Community

YulianK · ‎11-08-2023

Hi Everyone,

Thank you for letting us know regarding your experience with the current MFA setup. Following your feedback we have made some changes and they should be live now.

Please make sure to setup your device or browser as 'Trusted' in order to avoid session timeout.

Let us know if you are still prompted to enter and verify you account details every time you open SMARTY app or the website. Thank you!

P.S. Recent topics regarding this subject will be gradually merged with this main thread.

Strandloper · ‎11-08-2023

@YulianK,

Thank you for letting us know about the changes that have been made and are going live.

The most vociferous seemed to put their opinion over, with little credit to those who accepted being "logged out" more often.

I, for one, would prefer to be logged out after a short time of inactivity, preferring to re-log-in as needed. This for me is a means of limiting peoples access to my data, if someone tries to hack my account.

I'm fact, I have tried a number of times in the last 24 hours or so, to log myself out from Smarty, but have not been able to do so, even with deleting all cookies etc. trying to log out before, and after, the deletion of cookies etc with no effect.

Please me to log out, as something has happened to stop me doing so.

YulianK · ‎11-08-2023

Hi @Strandloper,

This update was only applied this afternoon. The 'log out' matter you described might be unrelated, however, I will raise this internally as well.

YulianK

Strandloper · ‎11-08-2023

@YulianK,

Since posting, I've uninstalled the app, then reinstalled it. When I signed in I was asked to trust, or not trust. When I chose "not trust", I still couldn't sign out

WelshPaul · ‎11-08-2023

Absolutely no issues with signing out of the app manually here. I won’t know if I stay logged in until tomorrow. 🤞🏻

YulianK · ‎11-08-2023

Thanks for the additional info @Strandloper , makes it easier to investigate.

Strandloper · ‎12-08-2023

@YulianK,

Since my post above, I've not been able to log out, despite the choice of "not trust" this device, despite several attempts 😞

Strandloper · ‎20-08-2023

@YulianK,

Since the changes with 2FA, I've not been loged out by the system (Smarty). When I try and log myself out of the community app I don't get logged out. I usually remain logged in, and if I do manage to log out, when I log back in I don't get 2FA at all.

In order to get logged out properly from the app I have to log into the web site and use "log out in all places".

This doesn't convince me that the security is at an appropriate level. It may be ok for those that want to stay logged in longer, and they can accept the potential risks that that entails.

Unfortunately I do not accept those risks. Please allow me to log out totally through all places that give me the option to log out, whether it's the app or web site (i.e. I need to have 2FA when I log back in).

Thanks in hope

YulianK · ‎22-08-2023

Hi @Strandloper ,

Could you please confirm if you still experience 'non-logout' issue? We have made some changes, I did a test run and its working as expected on my side - logging out of community, logs me out of dashboard and vice versa.

Strandloper · ‎22-08-2023

Hi @YulianK,

When I'm on the Community page, if I click on my icon at the top right corner of the page, the log out option does not work (won't me out).

To log out I need to go back a page, where at the bottom is a "button" labelled "you". This then allows me to go to a log out everywhere.

WelshPaul · ‎22-08-2023

If I click on my icon at the top right corner of the page, the log out option does indeed work for me @Strandloper (will log me out). I'm using Safari on a MacBook Pro to test.

Strandloper · ‎22-08-2023

@WelshPaul,

Good to hear it works for you, but unfortunately it doesn't work for me.

My phone is an Android, using a Linux based web browser. Forme it's a case of going back a page or two to be able to sign out.

YulianK · ‎22-08-2023

What browser are you using @Strandloper ? Might be a browser compatibility issue.

Strandloper · ‎22-08-2023

I'm using Chrome, that's something for me to look at. I'll see what I can do @YulianK

Decembersangel · ‎11-08-2023

I've just logged into my account and had to enter a text verification code as per usual 🤔

I don't know if this is the change that is being discussed as I am 'old' and I don't understand all the abbreviations thrown about e.g current 'MFA' setup 😶 (I really wish people would understand that some of us have NO idea what the abbreviations they use mean and type it out in full 🙄🤣🤣)

Last week I logged in and had to enter a verification code and when I re-logged in less than 24hrs later had to enter another one (all done on the same laptop, with a password login/start-up protection, and on the same wi-fi connection). When I close the page down it automatically logs me out.

I don't mind the logging in every time (as I have my email & password saved) it's the text verification I have a problem on such a VERY regular basis.

I have been with other companies that have a Community page that has a different registration and login to that of the main account page so that they aren't 'connected' by the one login (i.e If you are on one page you can't access the other without a separate login). Maybe this is the answer?? Just a thought......

MSF · ‎12-08-2023

@Decembersangel At the risk of being a GDPR bore (General Data Protection Regulations), many more companies are moving to 2FA (two factor authorisation). This helps to prevent the case where some random person obtains or guesses your password and then has access to your account.

Your account has a lot of personal info - email, mobile number, address, records of calls made/texts sent/data used etc., etc. and I am certainly glad that the company is trying to protect my information. Data breaches cause problems and risk to clients - consider Police Service of Northern Ireland as a recent example. The potential fine for a breach is 4% of turnover - a lot of dosh.

I believe that you can have the verification code sent via email if you prefer.

WelshPaul · ‎12-08-2023

I can confirm that I remained logged in to the iOS app. However, FaceID was disabled? I'm sure I set that up yesterday. Anyway, will have to wait until tomorrow now to confirm if I remain logged in and that FaceID Remains enabled.

Decembersangel · ‎13-08-2023

YAY!!!😁
Logged in again tonight and it went straight through...... WOOP WOOP!!!
@MSF I completely understand and support that the 2FA (get me!😂) is an appropriate security measure to have for web sites that hold personal and sensitive information, as that is a necessity I am comfortable with, but for a Community page it feels like over kill.
Like I stated above.... if there is no direct way to connect between a customers Community and Account page (where you can just click on a header or icon where you can easily move between the two) then 2FA is redundant for the Community site as there would be no data to take from the Community page info, other than an email address, if they were separate sites with separate registrations (unless you used the same password for each page and then it's the individuals responsibility to make sure it's one that 'difficult' to crack so that it can't be used to access their Account page ..... you know.... use a password that includes at least 1 Capital letter, 1 symbol and is between 8 - 24 characters). I hope this clears up where I was coming from.
And, thank you for giving explanations for each abbreviations 😁 it is greatly appreciated for someone that has to 'Google' it (other search engines are available! 😁) to find out what is being discussed!

MSF · ‎13-08-2023

@Decembersangel I take your point, but I wonder whether a company would consider it worth the investment to separate the account and the community forum page....and then deal with all the people who couldn't remember which email account they used (assuming that they had more than one).

We (and Smarty staff) would need a whole hotel full of darkened rooms to lie down in!!

Decembersangel · ‎18-08-2023

🤣🤣🤣🤣🤣
Thanks @MSF that made me giggle!
It's not so much that Smarty would need to separate the pages or that customers would be required to have different email addresses/passwords for each page, it would just require an independent login for each of them i.e. from this page you click on the 'smarty.co.uk' link at the top BUT you would need to re-input your email and password for your account and vice versa rather than just being able to easily move from one to the other with a single click. For the Account page, customers can make sure they use a 'more secure' password (if they feel the need to).

Eek 😬 hotel.... dark rooms... 👻👻👻👻 (currently watching the Really channel and it's paranormal night😱😱😱🤣🤣🤣)
Have a great weekend!! x

jassingh · ‎14-08-2023

FINALLY!!! 😁
Now the "trust" mechanism works as it should and I have remained logged into the mobile app and web dashboard - makes such a difference when you want to instantly boot up the app and check usage. Thanks to the team behind it for making it happen. I guess for extra security I could now re-enable biometrics and that should work like a charm ..

lukefow_2033993 · ‎14-08-2023

i hope this fixes the problem with my browser not been remembered, it is extremely annoying to have to go to the other side of the room and get my phone to log in

Chalkychap · ‎23-08-2023

Thank you SMARTY team.
The "trust" mechanism has been working as expected, following the update to the web application.
Since this update, and following my first login to the 'new' online application, I've not had to re-authenticate using a code on my trusted device.

😎

Community

[IMPORTANT] App and Web Login Verification main thread