copumpkin (OP)
Donator
Sr. Member
 Offline
Activity: 266
Merit: 252
I'm actually a pineapple
|
 |
April 08, 2012, 07:59:13 AM |
|
I signed up for GLBSE a couple of days ago to buy some of amazingrando's bitbonds and have decided to withdraw some of the coins I have in my account. I was surprised to see that the withdrawal page wanted a two-factor auth token, since I don't remember ever setting one up. My settings page seems to have ambiguous wording about setting up two-factor auth, but there's nothing clickable on it: http://snapplr.com/febdI went through the signup process again as a different user and indeed, it does give me four checkboxes for choosing what features I would like to use two-factor auth for, but then it never gives me a secret key or any indication of how to work the two-factor auth. Most sites I use Google authenticator with give me a 2d barcode to scan and I've never had any trouble with them. Am I missing some crucial detail? Or is the two-factor stuff not ready yet? In which case, perhaps it'd be better to disable the four checkboxes during signup, so that people like me aren't stuck unable to do anything with their accounts. Has anyone figured this out? Maybe I'm just being stupid here  |
|
|
|
|
|
|
|
|
|
|
|
|
|
Remember that Bitcoin is still beta software. Don't put all of your money into BTC!
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
copumpkin (OP)
Donator
Sr. Member
Offline
Activity: 266
Merit: 252
I'm actually a pineapple
|
|
April 08, 2012, 08:11:16 AM |
|
Nope, hasn't been corrected. I just tried creating another two new accounts and I get four checkboxes to use two-factor auth on specific features. Checking all of them, I still get sent straight to my account page after clicking sign up, with no QR code. At that point, I'm stuck with an account that thinks I have two-factor auth turned on, but I was never given the secret key.
Blitzboom has also verified this independently on IRC. Apparently, if you don't turn on the two-factor auth checkboxes during signup and turn them on in the settings page, the QR code is displayed correctly and all is well.
|
|
|
|
|
N12
Donator
Legendary
Offline
Activity: 1610
Merit: 1010
|
|
April 08, 2012, 08:12:23 AM |
|
I just tried it out together with copumpkin, and indeed during signup it will not show the codes if you select any of the checkboxes for 2-factor auth. Then, when you go to settings, it will assume you have 2-factor set up already and you are locked. If you just do it via settings, it will work fine, though.
The solution is probably to reset the settings from people who have signed up recently and are affected by this (and of course to fix the bug).
|
|
|
|
|
|
marked
|
|
April 08, 2012, 01:24:26 PM |
|
developers meet dev.glbse.com, dev.glbse.com meet developers.
Test the damn software, test using use cases, test using the people who will actually help make it better.
Provided you listen to them of course.
marked
|
|
|
|
|
|
mila
|
|
April 08, 2012, 02:15:23 PM |
|
did you enable (set up) 2step auth first on the gmail account?
|
your ad here:
|
|
|
copumpkin (OP)
Donator
Sr. Member
Offline
Activity: 266
Merit: 252
I'm actually a pineapple
|
|
April 08, 2012, 03:43:30 PM |
|
did you enable (set up) 2step auth first on the gmail account?
What gmail account? As far as glbse is concerned, I have no gmail account. What should happen: - Request two-factor authentication
- Get a secret code in the form of a QR code to use with google authenticator
- Have glbse reject any actions from someone without the two-factor token
 - Profit!!
But we're missing a step: - Request two-factor authentication
Get a secret code in the form of a QR code to use with google authenticator- Have glbse reject any actions from the user without the two-factor token
- Piss off your users!!
|
|
|
|
|
|
mila
|
|
April 08, 2012, 04:00:10 PM
Last edit: April 08, 2012, 04:46:45 PM by mila |
|
@compukin and how do you think the 2step authenticator from google apps will work?
which ID will be used to compute the floating code in the application?
where the fuck should glbse know the values for the 2nd step?
U NO follow the instructions?
here is what I did and how it worked
00 create a gmail accout
01 in google account settings go to settings and enable 2 step authentication
10 download the google authenticator in my smart phone
11 register a new user at glbse with that google email
100 enabled 2 step authentication and got the QR code displayed instantly (along the txt code) - simply scanned with the phone
101 profit
on another account I did skip the step 01 and it turned wrong there ...
edit sorry for being cocky to you
|
your ad here:
|
|
|
|
Nefario
|
|
April 08, 2012, 04:43:34 PM |
|
Wooops, forgot to take the 2factor auth part off the signup form. The general idea being that two factor auth is only enabled from settings, stopping people from turning it on without knowing what they are doing. Everyone who has had it enabled and was not able to get their 2factor auth code please send an email to support@glbse.com using the email address you signed up with. copumpkin, if you have any issues with GLBSE you need to contact support@glbse.com first. The support address is there to help you out and solve any issues you have. Nefario. |
PGP key id at pgp.mit.edu 0xA68F4B7C To get help and support for GLBSE please email support@glbse.com |
|
|
copumpkin (OP)
Donator
Sr. Member
Offline
Activity: 266
Merit: 252
I'm actually a pineapple
|
|
April 08, 2012, 05:59:51 PM |
|
Wooops, forgot to take the 2factor auth part off the signup form. The general idea being that two factor auth is only enabled from settings, stopping people from turning it on without knowing what they are doing. Everyone who has had it enabled and was not able to get their 2factor auth code please send an email to support@glbse.com using the email address you signed up with. copumpkin, if you have any issues with GLBSE you need to contact support@glbse.com first. The support address is there to help you out and solve any issues you have. Nefario. I do know what I'm doing. The signup form simply does not give us a QR code when signing up. And I did send support@glbse.com an email before posting here Edit: sorry for sounding snarky. I just interpreted "stopping people from turning it on without knowing what they are doing" as suggesting that it's a user error rather than a site bug. |
|
|
|
|
copumpkin (OP)
Donator
Sr. Member
Offline
Activity: 266
Merit: 252
I'm actually a pineapple
|
|
April 08, 2012, 06:02:10 PM |
|
11 register a new user at glbse with that google email
100 enabled 2 step authentication and got the QR code displayed instantly (along the txt code) - simply scanned with the phone
The difference is not that you used gmail; it's that you first signed up, then turned on two-factor auth once you were registered. Gmail had nothing to do with it. Anyway, I know how this shit is supposed to work, and it wasn't working as intended |
|
|
|
|
|
Nefario
|
|
April 08, 2012, 06:13:40 PM |
|
Without sending an email to support@glbse.com , using the email address you signed up with we are unable to know which account is having the problem and therefor unable to do anything about it. Please see this announcement we made on the forum on how to get support for GLBSENefario. |
PGP key id at pgp.mit.edu 0xA68F4B7C To get help and support for GLBSE please email support@glbse.com |
|
|
copumpkin (OP)
Donator
Sr. Member
Offline
Activity: 266
Merit: 252
I'm actually a pineapple
|
|
April 08, 2012, 06:46:38 PM |
|
All resolved, thanks! I even have two-factor auth working now |
|
|
|
|
|
splatster
|
|
April 09, 2012, 09:56:05 PM |
|
It would be nice to have 2 factor auth even for just logging in.
|
|
|
|
|
|
Nefario
|
|
April 09, 2012, 09:59:47 PM |
|
It would be nice to have 2 factor auth even for just logging in.
Really? |
PGP key id at pgp.mit.edu 0xA68F4B7C To get help and support for GLBSE please email support@glbse.com |
|
|
|
splatster
|
|
April 09, 2012, 10:05:38 PM |
|
It would be nice to have 2 factor auth even for just logging in.
Really? Umm, yes. Pulling out my phone and typing 6 digits is well worth the security. |
|
|
|
|
|
Nefario
|
|
April 09, 2012, 10:07:36 PM |
|
It would be nice to have 2 factor auth even for just logging in.
Really? Umm, yes. Pulling out my phone and typing 6 digits is well worth the security. Sure, I'll add this to the next update. |
PGP key id at pgp.mit.edu 0xA68F4B7C To get help and support for GLBSE please email support@glbse.com |
|
|
|
brunozisterer
|
|
May 16, 2012, 10:44:17 AM |
|
GLBSE should write on the button: Two Factor Auth is at the moment - on or off
And than they should explain thier customers what happens when they enable the two-factor authentication.
|
|
|
|
|
|
Nefario
|
|
May 17, 2012, 03:45:28 AM |
|
2factor auth is now available for logins. For those who don't have a smartphone (or are too lazy to use theirs) here is a simple ruby script that does the same. http://pastie.org/3923747Install ruby then gem install rotp save the text to a file (in this case lets say 2fact.rb) execute ./2fact.rb Should spit out the correct code. You probably want to do this in Linux (I don't really know how to do it in windows), and you need to have your systems time very accurate. |
PGP key id at pgp.mit.edu 0xA68F4B7C To get help and support for GLBSE please email support@glbse.com |
|
|
|
unclescrooge
|
|
May 18, 2012, 07:13:26 AM |
|
Am I the only one to have trouble connecting with 2-factor auth?
I always get the same error "Auth code incorrect", while solving capcha.
yesterday I did a this issue once, but after a second try I managed to login. Today I can't login at all.
|
|
|
|
|
|
unclescrooge
|
|
May 18, 2012, 07:14:51 AM |
|
Nevermind, I found the "trick": you have to be slow before hitting the "Login" button.
If you type too fast captcha and auth code and hit the logjn button, it somehow assume the auth code is wrong. Weird...
|
|
|
|
|
|
zer0
|
|
May 19, 2012, 10:26:31 PM |
|
Also check the time on your phone. If its off by a few seconds then 2factor/Google Authenticator may not work.
|
|
|
|
|
kuroshiro
Newbie
Offline
Activity: 9
Merit: 0
|
|
June 01, 2012, 11:26:03 PM |
|
So, I'm actually trying to enable two factor on my account, and I don't understand what I'm supposed to do. I click on the "enable" button for two-factor authentication. It takes me to a page with a QR code, the manual text code, and 4 check boxes for various aspects of the site. under that is a field to enter an auth code if you already have two-factor enabled. I scan in the qr code to authenticator, i selected what I wanted to protect with two-factor, then I hit submit, because I don't already have two-factor enabled. I get an error that says "wrong auth code" and get the page back with a new QR code. So now I have to delete the one I added, add the new one, select things, then this time I add the current auth code for that account and submit. Same error message.
What am I doing wrong?
|
|
|
|
|
Tomatocage
Legendary
Offline
Activity: 1554
Merit: 1222
brb keeping up with the Kardashians
|
|
June 03, 2012, 05:52:00 AM |
|
So, I'm actually trying to enable two factor on my account, and I don't understand what I'm supposed to do. I click on the "enable" button for two-factor authentication. It takes me to a page with a QR code, the manual text code, and 4 check boxes for various aspects of the site. under that is a field to enter an auth code if you already have two-factor enabled. I scan in the qr code to authenticator, i selected what I wanted to protect with two-factor, then I hit submit, because I don't already have two-factor enabled. I get an error that says "wrong auth code" and get the page back with a new QR code. So now I have to delete the one I added, add the new one, select things, then this time I add the current auth code for that account and submit. Same error message.
What am I doing wrong?
Exact same thing happens to me. I've tried the 6-digit code from my Google Authenticator app, and I've tried that 16-digit string under the QR code multiple times. Every time it just says "Auth code is not correct, please try again" |
|
|
|
|
Francesco
|
|
June 29, 2012, 10:23:29 PM |
|
Same thing here: said "incorrect code", and ther's absolutely no way around. This was on a test account.
Now it seems my phone clock was out of sync of over half a second, corrected, it works. Now I'll try to enable it on the "real" account; let's hope for no bad surprise...
|
|
|
|
|
|
Bitcoin Oz
|
|
June 29, 2012, 10:25:05 PM |
|
Nevermind, I found the "trick": you have to be slow before hitting the "Login" button.
If you type too fast captcha and auth code and hit the logjn button, it somehow assume the auth code is wrong. Weird...
Thats a feature not a bug  |
|
|
|
|
Nefario
|
|
August 25, 2012, 10:15:26 AM |
|
2 factor auth has now been made easier, the time on most peoples phones is set by the carriers network, turns out most networks like to be about a minute fast. I've updated 2fa to take this into account and should allow users with slightly fast phones to get in.
Nefario
|
PGP key id at pgp.mit.edu 0xA68F4B7C To get help and support for GLBSE please email support@glbse.com |
|
|
|
Tritonio
|
|
August 25, 2012, 07:57:14 PM |
|
I got this old bug where 2 step is enabled without ever enabling it. :-(
And I noticed it yesterday so I will probably have to wait till Monday to withdraw some of my funds. (even though my ticket says it has been assigned)
|
|
|
|
|
|
testconpastas2
|
|
September 18, 2012, 06:24:08 PM |
|
well , I have enabled 2-factor auth and when it is used from firefox with tor, it didnt let me log in.
if i turn off tor, everything works again. ( using foxyproxy standart)
any hint?
Thank you.
|
|
|
|
|
Nefario
|
|
September 18, 2012, 06:31:04 PM |
|
well , I have enabled 2-factor auth and when it is used from firefox with tor, it didnt let me log in.
if i turn off tor, everything works again. ( using foxyproxy standart)
any hint?
Thank you.
Don't use tor. |
PGP key id at pgp.mit.edu 0xA68F4B7C To get help and support for GLBSE please email support@glbse.com |
|
|
|
testconpastas2
|
|
September 18, 2012, 06:57:15 PM |
|
nice advice, but using glbsee with tor seems a good thing to me.
Nefario have you thought about using a Tor hidden service?
|
|
|
|
|
Nefario
|
|
September 19, 2012, 01:23:17 AM |
|
nice advice, but using glbsee with tor seems a good thing to me.
Nefario have you thought about using a Tor hidden service?
Really I'm only kidding, often the issue is the time since GAuth used on GLBSE is time based. Anyway, I've ordered a Yubikey so will adding this as a two-factor auth method as well. |
PGP key id at pgp.mit.edu 0xA68F4B7C To get help and support for GLBSE please email support@glbse.com |
|
|
|
mila
|
|
September 19, 2012, 08:58:07 AM |
|
well.
and what about the .onion access point to glbse? or releasing 1.0 javascript black/blue version with keys only for authentication?  |
your ad here:
|
|
|
|
Nefario
|
|
September 20, 2012, 03:20:15 AM |
|
well.
and what about the .onion access point to glbse? or releasing 1.0 javascript black/blue version with keys only for authentication? I see no reason to provide .onion access to GLBSE as most accounts that have been compromised the attacker has used Tor to do so. As for releasing GLBSE 1.0 code, I suppose, all it will do is show how bad a code I am I think. |
PGP key id at pgp.mit.edu 0xA68F4B7C To get help and support for GLBSE please email support@glbse.com |
|
|
|
mila
|
|
September 21, 2012, 05:49:10 PM |
|
I see no reason to provide .onion access to GLBSE as most accounts that have been compromised the attacker has used Tor to do so.
I did not know that. Fair enough. Thanks for sharing the info |
your ad here:
|
|
|
|
