topic 2FA in EE Community info & News

2FA

Midnight_Voice — Wed, 06 Nov 2024 12:32:04 GMT

EE seem to be threatening to make me use 2FA to log on to this Community.

This will not sit well with me 😢

Re: 2FA

DarrenDev — Wed, 06 Nov 2024 12:37:25 GMT

2FA is being rolled out across all systems that require an EE ID - authentication is only as secure as its weakest point.

Re: 2FA

XRaySpeX — Wed, 06 Nov 2024 12:43:35 GMT

@DarrenDev : Is that mandatory 2FA?

Re: 2FA

Midnight_Voice — Wed, 06 Nov 2024 12:45:50 GMT

@DarrenDev

I suspect that this goes back to your earlier observation that logging on to EE carries with it a great deal more financial implications than does logging on to the BT Community, which is separate from the money stuff.

So in this case, EE’s 2FA, in protecting the baby, carries with it the overkill of also protecting the bathwater 😢

Re: 2FA

Minkey1 — Wed, 06 Nov 2024 13:06:55 GMT

I think i got 3 or 4 chances to defer it, then it applied it anyway.

I understand why, but i hate the fact that due to scrotes we have to be subjected to this, and constantly having to log back in to stuff.

What times we live in.

Re: 2FA

Northerner — Wed, 06 Nov 2024 17:45:23 GMT

Hi @DarrenDev

This is a fantastic move to secure the community, customers and EE. Just a shame authentication app is not an option.

Thanks

Re: 2FA

DarrenDev — Wed, 06 Nov 2024 17:50:00 GMT

I've already raised an issue that it means people without mobile phones will no longer be able to have an EE ID. Relying solely on mobile is a mistake.

Re: 2FA

Minkey1 — Wed, 06 Nov 2024 17:52:25 GMT

I’m far more concerned about my 4 banking apps, each of which I can log into simply and seamlessly with Face ID 🤷🏼

Re: 2FA

XRaySpeX — Thu, 07 Nov 2024 00:04:50 GMT

@DarrenDev : It is indeed! My EE a/c for the Community has no linked EE products on it nor any financial details. So why do I have to protect it with 2FA, let alone needing a smartphone to so, which I abhor, ugh! C'mon, horses for courses!

Re: 2FA

DanBD1 — Fri, 08 Nov 2024 14:49:42 GMT

I wouldn't worry too much about it, i set up 2FA a week ago it's not once asked me to use and logs in with just normal password, like many things on the EE website it's broken

Re: 2FA

DarrenDev — Fri, 08 Nov 2024 14:54:07 GMT

Not broken - it only kicks in when it thinks your activity is suspicious.

It kicks in for me often, as it finds travel suspicious.

Re: 2FA

bristolian — Fri, 08 Nov 2024 15:38:04 GMT

@XRaySpeX wrote:

let alone needing a smartphone to so, which I abhor, ugh!

This is where SMS-based authentication is ideal. It's universal, doesn't need a smartphone and works on any mobile.

Re: 2FA

Minkey1 — Fri, 08 Nov 2024 16:20:09 GMT

Funnily enough,as I was driving back from M&S this aft, EE Executive Complaints rang me. Phone on bt to the car, so OK.

Then,of course - despite it's them ringing *me* - they have to send a txt with a PIN code to the phone they've rung me on, so they can continue the call on the phone they've rung me on.

I'm driving. Phone's in my pocket. It's an offence anyway.

I read it from my watch.

It still annoys me intensely that scrotes have caused this.

Re: 2FA

XRaySpeX — Fri, 08 Nov 2024 16:52:11 GMT

I meant mobile.

Re: 2FA

DanBD1 — Mon, 11 Nov 2024 06:24:25 GMT

SO what your saying is anyone that's on my home network would be able to log in because they think it's me?

The whole point of 2FA is too restrict access to only the user, why on earth would it be based on a different location / network or subnet.

Either enable it full time so it prompts on every login or disable it, sounds like typical half **bleep**d attempt from EE

Re: 2FA

DarrenDev — Mon, 11 Nov 2024 06:32:33 GMT

It's about managing risk. Someone in your home is likely to be trusted. Seeing a login attempt from a different country is less likely to be you - especially if it happens within a short time, e.g. using your account in the UK, but then also using it in Africa in less time than it would take you to travel there.

2FA is there to add an additional level of verification when the login is suspicious, and it's common practice. E.g. my bank prompts for additional validation when the transaction is large, or from someone I haven't used before, but it doesn't prompt from my frequent retailers. Same is true for your bank cards - they'll be blocked if it looks like you're doing something out of the ordinary.

Re: 2FA

DanBD1 — Mon, 11 Nov 2024 06:47:40 GMT

SO someone sits outside my house, snoops my network and gains access to my Wi-Fi, they get into my account and cause chaos.

Who's to blame?

Surely this falls on EE for having a bad 2FA system because it didn't kick in because it thought it was me?

The best part of 2FA when working correctly is I would have got an alert to let me know someone was trying to gain access to my account
I can't log in to my email without going through 2FA every time I log in, why does EE think this step is not required

Re: 2FA

XRaySpeX — Mon, 11 Nov 2024 06:50:55 GMT

No, @DanBD1, each device, browser and device username are considered different. So as an example if you used a Windows PC they would need to login to the your PC as your Windows user and use the browser you usually use to avoid being 2FA'ed. Well you wouldn't be allowing that, would you?

Re: 2FA

DarrenDev — Mon, 11 Nov 2024 06:50:58 GMT

If someone has managed to hack into your WiFi AND have your EE password, then you have bigger issues to worry about.

Re: 2FA

DanBD1 — Mon, 11 Nov 2024 07:05:19 GMT

It doesn't appear to work like that for me, doesn't matter if I'm on my home network, my mesh network or my work network or even incognito mode.
All the above networks are on different IPs and subnets