You can provide your own encryption key for Authy backups, which is sufficient security.My only concern with Authy is the security of its backups, but Google Authenticator on iOS is such an ugly piece of shit I'm considering going back to Authy.
You can provide your own encryption key for Authy backups, which is sufficient security.My only concern with Authy is the security of its backups, but Google Authenticator on iOS is such an ugly piece of shit I'm considering going back to Authy.
I was wondering why I saw 2FA being advertised on why switch today. I just set it upYeah something has to have happened at nintendo last week, i heard of hacks from multiple places
EDIT: It sounds like I should switch everything to Authy first? Essentially deregister and reregister every one of my accounts manually through Authy instead of the MS Authenticator app?
1Password can also store 2FA tokens and back them up also if you don't want to use multiple apps.
I have MS's version currently. If I go to Authy, I'll still need MS's version for my email/Live account?This. Authy is cool but the only need I've seen for a separate 2FA app is the Microsoft one since they sometimes use tokens that are incompatible with the standard format. (and I suppose maybe Blizzard, though at least that backs up to iCloud)
Nah. You'd remove 2FA from your account as it is now, then you'd re-add it with Authy as the authenticator.I have MS's version currently. If I go to Authy, I'll still need MS's version for my email/Live account?
Hopefully you have all your backup codes in one place!
The thing with Google Auth is that if your phone dies for example you have to activate 2FA all over again since you can't sync it to another phone. Authy does have that feature.
As long as you don't format your old phone until you're sure everything's set up on your new one you should be fine.Hey, though. I'm about to upgrade my phone and my 2FA is Microsoft's Authenticator version on this phone. Is there a good checklist type document somewhere to make sure you don't fuck yourself over when changing phones?
How safe are the apps themselves like authy?
Are they themselves not at risk of data leaks?
Stupid question I know
It would be bad if it was compromised, but that's why we use two-factor authentication.My only concern with Authy is the security of its backups, but Google Authenticator on iOS is such an ugly piece of shit I'm considering going back to Authy.
I like 1Password - especially its family account - but will caution people that if you're using a cloud-based password manager like that, and are storing both the password and OTP in it, you're reducing that protection to a single factor for some attacks; i.e. access to your vault now gives them access to that account.This. Authy is cool but the only need I've seen for a separate 2FA app is the Microsoft one since they sometimes use tokens that are incompatible with the standard format. (and I suppose maybe Blizzard, though at least that backs up to iCloud)
Possible you have a second Nintendo account that is getting attacked?Saw this thread yesterday and thought nothing of it (I already have 2FA enabled on most of my active accounts)... then just last night had an email from Nintendo saying somebody has logged in using my account from Israel! I no longer have any Nintendo consoles (sold my Switch about 3 years ago after finishing BOTW and Odyssey) so I didn't think to enable 2FA there. I immediately changed my password to something random and secure (use 1Password app for generation) and thought that was fine.
3 hours later, another email from Nintendo saying somebody from USA has now logged into my account using Firefox! WTF! If I have just changed my password to something completely random and secure, how can anybody still be logging in?
Anyway, at that point I downloaded Authy and also enabled 2FA for my Nintendo account, then also regenerated a secure password using 1Password... let's hope that does the trick.
Possible you have a second Nintendo account that is getting attacked?
This x1000I don't know how many times I need to say it but...
EVERYTHING THAT CAN HAVE 2FA ENABLED SHOULD HAVE 2FA ENABLED
I don't know how many times I need to say it but...
EVERYTHING THAT CAN HAVE 2FA ENABLED SHOULD HAVE 2FA ENABLED
Saw this thread yesterday and thought nothing of it (I already have 2FA enabled on most of my active accounts)... then just last night had an email from Nintendo saying somebody has logged in using my account from Israel! I no longer have any Nintendo consoles (sold my Switch about 3 years ago after finishing BOTW and Odyssey) so I didn't think to enable 2FA there. I immediately changed my password to something random and secure (use 1Password app for generation) and thought that was fine.
3 hours later, another email from Nintendo saying somebody from USA has now logged into my account using Firefox! WTF! If I have just changed my password to something completely random and secure, how can anybody still be logging in?
Anyway, at that point I downloaded Authy and also enabled 2FA for my Nintendo account, then also regenerated a secure password using 1Password... let's hope that does the trick.
yeah front page news on my switch was saying to enable 2FA. so yeah it seems weird.This further confirms my theory. There was/is a Nintendo breach and it's really shitty they're pretending there wasn't.
Saw this thread yesterday and thought nothing of it (I already have 2FA enabled on most of my active accounts)... then just last night had an email from Nintendo saying somebody has logged in using my account from Israel! I no longer have any Nintendo consoles (sold my Switch about 3 years ago after finishing BOTW and Odyssey) so I didn't think to enable 2FA there. I immediately changed my password to something random and secure (use 1Password app for generation) and thought that was fine.
3 hours later, another email from Nintendo saying somebody from USA has now logged into my account using Firefox! WTF! If I have just changed my password to something completely random and secure, how can anybody still be logging in?
Anyway, at that point I downloaded Authy and also enabled 2FA for my Nintendo account, then also regenerated a secure password using 1Password... let's hope that does the trick.
Oh...b/c hackers can clone your phone/number and receive those texts?
Yeah, I mean, many 2FA options only include SMS, right?
2FA is annoying as someone who doesn't always use their phone or have it charged, makes it impossible to access my account sometimes. It also makes it hard for other people to use my devices since I never save auto log on. I don't really care too much if most of my accounts get compromised since I don't save my credit card info anywhere (always manually enter it in case of a breach), and worst case I can always deal with it with the CC company.
You guys don't own digital games etc? Are you really that carefree about potentially losing your account(s)?I don't have any credit card info stored, anywhere. So I'm not sure if I really need it. Might an account get compromised? Sure. But...eh.
That's not true. You only have to login to the new device / restored device and it will download your 2FA settings.That doesn't do shit for migrating to another device by the way.
I recently had to migrate a bunch of Microsoft Authenticator App setups to a new phone but all the cloud backup did was copy over the fact I had some authenticators set up. I still had to re-register them all to get them to actually work.
You guys don't own digital games etc? Are you really that carefree about potentially losing your account(s)?
It would absolutely suck, but so far it hasnt happened once. And my Steam library consists of like 25 games or so. Outside my Switch I barely go digital.You guys don't own digital games etc? Are you really that carefree about potentially losing your account(s)?
In my experience there aren't too many left that only support SMS. Out of 58 logins, Sony is the only one of mine that just uses SMS. I don't know why they're so behind. Most other things are starting to support hardware tokens, even Nintendo supports them.
I do it for everything, but I didn't know you could do it on Nintendo accounts.
Didn't work for any of mine. I got my three accounts pop up but it just told me to re-scan the QR codes to re-register them.That's not true. You only have to login to the new device / restored device and it will download your 2FA settings.
It took no time, actually, very effortless.Hopefully you actually get Nintendo's email when you try to set it up. I never do...
2FA is annoying as someone who doesn't always use their phone or have it charged, makes it impossible to access my account sometimes. It also makes it hard for other people to use my devices since I never save auto log on. I don't really care too much if most of my accounts get compromised since I don't save my credit card info anywhere (always manually enter it in case of a breach), and worst case I can always deal with it with the CC company.
Yep I almost lost my PSN account because I didn't have 2FA. Never again.