I used to be able to stay signed in on a few websites I use often, but that’s stopped working. I have auto-fill enabled in Brave settings. Now some websites I use frequently, like my work email, require two-factor authentication each time I sign in, even when I click the boxes indicating that the device I’m using should be trusted. Any ideas?
This has been an area of contention lately. The big issue is that Shields helps prevent fingerprinting and tracking. There can be enough changes that occur between sessions where the websites aren’t confident you’re the same person returning, thus they require you to sign in again. About the only way to possibly get around that is to disable fingerprint protection or Shields entirely for their sites.
I know there have been reports of this happening on Google, Facebook, and other such places. It’s leaving people to have to make a decision of complete privacy vs convenience.
Other thing I want to mention is the automatically sign in part of autofill was removed a while back. Part of it is that websites had to be coded for it, but the bigger issue is that many websites were coding to steal your information. You can see more on that at https://www.theguardian.com/technology/2017/jan/10/browser-autofill-used-to-steal-personal-details-in-new-phising-attack-chrome-safari
So not you have to always choose from drop down for auto fill. But I’m assuming you weren’t referencing that much compared to just speaking of cookies and it keeping you signed in.
Thank you so much for this explanation! It’s really helpful — to know that it’s a choice I have to make, and not just a glitch. Sigh, I’ve loved using Brave, but this is enough of an annoyance that I might actually switch to Firefox. Or… would I actually be better off, in terms of security, in your opinion, staying with Brave while keeping shields down for a few sites?
The trouble really is that some of the sites for which I’d most like to dispense with the constant two-factor authentication are google sites, like gmail and docs, that probably routinely steal info without shields - is that right?
Well, something like that. I’m honestly not sure how Brave will adjust or if there’s anything that can be done. This is actually a conversation I keep meaning to bring up to people like @shivan from Brave. And much of what I’m advising you is based on feedback of others users. When they disabled 2FA, they no longer had issues. But leaving 2FA on and using Shields, it was constantly making them log in again when they came back in new browser sessions.
So I have taken that bit to be the fact of the situation as it stands. But anything more than that is beyond me. I tagged him here just in case he, as one of the specialists behind Shields, might have some more accurate and detailed thoughts and advice.
I’d definitely say to keep using Brave with Shields. Keep in mind it will still block 3rd party trackers and all as you go to other sites. If you’d be willing to test, I’d like you to keep Shields active but just disable Fingerprint. So have it look something like below on Gmail:
I believe just that one change resolved it for some people. But there’s a lot of places where I haven’t been able to get people to test or give confirmation.
Not in the way you might be thinking. The big thing that Shields is helping with is preventing them from tracking your activity outside of the website. The fingerprinting protections aren’t necessarily there to stop websites from knowing when you visit them again, though it does kind of help on that. Again, the focus is identifying you as you go through the internet.
So it’s not like you’ll have your information suddenly stolen or anything. But I’m nervous on giving you much of an answer here as I’m really limited on my own knowledge and understanding. I’m definitely wanting to make sure I am going to be misleading in what I say. And me trying to give you a definitive answer would definitely be wrong of me. I lack confidence, so really hoping @shivan or @fanboynz might be more willing to answer on this if they could.
Also as I’m researching, wanted to show this in a similar conversation:
So while I’m looking at least in part of it being Shields, it may just be how they handle 2FA in general. Definitely a lot I need to learn and figure out. But thought it might be helpful to point this out as well.
Thank you! This is all really helpful. I’m going to try disabling fingerprinting for those sites, and I’ll let you know if it works.
Cheers,
Jason
Hmm, it doesn’t seem like allowing fingerprinting has solved the problem everywhere. It’s working on some sites, but not on others. Does this mean I just have to switch browsers if I’m not willing to continue to go through 2FA every time I visit some of my most frequently used sites?
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.