FIbre Support

Just got a new on here tonight:

Entered the code from the email and was presented with a "Verification Unsuccessful" error screen.

I refreshed the page and found myself logged in LOL.

Still a few little bugs running around in the system I think.

I was just trying to point out that the simple username & password can only be safe if you use a complex password, but even then, as the password is transmitted over the internet, it is subject to theft via phishing etc. The passwordless never sends the password over the internet & cannot therefore be stolen. However, the main thing with SSO is that it simplifies the logon in so much as you don't need separate accounts for the two systems.

AllyM understood the 'problem' perfectly but we're not going to be able to change the new system, I'd already accepted that when I started the thread.

I just wanted to point out it is less convenient and whether it is 'safer' or not is questionable for the reasons I mentioned earlier. A simple forum password system is still considered safe by far the majority of forums.

It just seems to me that the reason for the change is actually the change, linking the Community/My Account logins. Doing that does require better security because there is more risk involved but it is very much a fait accompli.

Hi @Cluster-Lizard @AllyM ,

There is one point that has not been made here, the new login system is much more secure than before and it is not that the old authentication method was insecure at all.

When you have username/password credentials the weak point can be the person's password, is it a strong one made up of random characters, numbers & special characters or is it something like "password"? Then it is open to hacking etc because that password is sent over the internet. With SSO TalkTalk has also introduced the passwordless login on both linked accounts. This is much more secure because there is never a password transmitted over the internet at all for the bad guys to steal.

---

@Cluster-Lizard wrote:

Why? "Exciting...." really?

 

Changes to the login method often causes problems so why risk doing that  for something that was not broken, worked and is, apparently, little different in appearance/functionality from what was used previously. Change for the sake of change?

 

Please do not use the 'updated security' excuse because all that means is the previous system was vulnerable which is never a good thing to tell your customers.

---

Thanks for your feedback, if there is a specific issue you're facing with login do let me know. if you're concerned about security then you can enabled MFA for your login, this can be done in My Account however it will add  one more step to your login journey but in my opinion worth it for the extra peace of mind. 

I think for regular users the changes may seem tiresome. For the many who simply stop off for a single visit around a specific issue it should be easier. Especially when they are often directed here by the help pages and/or My Account and then wonder why they have to complete yet another set of details to have their identities verified. 

With respect using a single sign-in, effectively using the same login name/password, is not safer. Maybe more convenient for some but it is almost the first thing you're told not to do online for security reasons is use the same things for two places.

If someone hacked the TT Community database would it bother me - no I'd change my password and not really worry. But now doing that will give them access to My Account too. That would be serious. There may be more security with Multi-Factor Authentication but you're surely you are just putting all the eggs into one basket.

If it also means have to use one-time email codes, captchas or other similar annoyances on top of the password system just to login in here I'm not going to be happy. 

EDIT

As I thought: just posted this ^ on a different PC and had to go through the whole email one time code all over again. As I always log out of My Account, for security reasons, it looks like every time we want to come here now we'll be going through this whole rigmarole from now on. Yay! 😞

I wouldn't exactly describe the new system as "little different" than it was before. It's now much more of a pain.

The previous system was quite simple:

1. Go to community webpage
2. Enter Username and password

Hey, presto, logged in.

New system:

1. Go to community webpage
2. Enter email address
3. Go to email to get security code (sometimes need to wait a few minutes for it to come through)
4. Enter security code in community webpage
5. Get redirected to My account log in and login to "My Account" (whether you wanted to or not)
6. Go back to community webpage to find yourself logged in (hopefully)

It's not only more secure for you, @Cluster-Lizard, it should keep scammers and spammers out.

We've had a huge rise in people posting from Timbuktu etc and wasting our time at best, adding dodgy links at worst, which could take customers to dodgy websites etc if clicked on.

Stephen gets really excited by introducing new developments that lots of TalkTalk customers and Community users have been requesting. TalkTalk Blog on Single Sign On (SSO) for MyAccount and Community

A single sign on to the customer MyAccount and Community achieves this better experience along with more help and support content available in MyAccount that then links to  additional support available via Community.

The level of security is the same as for MyAccount. MyAccount does now offer Multi Factor Authentication for users that really wish to enhance access security via their mobile phone.