Skip to main content
Forum FAQ's
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Login requirements for forums seem very excessive.

chrcolk
Skilled Contributor
Skilled Contributor

‎10-11-2024 03:31 AM

Hi I have observed the login session if not used for a day or so (maybe even less) will expire, which seems an extremely short period to automatically log someone out.  However with my browser able to auto fill the login details its still not too inconvenient to login again.

However I now have got a prompt that future login sessions will need 2FA, just to login to the community.

I dont know if EE have had an issue with compromises or something, but the combination of a rapid expiring login token and 2FA to login to a forum seems really excessive, can the 2FA be made optional or if its enabled, can the session be remembered for a reasonable time e.g. 1-3 months?

3 REPLIES 3
chrcolk
Skilled Contributor
Skilled Contributor

‎10-11-2024 03:37 AM - edited ‎10-11-2024 03:39 AM

I missed this thread before making my own, but I think its the combination of an extremely short login session that kills this for me, there is simply no need to require a login multiple times a day alongside 2FA on a community forum.

Now I have seen it mentioned its for the global ID system, which I presume is also used for the EE control panel, but I think a better solution is one of the following.

Options.

1 - No 2FA but short login expiry.  No changes made to account possible, read only access on member control panel, forum works as normal. 
2 - 2FA, long login expiry, it only deauthenticates on change of browser (it wont deauthenticate on browser version change, thats very bad practice).
3 - No 2FA as is now, but if want to make a change on account control panel, tariff, settings etc., 2FA auth is required, many other services operate similar to this, and would be far more sensible.

The current plan seems a bit lazy like a sledge hammer approach.

@DarrenDevI hope this post is taken seriously and options considered.

XRaySpeX
EE Community Star
EE Community Star

‎10-11-2024 06:26 AM - edited ‎10-11-2024 06:27 AM

You'll only be asked to 2FA the 1st time on the same device browser in the same location.

If you think I helped please feel free to hit the "Thumbs Up" button below.

To phone EE CS: Dial Freephone +44 800 079 8586 - Option 1 for Home Broadband & Home Phone or Option 2 for Mobile Phone & Mobile Broadband

ISPs: 1999: Freeserve 48K Dial-Up > 2005: Wanadoo 1 Meg BB > 2007: Orange 2 Meg BB > 2008: Orange 8 Meg LLU > 2010: Orange 16 Meg LLU > 2011: Orange 20 Meg WBC > 2014: EE 20 Meg WBC > 2020: EE 40 Meg FTTC > 2022:EE 80 Meg FTTC SoGEA > 2025 EE 150 Meg FTTP
Midnight_Voice
EE Community Star
EE Community Star
In response to chrcolk

‎10-11-2024 08:32 AM

I’m on 2FA now, and despite being asked to log on multiple times a day, as usual, it only asked me for the 2FA once, and all the subsequent logins have just been the usual account and password.

Same house, same broadband, same device, same browser; I daresay if any of these things change, or maybe just the passage of further time, I’ll get asked again.

But this is bearable so far, and better than I had feared.

*Longtime YouView box owner & broadband customer (was BT now EE), but only recently a full EETV subscriber*