# DRI Member Log In - Two Step Verification



## DRIless (Jan 28, 2022)

Not able to log in for past day and a half, no emails coming with the 'code.'  Are others having this problem?


----------



## T_R_Oglodyte (Jan 28, 2022)

Everything normal for me.  One-step sign in.


----------



## clipper (Jan 28, 2022)

DRIless said:


> Not able to log in for past day and a half, no emails coming with the 'code.'  Are others having this problem?


I am having the exact same problem, started yesterday.  Not receiving email with verification code.  Checked spam folder just in case.  Nada.


----------



## youppi (Jan 28, 2022)

No problem for me. I use Microsoft Authenticator app to generate the code.


----------



## DRIless (Jan 28, 2022)

youppi said:


> No problem for me. I use Microsoft Authenticator app to generate the code.


What is that?


----------



## DRIless (Jan 28, 2022)

T_R_Oglodyte said:


> Everything normal for me.  One-step sign in.


Quite awhile back, their system forced me to accept a two step process .......


----------



## DRIless (Jan 28, 2022)

DRIless said:


> Not able to log in for past day and a half, no emails coming with the 'code.'  Are others having this problem?


Also not receiving reservation confirmation emails


----------



## T_R_Oglodyte (Jan 28, 2022)

DRIless said:


> Quite awhile back, their system forced me to accept a two step process .......


I received notice of that but it wasn't forced.  I opted to stay with single step sign-in.  

Once I get in, there is a red flag next to "My Account" on the left side of the Dashboard.  If I follow that flag, I reach a page to turn on 2-step verification if I want. Since I've never turned it on, I don't know if you can go back and turn it off.


----------



## clipper (Jan 28, 2022)

DRIless said:


> Quite awhile back, their system forced me to accept a two step process .......


I also remember not having a choice.  It's been a nuisance ever since.


----------



## dioxide45 (Jan 28, 2022)

T_R_Oglodyte said:


> Since I've never turned it on, I don't know if you can go back and turn it off.


Can't turn it off if one can't login because it is turned on.


----------



## clipper (Jan 28, 2022)

I sent a message to the DRI twitter account.  No response.  I called their customer service line looking for their technical support, no such option.  So I called back and selected the option to book a vacation.  A nice lady answered within 1 minute.  She did not know whom to send me for technical support so she said she would try to help me instead.  She was able to go into my account and disable the two-step verification so I can log in now.

*Members who can't log into their account should call customer service for now and ask to have their 2-step verification turned off. * She said they will try to look for and fix the problem.


----------



## T_R_Oglodyte (Jan 28, 2022)

dioxide45 said:


> Can't turn it off if one can't login because it is turned on.


Understood.  I was offering that as an option when/if you are ever able to log in. 

BTW - a bit of a stab in the dark, but try accessing the site with a different browser because sometimes sites have compatibility issues with different browsers.


----------



## youppi (Jan 28, 2022)

DRIless said:


> What is that?


When you enable a 2FA for the first time on an account, you often have the choice between SMS, email or app.
App is the recommended way and DRI recommend it too (see https://cmsprod.diamondresorts.com/node/19666)
There is multiple apps on IOS and Android available for 2FA: Google Authenticator, Microsoft Authenticator, Authy, ...








						8 Best Two-Factor (2FA) Authentication Apps to Protect Your Email and Social Media
					

Two-factor authentication is a security feature that protects your online accounts by adding an extra layer of security.




					geekflare.com


----------



## youppi (Jan 28, 2022)

You can check this post I did in the TUG lounge https://tugbbs.com/forums/threads/anyone-using-yubikey-for-2fa.331915/#post-2720825 where I post a link showing which sites support SMS, email, app, ... as 2FA


----------



## T_R_Oglodyte (Jan 28, 2022)

youppi said:


> When you enable a 2FA for the first time on an account, you often have the choice between SMS, email or app.
> App is the recommended way and DRI recommend it too (see https://cmsprod.diamondresorts.com/node/19666)
> There is multiple apps on IOS and Android available for 2FA: Google Authenticator, Microsoft Authenticator, Authy, ...
> 
> ...


Given those options I always use SMS, as a privacy issue.


----------



## geist1223 (Jan 28, 2022)

If I have not signed--in for a while it does the two step verification. It sends me a Text Message to my Fone. If I sign-in every couple days I get right in.


----------



## dioxide45 (Jan 28, 2022)

T_R_Oglodyte said:


> Given those options I always use SMS, as a privacy issue.


I utilize SMS mostly because sites I access don't support software authentication. SMS isn't as secure as a software authenticator. Though any two-step authentication is better than none. I am not sure why DRI would need such a system. Are people concerned they may go in and make a payment on their maintenance fees for them? I guess they could make some reservations, but as long as they aren't for tomorrow and you check your account often enough, you could get that fixed.


----------



## T_R_Oglodyte (Jan 28, 2022)

dioxide45 said:


> I utilize SMS mostly because sites I access don't support software authentication. SMS isn't as secure as a software authenticator. Though any two-step authentication is better than none. *I am not sure why DRI would need such a system. Are people concerned they may go in and make a payment on their maintenance fees for them? *I guess they could make some reservations, but as long as they aren't for tomorrow and you check your account often enough, you could get that fixed.


Which is why I don't bother with two-factor ID for sites such as DRI.


----------



## youppi (Jan 29, 2022)

dioxide45 said:


> I utilize SMS mostly because sites I access don't support software authentication. SMS isn't as secure as a software authenticator. Though any two-step authentication is better than none. I am not sure why DRI would need such a system. Are people concerned they may go in and make a payment on their maintenance fees for them? I guess they could make some reservations, but as long as they aren't for tomorrow and you check your account often enough, you could get that fixed.


When I go in the Confirmed Reservations section, beside each of my reservations there is a View button and a Cancel button. 
I never tried the Cancel button but I always suppose this button is to cancel the reservation.
So, if it's the case, I don't want anybody access my account and cancel my reservations.


----------



## clipper (Feb 2, 2022)

I received this last Monday (2 days ago):


> Diamond Resorts sent you a Direct Message.
> Hi xxxxx, the website issue has been resolved according to our team. Please try logging in again and let us know if the issue persists. Thank you. -xxxxx



I responded that someone from Customer Service already turned off my 2-step verification and I have no plans of turning it back on.  So if someone is still having this problem, you may want to inform DRI.


----------



## DRIless (Feb 3, 2022)

clipper said:


> I received this last Monday (2 days ago):
> I responded that someone from Customer Service already turned off my 2-step verification and I have no plans of turning it back on.  So if someone is still having this problem, you may want to inform DRI.


Wish they'd give me that option, but they seem to want me to have it.  Switched to Microsoft Authenticator as the email codes still weren't arriving.


----------



## Eileen A. (Mar 29, 2022)

clipper said:


> I sent a message to the DRI twitter account.  No response.  I called their customer service line looking for their technical support, no such option.  So I called back and selected the option to book a vacation.  A nice lady answered within 1 minute.  She did not know whom to send me for technical support so she said she would try to help me instead.  She was able to go into my account and disable the two-step verification so I can log in now.
> 
> *Members who can't log into their account should call customer service for now and ask to have their 2-step verification turned off. * She said they will try to look for and fix the problem.


I'm also having this very annoying problem.  No email comes and then when it does come much later if is no longer valid. 
Called Customer Service and was told there was nothing they could do.  I just need to be faster.  LOL.  I said it wasn't me it was their
system or the internet.  I got frustrated and said just put me thru to your survey.  Customer Service had quite an attitude.


----------



## Nowaker (Apr 1, 2022)

T_R_Oglodyte said:


> Given those options I always use SMS, as a privacy issue



SMS is not private. Your carrier can read its contents. You're also susceptible to having your phone stolen and SIM card retrieved to bypass 2FA. Also, SIM swap scams aren't unheard of.

App authenticators offer more privacy than SMS. Most app authenticators keep the seeds on your phone and your phone only. No cloud storage, even for Google Authenticator. You don't have to use Google's or Microsoft's apps if you don't trust them. Get the open source Authenticator Pro instead: https://github.com/jamie-mh/AuthenticatorPro - and if you don't trust Google Play Store, acquire it from the independent, open source only F-Droid: https://f-droid.org/. You don't even need to use a phone app for an authenticator. You can use a standalone application on your computer, like KeePass with OTP plugin: https://keepass.info/plugins.html#kpotp.

Just correcting a false statement that SMS offers more privacy than an authenticator, and explaining why.


----------

