Makerworld login started requiring emailed verification codes

As title. I have and always had 2FA turned off in settings.

Hugely annoying. Anyone else getting the same?

1 Like

Just tried logging in from a private window and also received the requirement to enter an emailed code.

I had 2FA disabled but discovered it uses an authenticator app vs email or sms so enabled it. It appears to even allows multiple 2FA devices.

A TOTP authenticator app is integrated into my login workflow better than email codes so much preferred if 2FA is required.

1 Like

Did you still encounter verification code requirement even if you turned of 2FA?

2FA is and always was turned off. Makerworld started requiring emailed verification codes a couple of days before I created this thread. I changed nothing.

1 Like

I just checked this logic. We added a verification mechanism last week for accounts that does not turn on 2-step verification.

If you use the same browser, the verification will happen only once (except that you use in-private mode browser).
When you use another browser, the verification will happend again. The verified status is stored as browser’s local data. Different browsers has their individual local data.

I don’t keep cookies which means verification is required every time. I would have more sympathy for your security measures if keeping logged in status in browser cookies was not a ridiculously huge gaping security hole.

There is a reason banks and other financial sites require passwords and 2FA on every log in. There is a reason those sites log you out. There is a reason most will log you out automatically after a few minutes of inactivity.

Email verification is a form of 2FA, so you’re essentially forcing 2FA for people who don’t want to enable it.

2 Likes

They are different.
If 2FA is enabled, you will be required to input a verification code each time you login.
If not, verification code will NOT be required if you use the same device (browser + PC/phone/tablet), except that you use in-private mode browser.

so how do you turn this email code logon off in the setting ? I do not use 2FA ! and my browsers on my PCs all 5 of them are set not to keep cookies… so why do I need to use a email code just which to me is no different to 2AF to logon to a 3d printing site…making wast my time …so how do we turn it off …

At the moment you can’t. Support will tell you you should only have to get an email verification once (they assume you keep cookies).

Cookies bypass password and 2FA codes and are as or less secure than passwords depending how you store passwords.

So at the moment you put up with the pain of getting an email 2FA code or keep cookies and make your account less secure than it was before they forced emailed 2FA codes on you.

You could also turn on 2FA in settings and use an authenticator. I reluctantly tried that and found I couldn’t automate code entry because the pop up for 2FA entry requires a mouse click - more dumbness.