Hi all,

To combat unauthorised logins due to lots of password leaks lately (none from MTS, just other larger hacks elsewhere), I have added an IP address check to the login process. If a login attempt is made and does not match the last few IP addresses you have used, then your account will be locked and you will have to unlock it via email.

This should help prevent (along with the 3 month inactivity timer) unauthorised logins on accounts from hackers who stole credentials from elsewhere.

Remember folks - always try and use unique passwords on sites (using a password manager or so) to prevent one leak compromising your accounts!

Regards

PS No, MTS is not compromised... and no we have not been hacked.

Re the IP address check to the login process - I don't think it is working properly as I was locked out this morning.
I spend my time at 2 locations but the IP addresses should be constant over the last two years (prior to that did change the internet provider for one of the locations).
Please look into it.
Thank you

Update: one of my locations uses a mobile internet device and therefore a generates a new IP address everytime the computer and/or internet is switched on although it is physically in the same place. This is a nightmare constantly having to reactivate my account. I am sure there are other members with mobile internet devices.

Thanks for the feedback, and I totally understand the pain points. I've done some further revisions so that you can now "Remember device" for 30 days, when activating that device. In addition, it now remembers which ASN (ISP) you use so even if you IP address changes a lot it (as in the case of your mobile device) it should not trigger the re-activation all the time.

Let me know if it's working better for you now!

Hello Tashiketh
Thank you for sorting this; once a month is okay to reactivate my account.
A slight problem that I did have to reactivate twice but will monitor - it could be a one-off.

Thank you again.

So how will that work for anyone that normally logs in over a proxy/VPN with a non-static IP? Is the account going to be automatically locked each time?

I figured when this was posted on reddit, that they had weak passwords.

Not if you use the same VPN since that'll be caught by the "Same ISP" check. But then that opens you up to someone else using the same VPN if your password ever gets leaked in a data leak.

I use a password manager and a unique password on every site/service, so I'm not worried about a password leaked elsewhere leading to login attempts on my account here. I'm currently logged in over Tor though, and I'm guessing that's not going to qualify under the "Same ISP" check, so presumably my account will be locked the next time I need to log in.