We are currently experiencing payment processing issues. Our team is working to resolve the problem as quickly as possible. Thank you for your patience
Suggestion to FAKKU's 2FA
3
Just a while ago I had problems with two factor authentication. The site kept rejecting the code I entered as invalid passcode. I did force a time update on my smartphone, thinking my smartphone was out of sync, no dice.
Thanks to ChrisBRosado123's suggestion, I managed to log into the site by deliberately letting the code went expired for about 30 seconds. So either the time on my carrier was faster than normal or FAKKU's server is running slower than it should be. Either way, it does suggest that FAKKU's TOTP implementation has little to no headroom on any possible time mismatch.
This experience highlighted one glaring weakness though, no fall back option if 2FA fails. On Steam you have one time backup code, on Amazon you have SMS text or voice call, but on FAKKU there is no alternative means if 2FA gives you trouble.
I suggest that FAKKU,
* Add a fall back option for 2FA.
* Consider implementing U2F support, which doesn't have the disadvantage (shared secret & synchronization) that OTP normally has.
Thanks to ChrisBRosado123's suggestion, I managed to log into the site by deliberately letting the code went expired for about 30 seconds. So either the time on my carrier was faster than normal or FAKKU's server is running slower than it should be. Either way, it does suggest that FAKKU's TOTP implementation has little to no headroom on any possible time mismatch.
This experience highlighted one glaring weakness though, no fall back option if 2FA fails. On Steam you have one time backup code, on Amazon you have SMS text or voice call, but on FAKKU there is no alternative means if 2FA gives you trouble.
I suggest that FAKKU,
* Add a fall back option for 2FA.
* Consider implementing U2F support, which doesn't have the disadvantage (shared secret & synchronization) that OTP normally has.
