I’ve noticed that QuickFile has started showing me this message when I log in:

New Device Detected

We noticed you’re signing in from a new device. Confirm this device by accessing the approval link we’ve emailed to you.

Keep this page open and access the approval link on the same internet connection that you’re currently using.

This message displays even in browsers where I have logged in before. Now I have to go open my email app, then click the link, which often opens in a different browser then I had originally intended, since I use multiple browsers with different profiles or containers. I want to be able to just log in quickly, without all of this hassle.

Can I disable this extra check? I would like to log in with email address and password only. If two factor authentication is really required, can we please use TOTP authentication as used in Google Authenticator instead of verification links to email addresses?

Hello @bidi

The new security measure checks your IP address against the one you used previously.

You should only have to authorise if the IP is different.

You can right click the “Approve Device” button in the email and copy the link and paste it into the intended browser

My IP address does change frequently. IP addresses are not stable. Some Internet service providers change the IP address provided to a customer every few hours. IP addresses can change even faster than that for mobile users on a train, for instance.

I understand why QuickFile would want to check the IP address. There are others websites that do something similar, but I don’t experience this issue with them, because they don’t treat IP addresses exactly the same. On Google for instance, if I log in using a new IP address, then my login is considered more suspicious, especially if the new IP address is in a region of the world that is unexpected. However, Google (and other websites) set a cookie once I have logged in once. This cookie contains an un-guessable value to make it secure, and it is remembered and used, so that I am not continually prompted to verify my identity once I’ve logged in once, even if my IP address changes. This cookie is usually separate from the usual log-in cookie, so that I can be re-prompted for a password without being re-prompted with a verification link sent to my email address. Because this cookie is secure, its signal is considered highly trustworthy, and overrides any suspicion that a new IP address may cause.

Hi @bidi

Thank you for your feedback. We’ll certainly pass this onto the development team and we’ll let you know if anything is changed here.

This topic was automatically closed after 7 days. New replies are no longer allowed.