• Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
    Once you have enabled 2FA, your account will be updated soon to show a badge, letting other members know that you use 2FA to protect your account. This should be beneficial for everyone that uses FSFT.

Compromised Accounts

Yippee38 said:
Is there a way the powers that be could give us an option for how long our 2FA is stored? Having to enter the code (on every device I have) ever month sucks. How about 90 days as an option for those of us willing to live dangerously?
Click to expand...
I feel like there is a way to disable it entirely, although it's hard to recall
 
Yippee38 said:
I don't necessarily want to disable it. But this is the only 2FA site that I visit that requires the code every 30 days. It's just inconvenient. I guess security over convenience. <shrugs>
Click to expand...
Agreed there. Confirming on multiple devices every month is a bit annoying. But the only other option is 2FA disabled entirely. When it was first implemented I think there was a bug that made me reauthenticate every week or something like that.
 
Yippee38 said:
I don't necessarily want to disable it. But this is the only 2FA site that I visit that requires the code every 30 days. It's just inconvenient. I guess security over convenience. <shrugs>
Click to expand...
I set every site to ask after each login/don't remember me. As long as I don't need to login every time I visit the site, it doesn't bother me. 🤷‍♂️
 
Yippee38 said:
I don't necessarily want to disable it. But this is the only 2FA site that I visit that requires the code every 30 days. It's just inconvenient. I guess security over convenience. <shrugs>
Click to expand...

it take a few extra seconds to log in, its not horrible....what is horrible is the stress it induces everytime it happens because I fear I didn't something stupid and got sent to time out :)
 
Bigbacon said:
it take a few extra seconds to log in, its not horrible....what is horrible is the stress it induces everytime it happens because I fear I didn't something stupid and got sent to time out :)
Click to expand...
Sometimes it takes a few extra second. Sometimes, I don't have my phone handy with my 2FA app. So then I have to go get it. It's annoying.

Ironically, I got a e-mail notification that somebody responded to this thread. I clicked on the link, I had to enter my 2FA. <sigh>
 
Yippee38 said:
Sometimes, I don't have my phone handy with my 2FA app. So then I have to go get it. It's annoying.
Click to expand...
I have to do this so often anyway for other sites that I just don't see this as a big deal at all. I guess it boils down to individual use cases and how accustomed to 2FA that each of us are, but if [H] is the only site you use that requires a code every 30 days, consider yourself lucky! Seriously. Between work and personal accounts, I'm checking and entering codes from my authenticator apps on a daily basis. And the more secure ones like my finance & banking sites require a new code to be entered every time I log in. So, every 30 days feels like a non-issue to me. I don't always keep my phone at arm's length so when I go to log into a site that requires a 2FA code I sigh briefly, go and get my phone from whatever room it's in, enter the code and then go on about my day.
 
Tech oriented site requiring 2FA? Every month? The travesty!

Seems we have had WAY less issues overall since implementing this. I frequent the fs/t often and have rarely come across a scammer especially in recent months. There was a time prior to that we had a new scammer every other thread.

It has cleaned up the community imo. If I have to enter a code once every 30 days that’s just fine.
 
I have multiple boxes, it doesn't take that long to verify the 2fa stuff and lose IQ in the Wife's little sister thread.

Typing number stuffs from email hard.....
 
If it is a big deal to re-auth, I would suggest you just use a strong password that you only use on HardForum. Doing exactly that has never posed a security risk here. Account security has only been an issue with accounts using passwords shared across other sites where security has been in question.
 
FrgMstr said:
If it is a big deal to re-auth, I would suggest you just use a strong password that you only use on HardForum. Doing exactly that has never posed a security risk here. Account security has only been an issue with accounts using passwords shared across other sites where security has been in question.
Click to expand...
Always have. Always will.

I don't understand how, in 2025, people can, or would want to have an online presence without a password manager.
 
Lateralus said:
I have to do this so often anyway for other sites that I just don't see this as a big deal at all. I guess it boils down to individual use cases and how accustomed to 2FA that each of us are, but if [H] is the only site you use that requires a code every 30 days, consider yourself lucky! Seriously. Between work and personal accounts, I'm checking and entering codes from my authenticator apps on a daily basis. And the more secure ones like my finance & banking sites require a new code to be entered every time I log in. So, every 30 days feels like a non-issue to me. I don't always keep my phone at arm's length so when I go to log into a site that requires a 2FA code I sigh briefly, go and get my phone from whatever room it's in, enter the code and then go on about my day.
Click to expand...
For my work website, I have to re-auth about every 3 days. And, when I'm on a company machine, I have to auth on every machine I use (and using multiple work PCs, and multiple locations is very, very common in my job).

I'm a fan of 2FA. But mostly for stuff that has my financial, or personal data. For a web forum? It seems overkill (though I understand the need for it from the Admin. side).
 
Yippee38 said:
Always have. Always will.

I don't understand how, in 2025, people can, or would want to have an online presence without a password manager.
Click to expand...
Then why do you want the system changed to protect us from those that do not?
 
Yippee38 said:
For my work website, I have to re-auth about every 3 days. And, when I'm on a company machine, I have to auth on every machine I use (and using multiple work PCs, and multiple locations is very, very common in my job).

I'm a fan of 2FA. But mostly for stuff that has my financial, or personal data. For a web forum? It seems overkill (though I understand the need for it from the Admin. side).
Click to expand...
Then don't use it.

You thoughts are noted.
 
Yippee38 said:
I'm a fan of 2FA. But mostly for stuff that has my financial, or personal data. For a web forum? It seems overkill (though I understand the need for it from the Admin. side).
Click to expand...
You do realize that the entire purpose of 2FA being enabled and recommended here is financial protection, right? There are folks in FS/FT sending random internet screen names upwards of thousands of dollars in a single transaction - e.g. a 5090 for $3k easily comes to mind. I'm having a hard time understanding how wanting a potential extra layer of protection there wouldn't be desirable.
 
SunnyD said:
You do realize that the entire purpose of 2FA being enabled and recommended here is financial protection, right? There are folks in FS/FT sending random internet screen names upwards of thousands of dollars in a single transaction - e.g. a 5090 for $3k easily comes to mind. I'm having a hard time understanding how wanting a potential extra layer of protection there wouldn't be desirable.
Click to expand...
I already said I'm sorry I asked. What else do you want from me?
 
What's nice about how it's setup currently with the 2FA banner (rather than outright preventing people from using FS/T if they don't have 2FA) is that you can then make a judgement call of whether not to deal with the person. If I'm buying a $50-$100 item or something like that I'm not too concerned that somebody is posting that as a scam and it wouldn't be nearly as painful if I got scammed out of $50(compared to $1000 for example), so I would probably just move forward with the deal. It keeps the onus on us to be smart about who we deal with and the circumstances around it and keeps some personal responsibility involved. IMO having the 2FA banner has been great and I really appreciate being able to quickly see if somebody has 2FA enabled or not or whether in FS/T or even in the other sections if just clicking a link that's potentially spam or something like that. I think getting the 2FA banner was a great middle ground between forcing 2FA on everybody which a lot of people would hate, or most people not having it at all (not that my opinion matters lol, but just wanted to mention it's been super helpful and was a great move).
 
GoldenTiger said:
Ask them to enable it then? If they won't, there's your answer. :)
Click to expand...
1755951570470.png




with or without the 2fa, fs/t is still a "buyer beware, youre on your own" situation....
 
GoldenTiger said:
Ask them to enable it then? If they won't, there's your answer. :)
Click to expand...
Sorry to wake this thread up but I have seen many requests for accounts without 2fa to enable 2fa.
Let's say Bob3399's account (fake account) was compromised there is nothing stopping the bad actor from enabling 2fa on the account is there? Am I missing something?
That being said, I am not going to discourage the request to enable 2fa, I strongly believe we should encourage it our members to have 2fa.
 
CaffeineMan said:
Sorry to wake this thread up but I have seen many requests for accounts without 2fa to enable 2fa.
Let's say Bob3399's account (fake account) was compromised there is nothing stopping the bad actor from enabling 2fa on the account is there? Am I missing something?
That being said, I am not going to discourage the request to enable 2fa, I strongly believe we should encourage it our members to have 2fa.
Click to expand...
You are correct. If an account is already compromised, it is what it is. However, if YOUR account is not compromised and you turn on 2FA, that is simply another huge hurdle for your account getting compromised. And if you believe an account is compromised and you bring it to our attention, I can tell pretty damn quick whether it was compromised or not. I have spent days profiling many accounts here and have banned many accounts. I think I have only gotten one wrong yet, and that person reached out and I remedied the situation.
 
CaffeineMan said:
Sorry to wake this thread up but I have seen many requests for accounts without 2fa to enable 2fa.
Let's say Bob3399's account (fake account) was compromised there is nothing stopping the bad actor from enabling 2fa on the account is there? Am I missing something?
That being said, I am not going to discourage the request to enable 2fa, I strongly believe we should encourage it our members to have 2fa.
Click to expand...
I just got the weirdest PM from you/your account. Only thing I can think of is it's hacked... ironically.
 
SunnyD said:
I just got the weirdest PM from you/your account. Only thing I can think of is it's hacked... ironically.
Click to expand...
Ya that was a bad PM from me, I should have been more careful, sorry. I am back from my temp ban. I proved myself to be me with the admins. The system works!
If you want more irony: I was meeting user 1.1.2.3.5... in real life the same day I got banned. Before I meet with him, suggested that he set up his 2fa before I meet him then I could "authenticate" him if anyone had doubts. He is indeed real as I shook his hand.
 
You must log in or register to reply here.
Back
Top