UPDATE 8/10/23: You can now have the 2FA remember your device for 90 days instead of 30 days. Cutting the number of times that you have to re-verify your devices to just 4 times per year.
UPDATE 3/22/22: You can now have the 2FA remember your device for 60 days instead of 30 days. Cutting the number of times that you have to re-verify your devices in half per year.
Due to the ongoing fraud occurring in the Classifieds from the unauthorized use of member accounts, two-step verification (also called two-factor authentication or 2FA for short) is now required on all accounts.
The number of failed logins in a 15 min period is unusually high, and the IPs associated with those failed logins are the same IPs used to post fake ads in the classifieds. This is a brute force attack on accounts using weak passwords and not having 2FA enabled. Accounts get locked out after four failed login attempts in a set time period to combat this kind of attack. This is built into the forum software and has no adjustments, unfortunately.
I recommend changing your password AFTER enabling 2FA.
Once you set up 2FA, you will be shown one-time use backup codes. Be sure to save them. Depending on which method you choose, these codes can be used if you lose access to the authenticator app on your phone or your registered email address.
When you log in with 2FA for the first time, you will be given the option to check a box to remember your device for 30 days. This is so you don't have to re-verify every time you log in only on that device. If you use multiple devices (phone, tablet, computer), you have to verify those devices when you log on with them. If you clear your browser's cookies on a device, you will have to re-verify that device the next time you log in. Otherwise, it's 30 days.
Recommended 2FA Apps (available for both Android and iPhone)
Microsoft Authenticator
Android: https://play.google.com/store/apps/details?id=com.azure.authenticator
iPhone: https://apps.apple.com/us/app/microsoft-authenticator/id983156458
Google Authenticator
Android: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2
iPhone: https://apps.apple.com/us/app/google-authenticator/id388497605
STEP 1
Login like you usually do. You will see this message. Click the link to set up 2FA. You should have already downloaded one of the 2FA apps mentioned above.
STEP 2
You will be prompted to re-enter your password.
STEP 3
Choose which 2FA method you want to enable; Verification code via app or Email confirmation. I highly recommend using the app method as email can be unreliable at times.
STEP 4
Using the 2FA app of your choice, choose the "add account" option. You will then be given the opportunity to scan the QR code displayed on the PCF page using your phone's camera or type in the secret code under the QR code. If you are using PCF on your phone and setting up 2FA, you won't be able to scan the QR code, so entering the secret code is the alternative.
***STEP 5***
After setting up 2FA, you'll be shown some one-time use backup codes. Remember to save these codes so you don't get locked out of your account if you lose access to the authenticator app on your phone or the email address on your PCF account. Copy and paste them into a text document is the easiest way to save them. Save the text document in a safe place. (i.e., One Drive, Google Drive, etc.)
If you are using an authentication app on your phone, and get a new phone, be sure to use the backup or transfer accounts feature in the 2FA app before wiping your old phone.
If you need to use a one-time use backup code to get back into your account, that means you need to setup 2FA again with your new phone or with an updated email address on your account.
After completing the 2FA setup, you are still logged in and can use the site like you usually do. Once you log out or your session cookie expires, this will be the first time you be using a 2FA code to log in.
STEP 6
Log in like you usually do and now you will see the screen below. Go to the 2FA app on your phone, find your PCF account in the list, and see the code you need to enter. The code on your phone typically changes every 30 seconds, so it's better to wait until you get a new code to give you more time to enter it.
After you enter the code, you can choose to remember the device you have been using for 30 days. If you keep the box checked, you won't have to enter another 2FA code for 30 days on that device. If you use multiple devices (ex: laptop, tablet, desktop), you'll be prompted to enter a 2FA code again to very those devices too. Just repeat STEP 6 for each device you use to connect to PCF.
Click the Confirm button before the 2FA code expires.
2FA BACKUP CODES
If you have 2FA already enabled and didn't save your one-time use backup codes, you can view them again and/or generate new ones by going here.
Even with 2FA required, it does not guarantee that there will never be another scam. Please protect yourself by using a payment method like PayPal Goods and Services.
Use your discretion when using payment methods that don't offer buyer protection like PayPal Friends and Family, Zelle, Venmo, Google Pay or GPay, CashApp, Crypto, among others. Unless you can be 100% sure that you are dealing with the person you know by some other way like a text message or phone call, you are putting yourself at risk.
Another thing that the scammer did was offer the same chips to other interested members that posted in the sale thread via PMs saying that the first person didn't pay. Perhaps send a group PM to make sure that is not occurring before you send payment.
I can't disclose everything publicly for security reasons but I want everyone to know that I am doing everything I can on my end to help stop this from happening.
Due to the ongoing fraud occurring in the Classifieds from the unauthorized use of member accounts, two-step verification (also called two-factor authentication or 2FA for short) is now required on all accounts.
The number of failed logins in a 15 min period is unusually high, and the IPs associated with those failed logins are the same IPs used to post fake ads in the classifieds. This is a brute force attack on accounts using weak passwords and not having 2FA enabled. Accounts get locked out after four failed login attempts in a set time period to combat this kind of attack. This is built into the forum software and has no adjustments, unfortunately.
I recommend changing your password AFTER enabling 2FA.
Once you set up 2FA, you will be shown one-time use backup codes. Be sure to save them. Depending on which method you choose, these codes can be used if you lose access to the authenticator app on your phone or your registered email address.
When you log in with 2FA for the first time, you will be given the option to check a box to remember your device for 30 days. This is so you don't have to re-verify every time you log in only on that device. If you use multiple devices (phone, tablet, computer), you have to verify those devices when you log on with them. If you clear your browser's cookies on a device, you will have to re-verify that device the next time you log in. Otherwise, it's 30 days.
Recommended 2FA Apps (available for both Android and iPhone)
Microsoft Authenticator
Android: https://play.google.com/store/apps/details?id=com.azure.authenticator
iPhone: https://apps.apple.com/us/app/microsoft-authenticator/id983156458
Google Authenticator
Android: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2
iPhone: https://apps.apple.com/us/app/google-authenticator/id388497605
STEP 1
Login like you usually do. You will see this message. Click the link to set up 2FA. You should have already downloaded one of the 2FA apps mentioned above.
STEP 2
You will be prompted to re-enter your password.
STEP 3
Choose which 2FA method you want to enable; Verification code via app or Email confirmation. I highly recommend using the app method as email can be unreliable at times.
STEP 4
Using the 2FA app of your choice, choose the "add account" option. You will then be given the opportunity to scan the QR code displayed on the PCF page using your phone's camera or type in the secret code under the QR code. If you are using PCF on your phone and setting up 2FA, you won't be able to scan the QR code, so entering the secret code is the alternative.
***STEP 5***
After setting up 2FA, you'll be shown some one-time use backup codes. Remember to save these codes so you don't get locked out of your account if you lose access to the authenticator app on your phone or the email address on your PCF account. Copy and paste them into a text document is the easiest way to save them. Save the text document in a safe place. (i.e., One Drive, Google Drive, etc.)
If you are using an authentication app on your phone, and get a new phone, be sure to use the backup or transfer accounts feature in the 2FA app before wiping your old phone.
If you need to use a one-time use backup code to get back into your account, that means you need to setup 2FA again with your new phone or with an updated email address on your account.
After completing the 2FA setup, you are still logged in and can use the site like you usually do. Once you log out or your session cookie expires, this will be the first time you be using a 2FA code to log in.
STEP 6
Log in like you usually do and now you will see the screen below. Go to the 2FA app on your phone, find your PCF account in the list, and see the code you need to enter. The code on your phone typically changes every 30 seconds, so it's better to wait until you get a new code to give you more time to enter it.
After you enter the code, you can choose to remember the device you have been using for 30 days. If you keep the box checked, you won't have to enter another 2FA code for 30 days on that device. If you use multiple devices (ex: laptop, tablet, desktop), you'll be prompted to enter a 2FA code again to very those devices too. Just repeat STEP 6 for each device you use to connect to PCF.
Click the Confirm button before the 2FA code expires.
2FA BACKUP CODES
If you have 2FA already enabled and didn't save your one-time use backup codes, you can view them again and/or generate new ones by going here.
Even with 2FA required, it does not guarantee that there will never be another scam. Please protect yourself by using a payment method like PayPal Goods and Services.
Use your discretion when using payment methods that don't offer buyer protection like PayPal Friends and Family, Zelle, Venmo, Google Pay or GPay, CashApp, Crypto, among others. Unless you can be 100% sure that you are dealing with the person you know by some other way like a text message or phone call, you are putting yourself at risk.
Another thing that the scammer did was offer the same chips to other interested members that posted in the sale thread via PMs saying that the first person didn't pay. Perhaps send a group PM to make sure that is not occurring before you send payment.
I can't disclose everything publicly for security reasons but I want everyone to know that I am doing everything I can on my end to help stop this from happening.
Last edited:
