My TradeMe account suddenly has MFA but I didn't set it up?

Forums › Off topic › My TradeMe account suddenly has MFA but I didn't set it up?

lookout

704 posts

Ultimate Geek
+1 received by user: 93

ID Verified

#317880 23-Nov-2024 08:46

Hey guys, Bit of a weird one and I'm trying to figure out if it's a Trademe issue, if my account was compromised, or if I have done something dumb here.

Last night I tried to log into Trademe on a new device. The usual email and password worked but it asked for a authentication code from an app. I don't remember ever setting up MFA for Trademe (i know i should have). I went through all the possible authentication apps I could have used (just in case I did set it up and forgot about it). But nothing for trademe in my apps. It also said I could use a recovery code. I would normally save those in Bitwarden, but nothing is there.

I checked with members of my family too. In case they had set it up. Checked my emails for any mention of setting up mfa or an authenticator app.

I should note that I have logged into other devices recently with no issue. As recently as 2 weeks ago. Trademe really needs to email you when a new device is logged in btw.

So, just to be safe I changed my password from a device I was already logged in on. But oops, now I am completely logged out of all devices without the mfa code. At least if my account is compromised I have changed the password now.

I have contacted trademe support but I don't expect I'll get a reply in a hurry.

tl;dr my trademe account has mfa without me setting it up

Behodar

11089 posts

Uber Geek
+1 received by user: 6069

Trusted

Lifetime subscriber

#3312131 23-Nov-2024 10:09

Hmm... I haven't logged into TM for ages but I just tried. I entered my username and password, then it asked for the code they'd emailed to me. It then told me "whoops, that didn't work" and threw me back to the username/password screen... and logging in a second time worked and did not display the prompt for the code.

It seems that things are a bit wonky!

linw

2893 posts

Uber Geek
+1 received by user: 1205

#3312138 23-Nov-2024 11:02

I just logged in fine with just email and pword.

lookout

704 posts

Ultimate Geek
+1 received by user: 93

ID Verified

#3312146 23-Nov-2024 11:37

Amazingly, jumped on the website chat and someone from TradeMe phoned me and sorted it out within 5mins. All set up now - however I still am not 100% if this was a TradeMe error or user error but great service from TradeMe.

johno1234

3348 posts

Uber Geek
+1 received by user: 2842

#3312147 23-Nov-2024 11:45

It sounds like a good time to change your TM password to something strong and add 2FA...

richms

29097 posts

Uber Geek
+1 received by user: 10205

Trusted

Lifetime subscriber

#3312167 23-Nov-2024 13:34

So long as they don't randomly decide to start wanting to SMS me codes like other sites do. That is why I really hate giving places a phone number.

I have only had them want to email me a code to confirm on a new device once so far that I can recall. Not a huge problem as email is on all my devices so I actually have it with me.

Richard rich.ms

mattwnz

20515 posts

Uber Geek
+1 received by user: 4795

#3312224 23-Nov-2024 18:00

TBH I prefer SMS MFA than using an app, just because it is easier. My bank now uses it's own app for 2FA, creating a number to type into the website each time I log in, and only one device can be used to generate this code, which IMO is a PITA. Especially when the app sometimes completely resets itself.

Dell

Shop now for Dell laptops and other devices (affiliate link).

Behodar

11089 posts

Uber Geek
+1 received by user: 6069

Trusted

Lifetime subscriber

#3312225 23-Nov-2024 18:12

Email and SMS are much of a muchness for me, as Safari will automatically pick up the code from your email or SMS and fill it in for you. With that said, email seems a bit more "pure" instead of going over the legacy phone network.

I have to use a separate, phone-only app for work and it's annoying having to get the phone every time it decides to randomly log me out. When they first put the system in they said it would only be required when working from home, but it didn't take too long for that to turn into a lie.

neb

11294 posts

Uber Geek
+1 received by user: 10018

Trusted

Lifetime subscriber

#3312226 23-Nov-2024 18:12

They seem to have been slowly pushing people towards 2FA over time. My account has 2FA and I never asked for it (I don't store CC info or anything else on TM, it's mainly a bookmarking mechanism for watchlist items and having to do 2FA every time I want to check is annoying).

richms

29097 posts

Uber Geek
+1 received by user: 10205

Trusted

Lifetime subscriber

#3312235 23-Nov-2024 18:57

mattwnz:

TBH I prefer SMS MFA than using an app, just because it is easier. My bank now uses it's own app for 2FA, creating a number to type into the website each time I log in, and only one device can be used to generate this code, which IMO is a PITA. Especially when the app sometimes completely resets itself.

Own app is even worse. Particually if they have a one device limit. Steam have done that with their BS steam guard so I have been unable to login because I didnt have the right phone with me.

Proper 2 factor uses a code from an authentication app which does not need to be online and whose contents can be synced between devices or loaded into multiple devices.

Better 2 factor uses a hardware token instead, but places are reluctant to offer that for some reason.

Richard rich.ms

MadEngineer

4591 posts

Uber Geek
+1 received by user: 2570

Trusted

#3313251 26-Nov-2024 19:42

Everything is going 2fa. Best to start making use of it. Choose a favourite provider be it MS or Google or other and use that. Make sure you add a backup login account to it to sync the accounts.

You're not on Atlantis anymore, Duncan Idaho.