Community

steamship · ‎07-26-2023

I've only been registered with SMARTY since Saturday morning, but every time I start my browser to access their site (dashboard or community pages), it insists on requiring a verification code which it sends to me via TXT message. What's annoying about it is that every time I have to do this, I tick the box just below the verification code field that says 'Remember me on this PC' (or similar wording). What's the point of having that tick box, if it doesn't work? It's remarkable that I can access dozens and dozens of websites (some for over 10 years) and they never insist on verification every single time, and this applies to mobile providers, banks and other more security significant sites. I also get an email 'warning' me about a 'new' login! For goodness sake, getting the basics sorted.

JJP2 · ‎07-26-2023

You must have set up 2FA (Two Factor Authentication) on your account, which is a safety precaution to ensure your account cannot be hacked.

From Smarty :

”

Multi-factor authentication - Trust the device

If your device has a passcode, PIN or biometric lock set on it, you will be able to trust your device when you log in to your account. When you log in to the app you will be prompted for your email address and password. We'll then send you a one-time passcode (security code) to your SMARTY number or email address which you'll need to enter before you can access your account via the app.”

steamship · ‎07-27-2023

@jjp2, @MSF I'm well aware of 2FA and I did mention several instances of sites that would increased security. However, I did not set up 2FA on this account. Ignoring that for a moment, the whole purpose of that tick box is so you don't have to go through that 2FA hassle every single time you access the site on the same browser on the same device. I'm only using a single computer to access it, and the info box for the tick box quite clearly states that enabling that option (i.e. ticking the box will result in NOT requiring the 2FA on that device for 90 days).

With regard to the others experiencing the same issue, I've had since I first set up the account for three days until my old number was ported across, and for the two days (and counting) since then.

This is somewhat moot now as I'm trying my hardest to go back to my previous provider. Any attempt at making a call from my living room results in the call being dropped within a few seconds, with my only recourse being to stand under a tree in my lawn to make a call (especially so with the constant rain here). I can't even get voicemail set up as it just sends me round in circles. All this hassle to save some money, and now I can't even make or receive calls.

MSF · ‎07-26-2023

@steamship Two factor authentication/verification is designed to protect your personal information in line with GDPR. Many account that hold personal information now do this - banks, credit card companies etc.

The system makes it more difficult for any random person to access your personal information. Dependent upon what security exists on your device, sometimes the browser will be able to access your account without 2FA, at least on the same day.

This topic has been discussed quite extensively in a number of posts and it seems unlikely that the security of accounts will be downgraded. Let's not forget that once into your account, it is possible to see your email, mobile number, mobile call and text history, payment history, in-store top up history, details of other group members, etc, etc Do you really want to leave all of that information vulnerable to a chancer?

TonyS · ‎07-26-2023

I've just moved over to Smarty and found this happening each time I logged in...however, I've found since my old number transferred over, I'm no longer receiving the authentication requirement. Not sure if you in similar circumstances, ie waiting for old number transfer.

KevinCh_1655290 · ‎07-27-2023

I have noticed that this has only recently started to occur for myself as well having been with Smarty 7 months. But I was wondering if it might when I accessed the Dashboard via the computer and then later accessed via the app, so swapping between different access methods reset the login on the other device. I have seen this happen with other companies where both access types exist. I will try to note what happens in my circumstance over the next few days and if I notice a pattern I will update this thread.

MSF · ‎07-27-2023

@KevinCh_1655290 I believe that the security measures on the device you are using will affect the need to log in. If you change devices, I would expect that you will be required to log in again.

steamship · ‎07-31-2023

As @MSF stated, it's because you're using two devices. In theory, in your case you've been using two devices, so you need to tick the box in the second device, so that it remembers the 'browser for 90 days'. I say in theory because it won't work for me with a single browser on a single device longer than 24 hours.

Michael_T · ‎07-31-2023

Not sure what SMARTY have done to the SMARTY APP on iOS , but over the past week or so, the app is now requesting the 2FA (username and password + SMS code verification) after a few hours have lapsed? This is despite ticking the Trust Device AND going into the security option to enable FaceID.

Before this I just used to open the app and it would read my face and go straight into my account (after around 90 days I would have to redo this) …not every few hours as it is currently configured!?!

What is the point of having an option in the app to “Trust Device” + using biometric options, if it reverts back in such a short timeframe?

MSF · ‎08-01-2023

@Michael_T I think you have this post on another thread - I have replied there.

metallurgist · ‎08-07-2023

Same issue as OP. I take onboard the purpose of 2FA (of which I'm a proponent), however the crux of the matter is that the "remember this browser" / "trust this device" options are pointless when there is a requirement to verify each time I wish to login via the Android app.

I note the advice and comments from multiple forum users (appreciated as always) but it would be good to hear Smarty's line on this...or does that require an email to support?

MSF · ‎08-07-2023

@metallurgist I would be quite surprised if you get much response.

GDPR is what it's all about. I have also noticed a change in behaviour of the web page since the update.

I have to log in after a spell away, but not do the 2FA as well.

WelshPaul · ‎08-07-2023

I have been with SMARTY for approximately 18 months now and have recently started having issues remaining logged in to the App on my iPhone. Every day I have to sign back in and go through 2-factor authentication each time I launch it. Very annoying! Never did this before?

MSF · ‎08-08-2023

@WelshPaul It looks like Smarty have decided to take security more seriously then.

I am certainly not unhappy about this because I like to see them taking steps to protect the personal info on my account. There are enough attempts to scam me every day without access to my account being just one more!

WelshPaul · ‎08-08-2023

You sound like you’re defending their position @MSF? An app that requires one to sign in daily and requires 2-factor authentication each time to complete the process? My credit card(s) and banking apps don’t even require this. They use facial recognition! Imagine if every app on our phones started doing this? It would become unusable.

MSF · ‎08-08-2023

@WelshPaul You could say the I am defending their position.

Under GDPR, if a company is found to have fallen short and caused a data breach, they stand to be fined 4% of their turnover as I recall.

So, the choice - irritate a few people, or risk a large fine - I know where I would be on that!

The scammers and chancers are out there big time and I am not unhappy at steps that may frustrate them.

I agree that it is a little inconvenient having to log in - but I must say that facial recognition seems to stop that on my iPhone and MacOS seems to remember me during the day without 2FA.

WelshPaul · ‎08-08-2023

So you would be happy being forced to sign in to your Apple ID and perform 2-factor authentication every time you open your messages app? I doubt it!

Anyway, having checked the App Store to see when the SMARTY app was last updated, I discovered that it was last updated over a month ago… So, I deleted the app, reinstalled it and facial recognition is working with it again and I remain logged in now. There must have been a glitch when updating iOS to 16.6 or something.

MSF · ‎08-08-2023

@WelshPaul With respect, I have been saying that mine works just fine.

Which leads me to answer your question. As I have Face ID working on my device, I do not need to sign in with my Apple ID every time!

My credit card makes me obtain a code via the app before I can access my account (access the app via Face ID of course). My bank does similar before I can make certain payments.

I still say that I am prepared to put up with the inconvenience if it stops some toe-rag from accessing my personal information!

WelshPaul · ‎08-08-2023

With respect, what you actually said was:

"It looks like Smarty have decided to take security more seriously then.

I am certainly not unhappy about this because I like to see them taking steps to protect the personal info on my account. There are enough attempts to scam me every day without access to my account being just one more!"

Then you went on to say:

"You could say the I am defending their position.

Under GDPR, if a company is found to have fallen short and caused a data breach, they stand to be fined 4% of their turnover as I recall.

So, the choice - irritate a few people, or risk a large fine - I know where I would be on that!

The scammers and chancers are out there big time and I am not unhappy at steps that may frustrate them.

I agree that it is a little inconvenient having to log in - but I must say that facial recognition seems to stop that on my iPhone and MacOS seems to remember me during the day without 2FA."

As for Face ID, it was setup and working just fine on my iPhone 14 Pro. The SMARTY app was the only App requiring I sign in with each visit and had only been doing this as of recent.

If your happy to sign in on every single app on your device, each time you load them up, and complete 2-factor authentication then I have a feeling you'd be the only one. 👀

Anyway, thankfully deleting the app and reinstalling it has resolved my issue. 🤞

MSF · ‎08-08-2023

@WelshPaul The main thing is that you have everything working to your satisfaction and I hope that lasts.

I do owe you something of an apology because there seem to have been a number of threads on the same topic and I think I may have explained on another that all was working fine for me on an iPhone.

Community

Site Continually Insists on Verification Code When Accessing Site