Account action required: two step authentication [Resolved]

We’ve set up an additional method for logging in to ensure members have a secure experience in community.

What?

  • Two-factor authentication is being set up meaning that there will be a second step for logging in to access your community account. Previously, you just needed one (your email address).
  • With two-factor authentication, you’ll also need a code to log in. This makes sure that your data is more secure.
  • This is a temporary measure (for a few days) whilst our tech team are making some background updates to improve the security of community.

How?

  1. Firstly you’ll need to download the authenticator app on your mobile.

  2. On your phone, download Google Authenticator app in your IOS app store for Apple Devices or Google Play Store for Android.

unnamed (1)

  1. Once the app is open you’ll need to add Bulb community to click the ‘+’ and ‘scan a QR code’

  1. When the camera pops up, you’ll need to head to community where you’ll be asked to type in your password again.

unnamed (3)

  1. Click ‘new authenticator’ under Token-based authenticators. You can also set up a security key as on option:

unnamed (4)

  1. Scan the code with the app on your phone. (remember to use the newly downloaded app on your phone - the camera you might have used at the pub won’t work for this):

unnamed (5)

  1. This will add Bulb community to your phone.

  2. A temporary code will appear which you enter in the ‘code’ section above to enable.

  3. Once that’s done, your name should appear under ‘New Authenticator’. Everything is set up. You can then click out of this page to carry on around community as you were.

unnamed (6)

  1. Each time you log into community you’ll need to check the app for the additional code and put it in here:

unnamed (7)

Why?

  • Members have recently flagged some spam posts so we’re running more checks.
  • Keeping your data safe is absolutely essential.
  • You’ll just need an extra code to log in.

Our security team are updating this process so you won’t need it forever. If you have any trouble following this method please feel free to DM a moderator to help set this up for you

I think forcing 2FA for this site will just kill participation. Although I understand the rationale (trying to get rid of the spambot idiots), I think it’s manifestly excessive.

Just a heads up, the banner explaining this (and to contact people) isn’t shown until after you’ve setup 2FA :frowning:

Is this hassle to stop people commenting surely there is an easier way

Morning everyone :sunrise_over_mountains:

Thanks for your feedback.

@stevefoster I appreciate the extra step means extra hassle - we’re just using this as a temporary measure for a few days while our security team make some background updates.

@RichyB With regard to the banner, I know it isn’t ideal, but it does come up when members are logged out of community so it’s still worth having it there for those members.

@6964 A few spam posts have been made recently, which is why we’ve brought in this extra step. Keeping everyone’s data is crucially important. I assure you that we want to increase activity on community, and keep the posts coming, so this is not a decision that we’ve taken lightly.

Due to your points, I’ve now amended my post to include a bit more information about why we’ve brought this step in. I’ve also included that this is a temporary measure whilst our tech team work on making community more secure without 2 factor authentication.

Keep the questions coming, your feedback is really useful.

Many thanks,

Niamh :bulb:

Hi Niamh.

I’m really happy to see a website forcing 2-factor authentication (thought this isn’t sustainable for a community forum) , and think that this should be added on the main bulb account page too. 2 Factor-authentication is essential for the security of online accounts in this modern world and should be seen more. People initially see it as an unnesccacery chore until they do get their password found, which some people use (the same) for all their accounts, allowing someone to access every account of theres (if you do this, please use a different password for your accounts)

There should be a better explanation on how to do this though. I already have 2-factor authentication systems setup as they are essential for what I do, but many community members need this explanation before, maybe a blog post that the 2-factor setup page is linked to could work.

That is true, but on the community it should only be temporary. I think it should be gently forced onto the main bulb account page though, or at least an option to do such. The reason why there doing this isn’t just for the spambots unfortunately.

Hi all :wave:

You will have seen the above post on 26th April about implementing two factor authentication on all community logins.

This was a temporary measure whilst we ran a cookies wipe and our security team ran some updates. This has now been completed, meaning that community no longer needs an app/generate a code for logging in.

We can all continue posting and discussing things as normal. As ever, feel free to message any questions over to me.

Have a lovely Wednesday,

Niamh :bulb:

Hi @Niamh_at_Bulb ,

I’ve just tried replying to somebody on the forum and including links to the Bulb Moving Home page and the help system, but I received a “Sorry, you can’t include links in your posts.” message. Is it possible to at least whitelist bulb[.]co[.]uk and help[.]bulb[.]co[.]uk if nothing else (hopefully allow “trusted users” permission to post links).

Hey @RichyB,

We’ve had to block any links being posted temporarily just while we upgrade our site for security purposes. This shouldn’t take much longer, and then links will be back to be posted freely as it should be!

All the best,
Georgie