X
Tap here to go to the mobile version of the site.

Support Forum

Log-in switching to another device?

Posted

Today I noticed something strange on my phone. I opened up my FF browser and noticed a small warning icon on the bottom right. It said, my sync was not logged in and I had to enter my password and 2FA code. After entering these - which I have done quite some time ago already, I immediately got the mail telling me about the new log-in on my account. I mean, I know that it was me, I just logged in. But it got me suspicious because my mobile should already be logged in! So I followed the 'manage devices' link to check the list of my logged-in devices. What I have found is disturbing me. My device was now two times in that list: One saying 'this device' and one stating it is located in another country (USA), last seen a couple of hours ago. I'm from Europe and I certainly have never been in the USA! Of course I removed access immediately!

Is this possibly a bug or even a security breach, that an attacker can 'transfer' a log-in token to another device without any notification? It seems like my mobile's token was removed and so I had to re-log in here. And yes, I use unique passwords with a password manager and 2FA. The only notification I ever saw on this was that my mobile no longer was logged into my sync account!

Today I noticed something strange on my phone. I opened up my FF browser and noticed a small warning icon on the bottom right. It said, my sync was not logged in and I had to enter my password and 2FA code. After entering these - which I have done quite some time ago already, I immediately got the mail telling me about the new log-in on my account. I mean, I know that it was me, I just logged in. But it got me suspicious because my mobile should already be logged in! So I followed the 'manage devices' link to check the list of my logged-in devices. What I have found is disturbing me. My device was now two times in that list: One saying 'this device' and one stating it is located in another country (USA), last seen a couple of hours ago. I'm from Europe and I certainly have never been in the USA! Of course I removed access immediately! Is this possibly a bug or even a security breach, that an attacker can 'transfer' a log-in token to another device without any notification? It seems like my mobile's token was removed and so I had to re-log in here. And yes, I use unique passwords with a password manager and 2FA. The only notification I ever saw on this was that my mobile no longer was logged into my sync account!
Quote

Additional System Details

Application

  • User Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/21.0 Mobile/15E148 Safari/605.1.15

More Information

jonwillcode 0 solutions 25 answers

Do you use a VPN on your device? That could explain why Mozilla believed you were in a different country.

Do you use a VPN on your device? That could explain why Mozilla believed you were in a different country.
Was this helpful to you?
Quote

Question owner

No, I don't. I do use cloudflare (1.1.1.1) but that is not an actual VPN, merely a dns service.

No, I don't. I do use cloudflare (1.1.1.1) but that is not an actual VPN, merely a dns service.
Was this helpful to you?
Quote

Question owner

No, I do not. I use Cloudflare (1.1.1.1) but it is not a true VPN, just a dns service.

No, I do not. I use Cloudflare (1.1.1.1) but it is not a true VPN, just a dns service.
Was this helpful to you?
Quote
Seburo
  • Top 10 Contributor
  • Moderator
902 solutions 6708 answers

Hi

I believe that the Cloudflare server is in the US, which could explain what you are seeing.

Hi I believe that the Cloudflare server is in the US, which could explain what you are seeing.
Was this helpful to you?
Quote

Question owner

As far as I am aware, Cloudflare does not mask anything. It serves as a DNS Service which does nothing but translate a dns request into an ip-address.

But even if your suggestion was the reason for why my approximate location is so far off, there is still a question that is not answered: Why was my device logged off? Repeatedly.

I just had the same log-off thing re-occure, and a few days ago too. For some strange reason, my latest confirmation mail said that I was logging in from Seattle. (I use Cloudflare for quite some time now, long before this has started.)

As far as I am aware, Cloudflare does not mask anything. It serves as a DNS Service which does nothing but translate a dns request into an ip-address. But even if your suggestion was the reason for why my approximate location is so far off, there is still a question that is not answered: Why was my device logged off? Repeatedly. I just had the same log-off thing re-occure, and a few days ago too. For some strange reason, my latest confirmation mail said that I was logging in from Seattle. (I use Cloudflare for quite some time now, long before this has started.)
Was this helpful to you?
Quote
Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.