cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
search icon

Original topic:

Security issue - Couldn't log into account in Website without authentication via Smartphone

(Topic created on: 05-08-2023 11:53 PM)
339 Views
bdo7
Active Level 4
Options

‎05-08-2023 11:53 PM in 

Galaxy A

This is a security issue:

I tried to log into the account in the website, at URL:
https://account.samsung.com/membership/contents/main

I entered my credentials (username and password).
Then, the website blocked access to my account until I authenticated via Smartphone.

The problem with that is what happens when Smartphone is lost or stolen?
The attacker will refuse to authenticate me while I try to access my account via website.
Thus, I won't be able to use the website features, such as finding the location of the smartphone or remotely deleting the entire device.

Consequently, my personal data is compromised without the ability to delete it.

Please change it such that connecting to the account via website doesn't require authenticating via Smartphone.

 

8 Comments
IrisA
Expert Level 5
Options

‎05-09-2023 12:13 PM in 

Galaxy A

Hi,

The two-step verification of the Samsung Account cannot be canceled.

But you can set certain devices and computers as safe so that when necessary you can log into your account.

0 Likes
bdo7
Active Level 4
Options

‎05-09-2023 01:30 PM in 

Galaxy A
"But you can set certain devices and computers as safe so that when necessary you can log into your account."

How do I do that please?
0 Likes
BarS
Active Level 7
Options

‎05-09-2023 07:58 PM in 

Galaxy A

In order to set devices that will skip 2-step verification you will need to log in to your account in the device you want - when redirected to the page where you'll be asked for the code- before applying the code make sure to tick with a V the box that says 'skip 2-step verification on this device next time'. Nexy time you'll try to log in to your account- you wont be asked for 2-step verification.

0 Likes
bdo7
Active Level 4
Options

‎05-10-2023 04:42 PM in 

Galaxy A

I already had 2FA turned off, but still I was asked to authenticate via Smartphone while I tried to log into the account via Samsung website.

I think you're confused.

Here is the correct location in my opinion (maybe I'm wrong, will have to find out later):

After logging into the account in Samsung website (https://account.samsung.com/), I should go to Security tab and then click on the "Two-step verification".

Then, a new page will show up with several options.
I need to click on "Send code to your devices (1)".
See attached picture:

pic.png

Then I turn it off for the Smartphone device.

Will need to see later if it really works as I expected.

 

0 Likes
BarS
Active Level 7
Options

‎05-11-2023 09:44 AM (Last edited ‎05-11-2023 09:45 AM ) in 

Galaxy A

Whenever you try to sign in to your Samsung Account on a new device for the first time - you will need to apply 2-step verification and then you can choose the option to skip the verification the next time you will sign in to your account in the vrified device, let me know if this helps.

0 Likes
bdo7
Active Level 4
Options

‎09-07-2024 06:00 PM in 

Galaxy A


Dear BarS from Samsung Team,

Following your comment from 05-11-2023 (about a year ago):

The issue that I complained about in this thread has reproduced.

I had tried to connect to my Samsung account via THE SAME browser (so credentials were saved in browser's cookies), yet I was asked to perform 2FA while the code is sent to my Smartphone.
See picture in the URL:
https://imgur.com/a/l4ySLwe


Obviously this is ridiculous if Smartphone may be stolen.

You can't expect a normal user to log into his Samsung account every month just to make the algorithm "not forget him".

 

0 Likes
SivanV
Moderator
Moderator
Options

‎10-22-2024 03:05 PM in 

Galaxy A

Hi,
We understand the situation but have you tried clicking 'I didn't receive a verification code'?
Do you see other options for logging into the account?

0 Likes
bdo7
Active Level 4
Options

‎10-25-2024 03:40 PM in 

Galaxy A

Hi Sivan from Samsung,

The only options which I see are the ones which are shown in the picture which is linked to in my previous comment, dated 09-07-2024 (i.e. 7th Sep 2024).

To reply to your question - I didn't click on the link "Didn't get the verification code?".

The fact that the algorithm in Samsung website automatically requires me to enter a verification code from my smartphone is ridiculous.

There has to be a master password that overrides any verification code.
Let the user decide how to keep the master password.
Alternatively, let the user to decide whether he wants to enter verification code when he uses a password.
The user could be smart enough to know how to keep passwords.
In which case when device gets stolen, then the user could easily find it and/or lock the device or fully delete all the personal info on the device, which is the most critical point of this Samsung account.

I can't believe I need to write this to you.
A Security team meeting on this issue is required pronto.
0 Likes