9
Hazarth
3y

Short angry rant
What the fuck is wrong with the SalesForce Authenticator logic?! How in the hell do you fuck up a simple 2FA system this hard?!!

Login -> Waiting for Notification... nothing... -> Reload Page -> Login -> Waiting for Notification... nothing -> Click "Use Code instead"... nothing happens... -> Reload Page -> "Login -> don't even wait for notification and just pres "Use Code instead"... nothing -> Reload Page -> Notice there's a "Use Code" button on this page as well -> Finally be able to log into the fucking Aloha piece of shit...

How TF is it, that Duo is able to send me a push notification within 1 second and it ALWAYS works... and THIS FUCKING SHIT NEVER FUCKING WORKS THE FIRST TIME AND AT WORST JUST DOESN'T WORK AT ALL!!!!!

Fucking hell.... Don't offer me a push notification service if you don't know how to make one... jesus fucking christ... All of Salesforce security is fucking stupid, but at least the others mostly work, but this retarded piece of crap is making me actively surprised when it works on first try... Maybe it's because I'm on a slow connection, but again Duo Mobile doesn't have this problem and works *instantly*... so what sort of retarded monkey coded the SF one I don't know, but I hope they are making better products now, because this is a disgrace to programming and security

Comments
  • 3
    Don't say that, I need to start turning this shit on soon.

    Surely it can't be that... hmm actually, it probably is that bad.
  • 3
    @C0D4 I *think* they have a system where the server periodically pings your 2FA device to see if it's online and if it can send you 2FA requests.

    When I go from offline to online and ask for the request anywhere within 5 minutes it simply wont work... the longer your 2FA devices is only the more reliable it seems to be... which is a really shitty design if you ask me...

    It's also possible that it's related to my currently super slow internet (128kb/s) which could mean the phone actually tries to notify the server of it being online, but maybe it's trying to upload/download whole megabytes of information first and that's what slows it down... But if that's the case then I would be quite worried about what information it's actually exchanging... so I really hope it's the first case and they are just retarded. -_- When I feel like It I might try it through MitM Proxy and see if it communicates some bullshit or not
  • 2
    @Hazarth no, Salesforce is just shit.

    Worst. Product. EVER.

    I cannot wait for the day when that POS collapses under the weight of a massive data breach(and it's only a matter of time).
  • 0
    @Hazarth

    Well.
    Have you tried other MFA solutions?
    Or password-less?

    Maybe authentication is just not their core business and salesforce would rather fancy being integrated into the ERP system or something similar?
  • 0
    @scor
    That exactly might drive devs mad until they integrate the service into the landscape with SSO.
  • 1
    @scor I'll check, but as far as I know no other MFAs are supported for Salesforce Aloha, which is the main hub.

    I'm using a different MFA for some services where it's allowed, and I could use a different MFA if I wanted to always type in the 2FA code I think, but I'd rather use the push notification service, as that's much more convenient and faster.

    Though to be completely fair, I haven't checked the settings on Aloha if there's a support for anything else. I was told to use the official MFA when I started working on the project so I don't have high hopes
Add Comment