0

Product purchase requirement
Moderators: adafruit_support_bill, adafruit

Please be positive and constructive with your questions and comments.

Product purchase requirement

by x0bkhawk on Thu Apr 21, 2022 6:05 pm

I would like to buy a raspberry PI and would like to know the specific requirements to do that.

Do I need to have two-factor authentication enabled on my account? Or will an "Account Verified" be sufficient?

When stock becomes available that is. When it does I don't want to be trying to figure the above out.

Bryan

x0bkhawk
 
Posts: 1
Joined: Thu Apr 21, 2022 1:32 pm

Re: Product purchase requirement

by adafruit_support_carter on Thu Apr 21, 2022 6:14 pm

You will need to enable 2FA. Checkout the blog post here:
https://blog.adafruit.com/2022/03/17/ve ... -products/

There's also some more info here:
https://learn.adafruit.com/how-to-set-u ... -2fa-f-a-q

adafruit_support_carter
 
Posts: 23684
Joined: Tue Nov 29, 2016 2:45 pm

Re: Product purchase requirement

by MOV on Tue May 24, 2022 3:54 pm

I have a verified account which I used for more than 10 years now.

I see that the SMS option is not available but I also can't install any of the apps you suggest since my phone runs an unsupported OS.

Does that mean that I am effectively barred from buying any product which requires 2FA despite the fact my account history can prove I am not a bot/abuser/etc?

MOV
 
Posts: 7
Joined: Fri Dec 13, 2019 4:53 pm

Re: Product purchase requirement

by adafruit_support_carter on Wed May 25, 2022 1:27 pm

Is the Adafruit Raspberry Pi 2FA requirement your only run in with needing 2FA? If you use 2FA with other accounts, how are you currently generating the TOTP (password key)?

adafruit_support_carter
 
Posts: 23684
Joined: Tue Nov 29, 2016 2:45 pm

Re: Product purchase requirement

by MOV on Wed May 25, 2022 4:50 pm

Currently it is, but that's what living in a Linux/BSD world means. I don't see an answer to my question though.

MOV
 
Posts: 7
Joined: Fri Dec 13, 2019 4:53 pm

Re: Product purchase requirement

by MOV on Sun May 29, 2022 12:19 pm

I take it your commitment to privacy and software freedom is about as deep as the answer I got.

MOV
 
Posts: 7
Joined: Fri Dec 13, 2019 4:53 pm

Re: Product purchase requirement

by freddyboomboom on Mon May 30, 2022 10:54 pm

In the learn guide that was linked there is an option for a hardware two factor authentication key, and Lady Ada has talked about setting up a microcontroller board with code to generate the authentication key.

Yubikey is only one option, there are many others.

From the Learn Guides: https://learn.adafruit.com/search?q=2fa

Setting it up on a CircuitPython board: https://learn.adafruit.com/circuitpython-totp-otp-2fa-authy-authenticator-friend

Carter asked how are you currently generating the TOTP for other accounts that use two factor authentication, and you ignored that question.

Maybe you could use that other method to generate the keys for Adafruit also.

freddyboomboom
 
Posts: 176
Joined: Wed Feb 16, 2022 7:55 pm

Re: Product purchase requirement

by MOV on Tue May 31, 2022 2:05 pm

Some reading comprehension would be nice, as my answer to the first question made the second question irrelevant.

You all missed the gist as well. This was less about the technical "how to" part and more about seeing how you handle a longtime customer's request. You did that poorly, very poorly.

As for "them's the rules" approach: I will not jump through any hoops just to be able to give you money, especially when it comes to non-essential, hobby stuff.

Over and out.

MOV
 
Posts: 7
Joined: Fri Dec 13, 2019 4:53 pm

Re: Product purchase requirement

by adafruit_support_carter on Tue May 31, 2022 5:31 pm

Sorry for not responding sooner. I have no additional information or specific guidance at this time, unfortunately. However, this was passed on internally several days ago so the situation could be looked at to determine what options might be available. I will update here when I know more.

adafruit_support_carter
 
Posts: 23684
Joined: Tue Nov 29, 2016 2:45 pm

Re: Product purchase requirement

by rob____s on Sun Jun 05, 2022 9:04 pm

I had difficulty setting up 2FA and came to the forum looking for answers. The error messages (two of them at once) weren't clear and/or detailed enough for an end-user, but I figured it out (it was because my account name had a space in it). Amazing that somehow I was able to "get" a username that was somehow trouble for your system... but anyway.

MOV is right, it is quite trivial to determine bot status by looking at order history and could have been done en masse. He might use SMS for his 2FA everywhere else or have some situation/solution elsewhere that he isn't actually allowed to elaborate on within a public forum or use other places. Just a really bad overall look coming down accusatory on a customer. Seems petty. Could really use some improvement on service from your end.

Just a generally bad user experience with Adafruit+2FA for me as well. Could have been handled with a run through looking at existing order history and marking accounts with a varied enough order history as "immune" (not to mention much more accurately detect humans in the future); requiring verification+2FA for ones that aren't obvious or those that had recent account changes like address, etc.. Wouldn't be hard to bypass a 2FA "secured" bot detection/protection scheme anyway.

rob____s
 
Posts: 6
Joined: Thu Oct 06, 2011 9:45 pm

Please be positive and constructive with your questions and comments.