get that locked NAG and have to wait sooooooo long?On internet I found that you just get that NAG if you try to loggin many times but I just got it on first login try.I also have saved my login data on browser so I dont need to enter the login data manaully.Just tell me, what I have to do to prevent any issues now and to login save and keep it like before you changed some things here.Just asking you know.Thank you.

greetz

[Teddy Rogers]

A couple of days ago there was an IPS update to the forum released - ironically - with a 2FA bug.

IPS released an optional patch about twelve hours ago that fixed it...

Ted.

[Blah]

i thought i was hacked or the site was being misdirected hahah