New Two Step Login?

[BugI02]

It's possible they don't know how the scammers got access to the accounts.

This does not speak to the question of whether INGO has had a breach. They should pretty quickly be able to tell whether or not that happened and disclose that information

 

[BugI02]

That’s not how it works.

Or at least that is what they tell you

They probably don't read your email either, or know your cloud storage password

 

[yepthatsme]

If the concern is about scammers and hackers in the classifieds, then why not put the extra login security in place when placing an ad instead of requiring members the extra steps each login? And how do we know the hack wasn't from capturing passwords on compromised devices? I do know that I used to really enjoy logging into INGO and reading the discussions and sometimes participating if I thought I might have something to add. But this login procedure is frustrating to me.

I continually have to put in an email code, which I don't receive the email until after it has expired even though the trust this device has been selected. Sometimes it doesn't show up in my email inbox until hours later. I end up using the backup codes that I was finally able to obtain, but I am quickly running out of those. So far, I haven't been able to find any information on how to fix my logins so that I might not have to continuously use codes to login and no way to contact anyone for help when my logins fail since you have to be logged in to send a message. This added frustration changes my mood and affects my desire to participate as well. I'm not required to perform a login process like this even when I access my investment accounts.

I'm just an old fart and I know most here will just pass this post off as a rare occurrence, but what if I'm not the only one? How many members will just give up due to the unwanted login challenge? I know that it has affected me already and I know that soon I will just become a lurker like I was years ago and not login. I'm already adjusting to not logging in everyday or even visiting the website. I do hope that an answer will be found, but I don't think those on the left could do a better job in trying to disrupt a conservative pro-gun website.

 

[DoggyDaddy]

You can disable 2FA on your account. Click on your username at the top of the page and you will see this see this screen:


Click on Password and security and it will take you to this screen:

Where you see Two-step verification at the top of that screen, yours will say Enabled. Click on Change to the right of that and it will take you to this screen:

Enter your password and click Confirm, and then you will be taken to this screen:

Since you are using Email confirmation, your button on the right will say Disable. Click on that. Then you may get a message to enter a code (I don't remember) to confirm your choice. If so, the code will be sent to your email address. If you don't get prompted to do that, you may just need to click Okay or some such. Hope this helps.

 

[LANShark42]

2FA is a PitA. I can see it for a bank account. But on a freaking gun forum?!?

 

[Cameramonkey]

2FA is a PitA. I can see it for a bank account. But on a freaking gun forum?!?

Under the exact circumstances that caused it to be turned on? Absolutely YES.

In case you missed it:
Hacker breaks into your account.
Hacker posing as you posts ad for a stupid cheap nonexistent product and only accepts online payments. (e.g. $1,000 NV goggles for $300)
Another user thinks you have a good history and are trustworthy and sends "you" funds electronically.
Hacker disappears with the money and you're getting blamed for scamming the other user.

 

[KLB]

Just about any site you log into is a candidate for MFA. It's easier when you can get a push instead of enter a code, but that isn't always possible