dsmmrm's profile

Thu, Feb 25, 2021 1:14 PM

Multi factor Authentication fail

I have to get an email and verify my device every time I login from either of my 2 primary PCs and my phone. I am a cybersecurity professional, I get why MFA is important but the email I use for SS is not available on every device I might want to check my SS account or cameras with so verifying the email every single time is problematic. I am not against doing it for every device the first time it is seen. I am getting the prompt every time I access SS. There is no prompt to remember a machine for 30 days or whatever other vendors use for this purpose. This is untenable for me. You need to implement MFA in a more industry standard way.

Captain

 • 

4.7K Messages

Il y a 1 a

@dsmmrm a question from a non IT professional: do you use a VPN by chance?

Community Admin

 • 

469 Messages

Il y a 1 a

Hi @dsmmrm,

When a browser logs into SimpliSafe for the first time, it automatically generates unique IDs that are stored in the browser's cookies and local storage. If something is clearing either of those for your browsers, it will cause new ones to be generated which will require verification through your email again. Do you have any programs that run automatically such as CCleaner? Programs like these can delete cookies and local storage from your browsers. Also, browsers such as Chrome may have a setting such as "Clear cookies and site data when you quit Chrome" which will also cause this issue.

SimpliSafe Social Team
SimpliSafe Home Security

11 Messages

Il y a 1 a

Captain11: In my house now 1 windows machine is on VPN, 3 are not. I use SS on all of them. The one on the VPN is the least affected by this in that I only get the MFA interaction occasionally, not every single time like the others. There are 3 android phones that also access SS. MFA requests come up sporadically on those.

Team S: I am familiar with the various ways of cleaning cookies and I do not use any at the moment. Counter to the guidance of my own profession I allow a lot of non-essential sites to log in automatically with cookies. I do not do this with SS, I still use a password manually. It is only recently that the MFA process started this behavior. Also, frequently I have to do it twice as it will return to the same screen immediately after checking the verify email box. That behavior is described in another incident in this forum.

Is there a possibility to use a different method for MFA, like SMS or an authenticator app?

Captain

 • 

4.7K Messages

Il y a 1 a

@dsmmrm thanks for answering my question. I have no issues with SS 2FA on Edge, Chrome or FF, but if I do clean my computer, I have to do 2FA again, and once for each browser used. Other than that,  I do not have to reauthenticate. Example: I can go weeks using Edge with no issues.  When I do use my VPN, all cards are off the table. Only other thing is that I do use a PW Manager, attempting to see what may be different.

217 Messages

Il y a 1 a

Definitely would prefer actual 2FA in the form of TOTP (aka "authenticator app").

I use FreeOTP+, which is excellent.  (And Free as-in speech, and free as-in beer.)
I agree, I don't mind using MFA, but it needs to be convenient and email just isn't.

An upgrade to a modern MFA platform, TOTP, push notification (cell phone, watches, browser, etc), text message, etc; as well as a preference option for primary and secondary sources.

MFA is great except when it gets in the way and is ultimately abandoned due to the hassle.

Advocate

 • 

2.8K Messages

Il y a 1 a

SS and Chase are the only ones in the world who give me this grief on a constant basis.  The email verification is quite frankly, a PITA.  Oh wait, it's only half as bad as SS's failure to create ONE login to browse site-wide (i.e., from forum directly to account, back to forum, etc, I guess that's just way too hard to contemplate a single login fix).