Product purchase requirement Moderators: adafruit_support_bill, adafruit

[x0bkhawk]

I would like to buy a raspberry PI and would like to know the specific requirements to do that.

Do I need to have two-factor authentication enabled on my account? Or will an "Account Verified" be sufficient?

When stock becomes available that is. When it does I don't want to be trying to figure the above out.

Bryan

[adafruit_support_carter]

You will need to enable 2FA. Checkout the blog post here:
https://blog.adafruit.com/2022/03/17/ve ... -products/

There's also some more info here:
https://learn.adafruit.com/how-to-set-u ... -2fa-f-a-q

[MOV]

I have a verified account which I used for more than 10 years now.

I see that the SMS option is not available but I also can't install any of the apps you suggest since my phone runs an unsupported OS.

Does that mean that I am effectively barred from buying any product which requires 2FA despite the fact my account history can prove I am not a bot/abuser/etc?

[adafruit_support_carter]

Is the Adafruit Raspberry Pi 2FA requirement your only run in with needing 2FA? If you use 2FA with other accounts, how are you currently generating the TOTP (password key)?

[MOV]

Currently it is, but that's what living in a Linux/BSD world means. I don't see an answer to my question though.

[MOV]

I take it your commitment to privacy and software freedom is about as deep as the answer I got.

[freddyboomboom]

In the learn guide that was linked there is an option for a hardware two factor authentication key, and Lady Ada has talked about setting up a microcontroller board with code to generate the authentication key.

Yubikey is only one option, there are many others.

From the Learn Guides: https://learn.adafruit.com/search?q=2fa

Setting it up on a CircuitPython board: https://learn.adafruit.com/circuitpython-totp-otp-2fa-authy-authenticator-friend

Carter asked how are you currently generating the TOTP for other accounts that use two factor authentication, and you ignored that question.

Maybe you could use that other method to generate the keys for Adafruit also.

[MOV]

Some reading comprehension would be nice, as my answer to the first question made the second question irrelevant.

You all missed the gist as well. This was less about the technical "how to" part and more about seeing how you handle a longtime customer's request. You did that poorly, very poorly.

As for "them's the rules" approach: I will not jump through any hoops just to be able to give you money, especially when it comes to non-essential, hobby stuff.

Over and out.

[adafruit_support_carter]

Sorry for not responding sooner. I have no additional information or specific guidance at this time, unfortunately. However, this was passed on internally several days ago so the situation could be looked at to determine what options might be available. I will update here when I know more.

[rob____s]

I had difficulty setting up 2FA and came to the forum looking for answers. The error messages (two of them at once) weren't clear and/or detailed enough for an end-user, but I figured it out (it was because my account name had a space in it). Amazing that somehow I was able to "get" a username that was somehow trouble for your system... but anyway.

MOV is right, it is quite trivial to determine bot status by looking at order history and could have been done en masse. He might use SMS for his 2FA everywhere else or have some situation/solution elsewhere that he isn't actually allowed to elaborate on within a public forum or use other places. Just a really bad overall look coming down accusatory on a customer. Seems petty. Could really use some improvement on service from your end.

Just a generally bad user experience with Adafruit+2FA for me as well. Could have been handled with a run through looking at existing order history and marking accounts with a varied enough order history as "immune" (not to mention much more accurately detect humans in the future); requiring verification+2FA for ones that aren't obvious or those that had recent account changes like address, etc.. Wouldn't be hard to bypass a 2FA "secured" bot detection/protection scheme anyway.