The Water Cooler

Expand all | Collapse all

Two factor authentification settings

  • 1.  Two factor authentification settings

    Posted 15 days ago
    Edited by Carsten Schmitz 15 days ago
    ​Hi.

    The forums now appear to employ two factor security. The box on the input field allows me to "cache" the second factor for five minutes, then I need to jump through that hoop again.

    Seeing how this is a publicly visible forum where virtually anonymous people post, not home banking or the nuclear launch app*), I kindly question whether this is entirely justified.

    Maybe you'd want to consider if that doesn't serve to put people off.

    Best regards,


    *) why yes, there totally is one! Available on the dark web for Android only.



    (edit: I am not asking for it to be switched off, only for it to be set to a reasonable interval like a week or so, remembered via IP address or cookies or some such).


    ------------------------------
    I will not respond to PM asking for help unless there's an actual reason to keep the discussion off of the public forums.
    ------------------------------


  • 2.  RE: Two factor authentification settings

    Posted 14 days ago
    @Carsten Schmitz  -   I am working internally on resolving the forced two-factor authentication for the Community.    All external applications were auto rolled into the new company SSO program on Dec 18th.   I missed the email and have now requested an exemption for Okta on Community.    I will post an update to this thread when this issue has been resolved.

    @Lenn Thompson , @Diane Craddock and @Christopher Hackett ​​​​

    ------------------------------
    Thank you
    Jason
    Community Platform Owner, IT
    ------------------------------



  • 3.  RE: Two factor authentification settings

    Posted 14 days ago
    I fully support that.

    On top, the user experience is very poor with the current implementation. Why do I have to do an extra click for triggering the OTK message? It should be sent automatically. Not to mention that sometimes I experience a delay of several minutes until the message arrives in my inbox.


  • 4.  RE: Two factor authentification settings

    Posted 14 days ago

    @Jason McClellan Thanks! Much appreciated.



    > ​On top, the user experience is very poor with the current implementation.

    +1.

    I didn't want to pile on it, but I also looked at my inbox the first time until I realized I need to trigger the email with a button, and it does not get sent automatically when trying to log in, like with virtually 99% of all other sites.


    > ​I experience a delay of several minutes until the message arrives in my inbox.

    This I can not confirm. Takes about 10-15 seconds for it to arrive for me. Much like with the Javascript overload on various websites that blows up in corporate proxies, however, one could make the case that delayed mail routing by virtue of silly appliances is an unfortunate reality of many corporate customers. And e-mail has conceptionally never been intended as a real-time thing, so it's not a great choice for two factor, at least not as the only available means. But since Jason said he'll strive to get rid of it altogether, that*s a moot point.

    Best,
    Carsten

    ------------------------------
    I will not respond to PM asking for help unless there's an actual reason to keep the discussion off of the public forums.
    ------------------------------



  • 5.  RE: Two factor authentification settings

    Posted 14 days ago
    @Michael Schoch  - I recently noticed that negative change internally ​and asked the same question.   I'm not sure what you see as options but besides text I have other options like Symantec VIP and a few others.   Either way, whatever the default is it should send immediately.    Cheers ~jm

    ------------------------------
    Thank you
    Jason
    Community Platform Owner, IT
    ------------------------------



  • 6.  RE: Two factor authentification settings

    Posted 14 days ago
    As long as people are piling on...

    This two factor authentication isn't only for Communities. I also get it when I log in for tech support.  Which raises the problem of a critical issue being worked at a time that for whatever reason e-mail isn't working. It happens. And it will be ugly when it does.

    And I agree with everyone else: It took me some time to figure out that the reason I hadn't gotten an e-mail with a code was because I had to tell it to send it. That's just very poor design. At least indicate that requirement on the screen.

    I have heard these same complaints from several coworkers.


  • 7.  RE: Two factor authentification settings

    Posted 14 days ago
    First, are you saying two-factor authentication is on for casupport.broadcom.com?    We have multiple support sites depending on the division.  Brocade, CA are a few.  We are working towards creating a single front door for all support to simplify customers getting in via one URL to the support site.   I'll ask my manager who leads all support related websites if he is aware and ask him if he actually chose to activate or was auto-enrolled.    I agree with adding an additional hurdle for this type of support site is problematic.    As someone mentioned this is not a financial site but the user should still have the option to activate two-factor authentication if they choose to.     Thanks for the note, I'll escalate.   ~jm

    ------------------------------
    Thank you
    Jason
    Community Platform Owner, IT
    ------------------------------



  • 8.  RE: Two factor authentification settings

    Posted 14 days ago
    Edited by Carsten Schmitz 14 days ago
    > First, are you saying two-factor authentication is on for casupport.broadcom.com​

    I also had to do two factor auth for the Automic support page, yes.

    Edit:

    I tried it now again and now I don't have to. But then, my colleague tried the community login and didn't have to, so maybe it's cached longer than the five minutes it says on the form, and maybe it's cached by source IP, which everyone in my company shares. Who knows. Or it's a moving target and someone is fiddling with it as we speak. Bottom line, Friday two factor auth was active for the support portal.



    ------------------------------
    I will not respond to PM asking for help unless there's an actual reason to keep the discussion off of the public forums.
    ------------------------------



  • 9.  RE: Two factor authentification settings

    Posted 14 days ago
    Yes, another Community Member posted they were seeing it on casupport.broadcom.com and I tested with a non-employee account and validated.   I've escalated that to my manager asking for an exception.

    It is possible based on my P1 ticket last night that the two-factor has been removed from Community.   I would clear history or try a fresh browser to check.   I have not received a confirmation of removal but that does not mean the team has not turned it off based on my conversation.   Again, I'll post to both  the Community Issue and Support Issue when I know it has been resolved.  ~jm

    ------------------------------
    Thank you
    Jason
    Community Platform Owner, IT
    ------------------------------



  • 10.  RE: Two factor authentification settings

    Posted 14 days ago
    Edited by Chris Bertagnolli 14 days ago
    I would agree the implementation could be better. Preferably it stays on but more streamlined and easy to use for all Broadcom access. My email is similar to others in that sometimes it can take 1-2 minutes to be received; ideally I'd have a choice of MFA like registering my OTP app (Authy, Google, whatever) or email with one set as default.

    Also, someone really needs to proofread and make the messages on multi-factor much shorter - both on the login screen and email message. It is the wordiest ones I've seen for just giving me an OTP. Thing like this sentence: "Please enter this code on prompted screen". At the very least put the code up front so that it is quick to glance at - this way a user can read it straight from the first line, not the 4th one down with double spacing.

    And a side-note, log in should really be two words when a verb :). I logged in. I did not "loginned". I was logging in when it prompted for a one time security code. I was not "loginning" when it prompted for a one time security code.

    Statements such as "immediately login into your" doesn't sound right because "login" as a verb just doesn't work.


  • 11.  RE: Two factor authentification settings

    Posted 14 days ago
    That is just a minor inconvenience for you guys.
    For me it is different, my email accounts are going to expire in early January.
    After that I cannot even receive those emails.
    As the login is the email it cannot be changed. Changing where the normal notifications are sent partially worked. (Still get them at the old address)
    Tried to create a new login more than a week ago. Not there yet.


  • 12.  RE: Two factor authentification settings

    Posted 14 days ago
    @Martii Kinnuen -  Yes, that is correct.   If you move to a new company, you cannot update your email address.  You must create a new account separating you from the old account.   (security control)   If you do move to a new company or new email and create a new account, I can sync it with your legacy contributions on the Community so you do not lose anything.   Send me a PM at @Jason McClellan​​

    ------------------------------
    Thank you
    Jason
    Community Platform Owner, IT
    ------------------------------



  • 13.  RE: Two factor authentification settings

    Posted 12 days ago
    Multi-Factor Authentication Turned On (@FA) -  As some of you noticed, when you log in to Broadcom Support, Community, Service Desk and other Broadcom Apps the SSO system Okta is asking you to validate your email.    This is a new security measure since your logins are tied to company emails which in turn tie to contracts and purchases.    I asked for an exemption for the Community platform.   Initially, it was declined based on a configuration issue.   I'm reviewing with the security team so for now, we'll have to validate when logging in.   I've tested it with a few external test accounts and as long on you are on the same browser and device it will remember you.   I'll post an update if anything changes.

    Jason

    ------------------------------
    Thank you
    Jason
    Community Platform Owner, IT
    ------------------------------