Dumb problem all sites want both 2 factor and email recovery codes

[Rmay635703]

Locked out of both of my email addresses aol/yahoo and Facebook as they're requesting a security code from each email. iPhone two factor won’t send without an email validation to get into yahoo.​

Anyone know how to fix this? It's ridiculous because I've logged into my email before from this iPhone so I don't have a clue why it's requesting a security code from the backup email which is also refusing to send 2 factor from the other email without a code from the backup email. It’s cyclical so I can’t get into anything.

Sorry didn't explain this well. I set my alternate email address for both my email accounts to each other, So I can't access either as they both request a security code for email addresses I can't access.

 

[CleanSump]

Locked out of both of my email addresses aol/yahoo and Facebook as they're requesting a security code from each email. Iphone two factor won’t send without an email validation to get into yahoo.​

Anyone know how to fix this? It's ridiculous because I've logged into my email before from this Iphone so I don't have a clue why it's requesting a security code from the backup email which is also refusing to send 2 factor from the other email without a code from the backup email. It’s cyclical so I can’t get into anything.

Sorry didn't explain this well. I set my alternate email address for both my email accounts to each other, So I can't access either as they both request a security code for email addresses I can't access.

I guess you're going to have to call one of them and ask them to reset you. I had to do that at my bank once. I changed the alternate to text message where it gives a choice.
The other though is that if you use Chrome, you can access the the password manager. Although you need to know the password for that also.

 

[Rmay635703]

I know the passwords but they don’t care, always gotta send a 2 factor then sometimes check the recovery email for another code.

These have always been stupid frustrating to use

 

[wwillson]

iPhone two factor won’t send without an email validation to get into yahoo.

Expand this, I'm not sure what you mean.

 

[Rmay635703]

Expand this, I'm not sure what you mean.

All sites are forcing a backup email validation code after the 2 factor is validated. Because both backups want an emailed validation code sent I can’t get into either.

They do this occasionally but usually not at the same time

My concern is if nafarious entities start using them because you know that’s usually how web entities are, block the legit user and go with the scammer.

I would love to dump email entirely if I could but everything will eventually break.

I’ve dreamed of going web free for a long time, eliminating my digital footprint but entities are trying to force everyone off paper and physical

 

[barryh]

I wonder if online platforms realise that if they make access unnecessarily difficult, then customers will go else where. I have recently ditched one financial platform because of their insistence that you must have a smart phone app installed to log on and another one because they have 3 factor authentication. I've got a smart phone of course but I object in principle to their assumption and it's just easier elsewhere while still using a simpler 2 factor approach.

 

[wwillson]

All sites are forcing a backup email validation code after the 2 factor is validated. Because both backups want an emailed validation code sent I can’t get into either.

Do you have a PC that is logged into the accounts? There is also almost always a backup MFA method, is either account set up for that?

 

[Rmay635703]

Do you have a PC that is logged into the accounts? There is also almost always a backup MFA method, is either account set up for that?

The backup is the email recovery.

I haven’t had a web safe pc in 10 years, so no mfa option.

 

[Pew]

A user of mine put themselves in a similar predicament last year. Their MSN email with their Yahoo recovery email inaccessible as well. There was nothing I could do; unfortunately there's no customer support for Yahoo and the MSN support was non-existent (even when using our business account support.) I don't know if AOL has a customer service number you can call, but if they do then that would be your only bet.

Although if there is a solution, I'd be interested to try it out as well. The user affected was very high-level.

 

[Pew]

I wonder if online platforms realise that if they make access unnecessarily difficult, then customers will go else where. I have recently ditched one financial platform because of their insistence that you must have a smart phone app installed to log on and another one because they have 3 factor authentication. I've got a smart phone of course but I object in principle to their assumption and it's just easier elsewhere while still using a simpler 2 factor approach.

It's industry compliance now but 3FA isn't as bad as it sounds. Having an authenticator app on your phone with biometrics turned on can be considered 3FA (account password, authenticator code, and biometrics.)

 

[barryh]

It's interesting that the site that insisted on authentication using a smartphone app rather than using SMS as 2 factor has since rescinded the requirement for having the app, presumably because of customer grief. Too late I'm gone. The issue I had was it worked for my old smartphone but when I got a new one the process of transferring the app from the old phone and registering it on the new one was just too difficult. I want to log in without a lot of grief and if they can't manage that that I'll go elsewhere. Anyway the assumption that every customer including the elderly must have a smart phone and be highly proficient in it's use is discriminatory.

 

[Cujet]

I ended up using an authenticator app on my cellular iPad. Then carrying the charged iPad everywhere I go. The fact is, this is becoming a real problem and we (my wife and I) were locked out of our cell phones for weeks due to AT&T's nonsense. Not even the high level AT&T folks could circumvent their software nannies.

In the end, I calmly said I'll return my useless new iPhones and cancel my AT&T accounts by deleting my checking account from which they get paid, and see them in court. To make matters worse, they were charging me for a phone number that I did not know about.

The AT&T store finally fixed the issue. Needed someone who knew what to do.

I'd have bailed on them but my new place in TN only has AT&T service. Other carriers don't work well there.

 

[Rmay635703]

It's industry compliance now but 3FA isn't as bad as it sounds. Having an authenticator app on your phone with biometrics turned on can be considered 3FA (account password, authenticator code, and biometrics.)

Sounds like time to sunset a variety of forms of web use.

AOL has paid support I believe ,
but this gives me the opportunity to refuse to participate in using web based access for anything , sorry I don’t have email, internet or cell. Paper and phone only.

 

[Rand]

I'd have bailed on them but my new place in TN only has AT&T service. Other carriers don't work well there.

You could switch to an MVNO of AT&T such as cricket(owned by at&t), consumer cellular, boost, red pocket etc.

 

[Danno]

I ended up using an authenticator app on my cellular iPad. Then carrying the charged iPad everywhere I go. The fact is, this is becoming a real problem and we (my wife and I) were locked out of our cell phones for weeks due to AT&T's nonsense. Not even the high level AT&T folks could circumvent their software nannies.

In the end, I calmly said I'll return my useless new iPhones and cancel my AT&T accounts by deleting my checking account from which they get paid, and see them in court. To make matters worse, they were charging me for a phone number that I did not know about.

The AT&T store finally fixed the issue. Needed someone who knew what to do.

I'd have bailed on them but my new place in TN only has AT&T service. Other carriers don't work well there.

Off topic, but going Starlink at your new home?

 

[barryh]

I ended up using an authenticator app on my cellular iPad. Then carrying the charged iPad everywhere I go. The fact is, this is becoming a real problem and we (my wife and I) were locked out of our cell phones for weeks due to AT&T's nonsense. Not even the high level AT&T folks could circumvent their software nannies.

In the end, I calmly said I'll return my useless new iPhones and cancel my AT&T accounts by deleting my checking account from which they get paid, and see them in court. To make matters worse, they were charging me for a phone number that I did not know about.

The AT&T store finally fixed the issue. Needed someone who knew what to do.

I'd have bailed on them but my new place in TN only has AT&T service. Other carriers don't work well there.

A few years ago we hard a problem with a bank card being frozen and they couldn't fix it for weeks on end. What became apparent is the security Dept. are effectively in charge of the bank and near impossible to overrule. Lunatics in charge of the asylum was how I phrased it to the bank staff. We eventually found one man in the local branch that actually understood how the security worked and he was able to resolve the issue. Once it was over the bank paid some compensation for their ineptitude and delay but we still withdrew all of our savings from the bank and took it elsewhere.

 

[Pew]

It's interesting that the site that insisted on authentication using a smartphone app rather than using SMS as 2 factor has since rescinded the requirement for having the app, presumably because of customer grief. Too late I'm gone. The issue I had was it worked for my old smartphone but when I got a new one the process of transferring the app from the old phone and registering it on the new one was just too difficult. I want to log in without a lot of grief and if they can't manage that that I'll go elsewhere. Anyway the assumption that every customer including the elderly must have a smart phone and be highly proficient in it's use is discriminatory.

Yea going through IT compliance audits are no fun but it's federally mandated if you handle PII and payments, so cyber security insurance requires it. With the increase of cyber attacks, forcing the app is an easy way to enforce the MFA login instead of having users unfamiliar with smart phones to switch back and forth between the text screen and banking app (that's been my experience as well with users, generally speaking.)

I hate doing compliance audits, and now is around the time I have to do ours. Luckily we don't handle any PII or sensitive data so we technically don't have to abide by any compliance rules but that would be a bad idea to not follow them anyways. It's crazy some big corporations have entire teams devoted to only compliance.

 

[uc50ic4more]

I wonder if online platforms realise that if they make access unnecessarily difficult, then customers will go else where. I have recently ditched one financial platform because of their insistence that you must have a smart phone app installed to log on and another one because they have 3 factor authentication. I've got a smart phone of course but I object in principle to their assumption and it's just easier elsewhere while still using a simpler 2 factor approach.

I hope the day comes sooner-than-later that there is no "elsewhere" that allows simply for usernames and passwords. This is horrendously insecure and prone to compromise. 2FA mitigates darn-near every security threat imaginable unless you're one of my teenage daughters who lets their friends, and seemingly any random passerby, use their phone.

I am a web developer and I insist that all of my clients use 2FA. They grumble and whine about it but will also admit that there's never been a compromise of data.

When I set up a 2FA code for a new service I use an app on my computer as well as the available 2FA app on my phone (I know Google and microsoft each offer one, unsure about Apple) and set them both up at the same time.

 

[uc50ic4more]

It's interesting that the site that insisted on authentication using a smartphone app rather than using SMS as 2 factor has since rescinded the requirement for having the app, presumably because of customer grief. Too late I'm gone. The issue I had was it worked for my old smartphone but when I got a new one the process of transferring the app from the old phone and registering it on the new one was just too difficult. I want to log in without a lot of grief and if they can't manage that that I'll go elsewhere. Anyway the assumption that every customer including the elderly must have a smart phone and be highly proficient in it's use is discriminatory.

Conducting any transaction online is inherently very, very, very insecure so structures need to be put in place to secure data and identity. 2FA is by FAR, as of this writing, the best way to achieve this. Convenience and security often have an inverse posture. It's not "Discriminatory" because you can't figure it out.

 

[Rmay635703]

Conducting any transaction online is inherently very, very, very insecure so structures need to be put in place to secure data and identity. 2FA is by FAR, as of this writing, the best way to achieve this. Convenience and security often have an inverse posture. It's not "Discriminatory" because you can't figure it out.

I thought 2fa was obsolete? It’s a steady escalation but I don’t use anything resembling financial online