SteveW_52
Level 22: Superhuman
Level 22: Superhuman

CrowdSupport Two Factor Authentication

For a few weeks now, I have been using the TFA process that has been forced on the CrowdSupport community. I am generally in favour of properly applied TFA processes, but I do have wonder what riches it is protecting in the case of CrowdSuupport, when I don't need to do the same for my Telstra account? As CrowdSupport is a volunteer forum to assist other Telstra customers, it is puzzling why Telstra impose such a restriction on members?

 

It extends the time to get logged in so that I can provide my meagre input in to solving Telstra customer issues. I generally use a browser to get to CrowdSupport, but that can be from one of several machines so the process of obtaining the code can get a bit tiresome. Luckily I have figured out that checking the 'Remember me' box on the first login on any machine, will allow me to reconnect after I am timed out, without needing a code - until I reboot that device.

 

The TFA process is frustrating enough, but what really irks me about the proce3ss has forced on us, is that after every successful log-in on a browser, I get an email from Telstra warning me of an unusual log-in - when all I have done is correctly follow the process. Why is that? Is this another half baked concept from the Telstra web gurus? It seems a bit wide of the intended mark if that is the case. It isn't an 'unusual login' it is the correct Telstra process?? 

 

Oddly, it seems the same requirement is not applied to the access to CrowdSupport from the app? I haven't checked that myself but have been advised of this by others.

 

Rant over, lovely Sunday morning and hopefully today will end the current lockdown in Brisbane...  Just wanted to say my piece about this new process...

 

Stevo 52
Too many devices, probably an addict 🙂 also a tinkerer and developer of stuff..
Not with Telstra, just another customer like you!

Was this helpful?

  • Yes it was, thank you
  • No, I still need help
17 REPLIES 17
cf4
Level 25: The Singularity
Level 25: The Singularity

Re: CrowdSupport Two Factor Authentication

The two factor identification only occurrs if the server does not recognize the device or app.

 

Do you have clear cookies on close turned on in your browser?

SteveW_52
Level 22: Superhuman
Level 22: Superhuman

Re: CrowdSupport Two Factor Authentication

Yep, I keep cookies cleared...  I am adverse to letting cookies and cache bulk up and in the course of a day I do have to visit a lot of sites...  in the past I have had hacking attempts through cookies and also from apps that stay open and can't be turned off (FB Messenger for example)..  so I prefer not to use them..

 

This doesn't happen with other TFA systems I use (M$ and Google)...  using the same browsers/machines..

Stevo 52
Too many devices, probably an addict 🙂 also a tinkerer and developer of stuff..
Not with Telstra, just another customer like you!
SteveW_52
Level 22: Superhuman
Level 22: Superhuman

Re: CrowdSupport Two Factor Authentication

@cf4  - the cookies are an explanation for the repeated TFA code requirement, and I can live with that I guess, but why the email everytime, that is the biggest annoyance? It isn't an 'unusual' login in, it is the required process, as stipulated by Telstra....

Stevo 52
Too many devices, probably an addict 🙂 also a tinkerer and developer of stuff..
Not with Telstra, just another customer like you!
cf4
Level 25: The Singularity
Level 25: The Singularity

Re: CrowdSupport Two Factor Authentication

Google uses two factor identification if it doesn't recognize the IP address or the browser, When I had clear browser cookies turned on I would be prompted for identification if i had rebooted the modem. 

 

Yes I agree the email is annoying. Google not only sends an email bit also sends a notification to all your android devices and your backup email address which is even more annoying.

 

I originally enable clear browser cookies on exist not for security reasons but due to frequent faults occurring when using crowdsupport (Example This action could not be completed). I disabled this after the two factor authentication and the original problem has not reappeared so assume it has been fixed. 

SteveW_52
Level 22: Superhuman
Level 22: Superhuman

Re: CrowdSupport Two Factor Authentication

I don't have that issue with either M$ or Google - I don't get one at all in those instances (maybe because the login is NOT unusual?) or I must have something set differently - but I like it as it is, once I get the code, all is good..  and that is easy to manage..

 

The Google 'unusual activity' email for logins (not TFA ) is like that though, but using IMAP access keeps all the devices accessing that account synched it seems - only one response required.. 

 

I am not one of those people that has to be joined at the ear to my mobile/accounts - I actually like to turn things off unless I am using them...

Stevo 52
Too many devices, probably an addict 🙂 also a tinkerer and developer of stuff..
Not with Telstra, just another customer like you!
cf4
Level 25: The Singularity
Level 25: The Singularity

Re: CrowdSupport Two Factor Authentication

The two factor google authentication used to occur when accessing Drive, You Tube or email using a PC browser with delete cookies on exist enabled..

 

I usually only have the devices that I am using turned on. I use one Android device for VOIP so usually get the message on two devices plus the emails. 

SteveW_52
Level 22: Superhuman
Level 22: Superhuman

Re: CrowdSupport Two Factor Authentication

Devices 'used' to do lots of things but have changed a lot since I started playing with them in the late 60's - not all changes are for the better though IMO..  a lot of things are forced on us..  or we actually change them ourselves to suit our needs (mostly the latter in my case)...

 

On any given day I have up to 4 windows devices running and 3 or 4 mobile devices - all doing stuff..  and that doesn't include all the remote devices that run 24/7..  

Stevo 52
Too many devices, probably an addict 🙂 also a tinkerer and developer of stuff..
Not with Telstra, just another customer like you!
Mkrtich
Level 21: Augmented
Level 21: Augmented

Re: CrowdSupport Two Factor Authentication

Thanks for the tip on the 'Remember Me' option. Will give it a go. Smiley Happy 

SteveW_52
Level 22: Superhuman
Level 22: Superhuman

Re: CrowdSupport Two Factor Authentication

It works for me, but if I want to log into my actual Telstra account (has a different username), that messes it up...  Smiley Frustrated

 

but I don't have to do that very often...

Stevo 52
Too many devices, probably an addict 🙂 also a tinkerer and developer of stuff..
Not with Telstra, just another customer like you!
Mkrtich
Level 21: Augmented
Level 21: Augmented

Re: CrowdSupport Two Factor Authentication

Hi - interesting development. Over the past two weeks, I have received three  'Unusual Sign On Activity' emails from Telstra when I sign in from my wired to LAN Win 10 HP PC which uses Edge showing what I think may be false positive indications about the device and the Operating Systems. The Telstra DHCP allocated WAN IP address is correct on all occasions but the device information not so.

 

Two emails reveal devices that I don't have, different Samsung Mobile Phones with Android OS and on the third occasion I got this - Operating system: iPod, iPhone & iPad and CPU iPhone OS 14_6 like Mac OS X, five seconds before the next Notification email which was my HP PC logging in.

 

Discounting any premonition of some talented clairvoyant who has instigated a sophisticated  man-in-the- middle observation by logging in five seconds before I log-in - perhaps I mucked up the sign in process which does occur at times, and then I retried it again 5 seconds later, however I didn't use an Apple device.

 

Perhaps the Telstra Authentication Server is confused by retaining cookies from visitors who do have Samsung mobiles and my wife has an iPhone with that OS version (but they don't know my log-in details). My son and grandson have Samsung phones and are connected to my modem when visiting, generally playing Pokemon, so their device information may be retained by Telstra somehow through cookies. 

 

I changed my account and email password as a precaution.  Is anyone else getting false positives? 

cf4
Level 25: The Singularity
Level 25: The Singularity

Re: CrowdSupport Two Factor Authentication

The only time I get the warning is if I clear the cookies on the browser or set the browser to clear cookies on exit.

Mkrtich
Level 21: Augmented
Level 21: Augmented

Re: CrowdSupport Two Factor Authentication

Thanks @cf4 - will experiment with Disabling Cache and Cookie Settings and see what happens. In one sense it is good to get the Notification of Sign In activity in case of third party interference.  

SteveW_52
Level 22: Superhuman
Level 22: Superhuman

Re: CrowdSupport Two Factor Authentication

I use Brave browser on all the devices I log in to CrowdSupport with, and I have that set to clear cookies and cache on exit.  I am fine with that triggering the login when I log-in again after rebooting the PC, even though I have a static IP address from Telstra.

 

Provided I remember to check the 'Remember Username' option on the first log in of the day on any device, I can go in and out of Crowdsupport with just the username/password credential check...  that's all good too. And I have tested and proved I can have several devices logged in via TFA and operating at the same time - with just the timeout reentry log-ins to deal with.

 

I am 'cookie' challenged, have been for many many years,  and don't like have 1000's of them on any device, as Telstra (and advertisers) wants us to do - so I cand deal with the setup as it is and Telstra TFA in general..  and there must be some latent cookie information leading to what is happening in your case @Mkrtich .  That kind of retained information behaviour is exactly what I try to avoid for other software/sites and especially my IoT stuff.

 

But the 'Unusual Log-in' emails after each TFA login do irk me a bit. With all devices being on the same IP and Browser, those email is pretty meaningless because they are all the same, as well as being unnecessary because the login was in fact a USUAL login. If I was just being advised of true unusal log-in I could undestand it, but I think Telstra has it the wrong way around. I don't know for sure but the way the TFA has been setup by Telstra, could a rogue, unauthorised access actually occur? Anyone seen one?

 

 

Stevo 52
Too many devices, probably an addict 🙂 also a tinkerer and developer of stuff..
Not with Telstra, just another customer like you!
Mkrtich
Level 21: Augmented
Level 21: Augmented

Re: CrowdSupport Two Factor Authentication

@SteveW_52 Thanks for sharing your experiences.  I also find since I activated Remember Me, that after a few hours away and coming back to my desk, if I select a Reply to a post, I get the Red Authentication Error Box, thinking I have been blocked, I attempt a Sign Out and that gets me back into the post that rejected me. I have turned OFF Clear Cookies on Browser Exit and Cache+Files and will see how I go. Maybe clear them out once a week or whenever I remember. 

SteveW_52
Level 22: Superhuman
Level 22: Superhuman

Re: CrowdSupport Two Factor Authentication

If I have left CrowdSupport open and it times out, I usually see a 'Hello' message (without my username)..  then I just go to the Sign Option either is the side menu or from the top bar and sign in again (after all, have already been signed out)..  in that case, as long as I have previously checked the 'Remember Username' option, I am logged in without needing TFA...

Stevo 52
Too many devices, probably an addict 🙂 also a tinkerer and developer of stuff..
Not with Telstra, just another customer like you!
Dowser
Level 21: Augmented
Level 21: Augmented

Re: CrowdSupport Two Factor Authentication


@Mkrtich wrote:

<snip>

Two emails reveal devices that I don't have

<snip>

Is anyone else getting false positives? 


I have also experienced the occasional false message. One today stated:

 

Time and date: 10:20:49 16/08/2021
Location: Australia
Operating system: macOS


however, I do not own a macOS device.


I have noticed that the incorrect one comes at the same time as a correct one (they come as a pair).

Mkrtich
Level 21: Augmented
Level 21: Augmented

Re: CrowdSupport Two Factor Authentication

Thanks for the feedback @Dowser . Turned out that the two Samsung mobiles in the Usual Sign On Notifications are not owned by my son and grandson. Hoping it is an issue with the Telstra Server.

 

I notice on my Arcadyan LH:1000 that although the Telstra Air Icon is no longer showing on welcome sign-in screen of the modem's GUI, that both Telstra Air and Fon are showing as Green ON status in the Telstra Air Folio which still is displayed under the Wi-Fi Icon. The ability to activate or deactivate it from the My Telstra Account sign-in has also been removed, so I concluded it also is another false positive. 

 

Two weeks ago I had a 1 User showing up on FON, so I reset the modem and no user has showed since then. 

Set it & forget it

With direct debit there’s no need to give paying your bill another thought.

Avoid queuing up and never worry about late fees again.

Setup direct debit