Sign in to a signed in account?!

Project84foria · February 12, 2025, 12:16am

Why am I asked to sign in when I’m ALREADY signed in? AND why am I asked for a two factor ID when I did NOT sign up for that?

pfeerick · February 12, 2025, 1:17am

Was it even an option to not have 2FA? I don’t think it was when I created my account. Not that it bothers me… some form of 2FA should be mandatory for all online services.

Project84foria · February 12, 2025, 1:31am

Why? Do you live in China or something? Why manditory? You do realize I hope that most online attacks are ‘allowed’ by the user? 2FA isn’t going to help you if somebody wants into your biz. So why bother.

pfeerick · February 12, 2025, 1:40am

What exactly does living (or not living) in China have anything to do with it?

2FA is itself not a problem, it is simply how it is implemented that makes it onerous to use. Yes, some online breaches are indeed a result of dumb moments by users. But significantly more are because they use “password123” as their password and expect their account to not be compromised in some way. This is one of the justifications for moving away from passwords entirely, and switching to passkeys… which ensure long, complex and unique passwords for every single account.

Project84foria · February 12, 2025, 9:46pm

Why China? Because where I live we have a Constitution to protect us from ‘Manditory’ BS. Anyhow it wasn’t meant as an insult it was meant as a comparative analysis. So relax I wasn’t trying to hurt your feeli gs I just want personal control over how I spend my time and how I manage my own security and information.

pfeerick · February 13, 2025, 12:06am

My feelings are not “hurt”, I’m just fed up with the unsubstantiated “bad China” BS… it is simply unthinking bad taste/form.

Your statement suggests you are from the US, and your very own CISA is pushing for 2FA/MFA … at the moment it is just best practice, but I believe it was one of the items they stated would become mandatory within the next 10 years, along with a whole host of other requirements (some were only recommendations) in the policy statement they put out late last year.

Project84foria · February 13, 2025, 1:53am

OK fair enough, even IF it is bloody annoying and a false sense of security and a means to tie EVERYTHING you do to a physical address. Frankly I’m surprised so many people just roll over for big brother. Also the US isn’t the only country in the world with a Constitution.

BambuBanker · February 13, 2025, 2:00am

But Americans are the only people who will say things like this.

Do you live in China or something?

Project84foria · February 13, 2025, 2:00am

Anyway I DO appreciate your input. THANK YOU.

pfeerick · February 13, 2025, 3:17am

Sssh!! An American might come along and get ideas!

Yup, some implementations are better than others, but most forms are just that … annoying.

Not always. Email MFA is questionable, as if someone has access to your email you’re up the creek, but SMS or hardware token based MFA are somewhat more secure, simply because you have to have the hardware device to get the message/token.

Having a hardware token like a YubiKey, or using timebased tokens doesn’t tie you to a physical address. Only a shared secret.

True… Australia has one also, but some it really isn’t worth the paper it is written on.

And thank you!.. this is a community… all dialogue is welcome