FLAW::: RingCentral web portal Login Security Script "does not recognize this device"

  • 2
  • 2
  • Idea
  • Updated 9 months ago
USA-based acct | 2287 Users | 3800 DID lines | 28 sites | all Polycom VVX500 phone handsets 

2018-04-30  Use Case - we pre-provision and activate user accounts from our centrally located Network Operations Center because we have thousands of users. 

The current way the security login challenge works via the web portal on a Samsung S8+ Galaxy phone with most current version Chrome Browser has a huge flaw. 

This is current hardware with the latest version of O/S and latest Chrome Browser.

Provisioning or moves adds changes can not longer be done on an Android smartphone via the web portal --- because of the way the Login Challenge Script works (DOESN'T WORK) 

Ring Central's security validation challenge locked me out all weekend when using the same device on the web portal that we use every day.

Clearly, RC does not store the unique mac address info for devices accessing the portal for admin purposes every day.

There  must be some other way to validate the credential beside using an email - such as send it to the device via TXT message or asking an onscreen question that will not require user to flip between their email app (to get the security code) and the "challenge window" which results in spawning another security code over and over. 

Was locked out of SuperAdmin all weekend because of the RingCentral Login validation script that forces you to get a security code via email   to login from the SAME DEVICE YOU USE ON RING CENTRAL EVERY DAY as an unrecognized device.   

Whatever token or info the RingCentral script is calling to "recognize" the device  is throwing up a message that would seem to indicate a "not recognized device"  answer for any device every time no matter what.  
Photo of Cecile Glassy

Cecile Glassy, Champion

  • 21,546 Points 20k badge 2x thumb
  • Super irritated

Posted 2 years ago

  • 2
  • 2
Photo of Peter Eastvold

Peter Eastvold

  • 90 Points 75 badge 2x thumb
I was having this problem all week with Chrome. Then finally I tried it with Microsoft Edge, and it worked... Something wrong with the programming there.
Photo of Mike Gustavson

Mike Gustavson

  • 1,440 Points 1k badge 2x thumb
I have this issue CONSTANTLY. It is so intermittent, but I see it on multiple machines - this isn't just an Android issue.

To date, I still haven't been able to use the Chrome extension, because it throws this error every time. When it happens, I can usually log in with Edge - and when I do that, it's 50/50 whether it even prompts for 2FA at all!

It's also very common that the 2FA code I get to e-mail just doesn't work.

So frustrating that this barely works. 


Photo of MyoVision

MyoVision

  • 80 Points 75 badge 2x thumb
RingCentral are we getting a resolution on this?
Photo of Jessica - Community Moderator

Jessica - Community Moderator, Official Rep

  • 8,314 Points 5k badge 2x thumb
Hi Everyone, 

I reached out to a Software Engineer and they advised that:
This usually happens when the Chrome browser has the "Ad Block" extension/plug-in installed, especially the one named - uBlock Origin. Since RingCentral is using the 3rd party service (iovation) to obtain the device ID, iovation's library name has the "snare" keyword that is blocked by some of the "Ad block". You see the following is an example for "uBlock Origin" that blocks the library that RC is using for 2-factor authentication.


Photo of Peter Eastvold

Peter Eastvold

  • 90 Points 75 badge 2x thumb
Cool!
It would be great if RingCentral Support reps knew this.
I wasted some massive time with them.
Photo of Mike Gustavson

Mike Gustavson

  • 1,440 Points 1k badge 2x thumb
This is good feedback - I do use UBlock Origin on some machines so will test without that.
Photo of Cecile Glassy

Cecile Glassy, Champion

  • 21,546 Points 20k badge 2x thumb


USA-based acct | 2287 Users | 3800 DID lines | 28 sites | all Polycom VVX500 phone handsets

2019-02-06  No add block extensions in use in our organization, other than the builtin one to Chrome.  It is a known flaw, and they really need to fix it.  Google is a Partner with RingCentral - we are a fully Google-based organization. 

Other security verification utilities are using TEXT the security verify code via SMS with an input window for entering the phone# to text it to -  INCLUDING  Google is using it.   The library RC uses for 2 factor needs to be either updated and provide an alternative. 

This is a huge roadblock for Enterprise Level customers who have to admin their RC system from various computers or devices. 
Photo of Jessica - Community Moderator

Jessica - Community Moderator, Official Rep

  • 8,284 Points 5k badge 2x thumb
Thanks for the clarification Cecile, I'll go back with this additional information and see what else I can find out for you. 
Photo of Mike Gustavson

Mike Gustavson

  • 1,440 Points 1k badge 2x thumb
Aside from the adblock issue - can we get true 2FA with an authenticator app, rather than call/text?

The text method is inherently less secure, as well as being slower and more cumbersome.

Is that on the roadmap at all?
Photo of Jessica - Community Moderator

Jessica - Community Moderator, Official Rep

  • 8,068 Points 5k badge 2x thumb
Hi Mike, 

I confirmed with our PMs that it's not currently called out on the roadmap, but a long term solutions is being researched.