You can provide your own encryption key for Authy backups, which is sufficient security.
-
Ever wanted an RSS feed of all your favorite gaming news sites? Go check out our new Gaming Headlines feed! Read more about it here.
-
We have made minor adjustments to how the search bar works on ResetEra. You can read about the changes here.
Get 2FA on your accounts folks!
- Thread starter sensui-tomo
- Start date
Thanks to this thread I switched from Google Authenticator to Authy, was always worried with Google's that I might lose the codes or would have to change 2FA individually for every single account whenever I would change phones.
Turn 2FA on, people!
And also Crunchyroll still doesn't fucking have 2FA.
Turn 2FA on, people!
And also Crunchyroll still doesn't fucking have 2FA.
Hey, though. I'm about to upgrade my phone and my 2FA is Microsoft's Authenticator version on this phone. Is there a good checklist type document somewhere to make sure you don't fuck yourself over when changing phones? I don't want to get locked out of these accounts and when I was setting them up I didn't realize what those 6 codes were for on each one and I didn't write them down.
EDIT: It sounds like I should switch everything to Authy first? Essentially deregister and reregister every one of my accounts manually through Authy instead of the MS Authenticator app?
EDIT: It sounds like I should switch everything to Authy first? Essentially deregister and reregister every one of my accounts manually through Authy instead of the MS Authenticator app?
Last edited:
I was wondering why I saw 2FA being advertised on why switch today. I just set it up
Correct. The MS Authenticator doesn't show the seed code so they can't be directly ported. It does have a cloud backup so maybe you could extract the values that way but re-registering is guaranteed to work.
This. Authy is cool but the only need I've seen for a separate 2FA app is the Microsoft one since they sometimes use tokens that are incompatible with the standard format. (and I suppose maybe Blizzard, though at least that backs up to iCloud)
I have MS's version currently. If I go to Authy, I'll still need MS's version for my email/Live account?
Nah. You'd remove 2FA from your account as it is now, then you'd re-add it with Authy as the authenticator.
I personally use Authy for my MS account and it works fine.
Phone numbers can be hijacked. Codes go somewhere else and now you're out an account or worse. With a 2FA app stealing the phone number doesn't unlock anything.
I was going to ask what was wrong with it. But I do have all of my backup codes in one place so I suppose theres no reason for me to bother. lol.
Does Sony allow for 2-factor apps like Authy or are they still relegating to text-based codes? I have 2-factor on, but I hate how, the last I checked, they only allowed text-based authentication.
How safe are the apps themselves like authy?
Are they themselves not at risk of data leaks?
Stupid question I know
Are they themselves not at risk of data leaks?
Stupid question I know
As long as you don't format your old phone until you're sure everything's set up on your new one you should be fine.
People here have said otherwise, but I swear I remember upgrading iPhone's and Microsoft's authenticator copying all my 2FA across seamlessly. I was screwed by Google Authenticator's lack of backup's previously so I was prepared this time, but I didn't need to do anything.
Authy stores encrypted details in the cloud which is how you can seamlessly move from phone to phone. If they're breached it'd come down to their internal practices like are backups stored in the clear? Someone would still need your password for a given site regardless.
Offline apps (I use Aegis) don't have that problem and someone would need access to the device to steal the codes. Malware seeking out 2FA apps will increase as 2FA spreads. Don't trust your device? Next step is a physical token like a Yubikey.
Saw this thread yesterday and thought nothing of it (I already have 2FA enabled on most of my active accounts)... then just last night had an email from Nintendo saying somebody has logged in using my account from Israel! I no longer have any Nintendo consoles (sold my Switch about 3 years ago after finishing BOTW and Odyssey) so I didn't think to enable 2FA there. I immediately changed my password to something random and secure (use 1Password app for generation) and thought that was fine.
3 hours later, another email from Nintendo saying somebody from USA has now logged into my account using Firefox! WTF! If I have just changed my password to something completely random and secure, how can anybody still be logging in?
Anyway, at that point I downloaded Authy and also enabled 2FA for my Nintendo account, then also regenerated a secure password using 1Password... let's hope that does the trick.
3 hours later, another email from Nintendo saying somebody from USA has now logged into my account using Firefox! WTF! If I have just changed my password to something completely random and secure, how can anybody still be logging in?
Anyway, at that point I downloaded Authy and also enabled 2FA for my Nintendo account, then also regenerated a secure password using 1Password... let's hope that does the trick.
Last edited:
It would be bad if it was compromised, but that's why we use two-factor authentication.
Even if someone was able to decrypt and clone your authy backup they'd still need your password. Just having one of those things is not enough.
I like 1Password - especially its family account - but will caution people that if you're using a cloud-based password manager like that, and are storing both the password and OTP in it, you're reducing that protection to a single factor for some attacks; i.e. access to your vault now gives them access to that account.
But the risk of that is very low considering the protection implemented on your 1Password vault - which is also protected by 2FA itself. It's just technically less safe, if both are being stored in one location.
Possible you have a second Nintendo account that is getting attacked?
No, this was definitely the same account. I only have ever had the one account.
Unless it's text based. Authenticators are fine, but never ever use text based 2FA. It's way too easy for scamming little dirtbags ho have ties with a service provider to port or sell your phone number. Once it's gone, best of luck with recovering these accounts and you'd be shocked by how many make it easy to grant access by verifying your identity solely via phone call or text. Adding text based 2FA actually makes your account less secure in many cases and a randomized password only is much more secure.
Context: I've had this happen to me. Google "sim swap."
This further confirms my theory. There was/is a Nintendo breach and it's really shitty they're pretending there wasn't.
yeah front page news on my switch was saying to enable 2FA. so yeah it seems weird.
Does authy work with icloud backup? Not authy's own backup, but specifically iCloud backup.
In other words, if you lose your phone and restore from iCloud backup, does authy with all codes intact also restore?
In other words, if you lose your phone and restore from iCloud backup, does authy with all codes intact also restore?
2FA is annoying as someone who doesn't always use their phone or have it charged, makes it impossible to access my account sometimes. It also makes it hard for other people to use my devices since I never save auto log on. I don't really care too much if most of my accounts get compromised since I don't save my credit card info anywhere (always manually enter it in case of a breach), and worst case I can always deal with it with the CC company.
I've been using 1Password since 2016.
It helps you with things like:
I have over 400 accounts stored in it, all strong, unique passwords. I don't care what clever scheme you have for remembering passwords, nobody can remember 400 unique 64 random character hashes :)
Never had an account compromised.
It helps you with things like:
- Compromised Websites (it notifies you if you have accounts for websites that have been hacked)
- Vulnerable Passwords (passwords that appear in a database of exposed passwords haveibeenpwned.com)
- Reused Password
- Weak Passwords (are any of your passwords too simple/easy to guess)
- Unsecured Websites (websites that are only using HTTP, not HTTPS)
- Two-Factor Authentication (not only will it store them, it will notify you if you are using a service that supports 2FA but you haven't set it up)
I have over 400 accounts stored in it, all strong, unique passwords. I don't care what clever scheme you have for remembering passwords, nobody can remember 400 unique 64 random character hashes :)
Never had an account compromised.
In my experience there aren't too many left that only support SMS. Out of 58 logins, Sony is the only one of mine that just uses SMS. I don't know why they're so behind. Most other things are starting to support hardware tokens, even Nintendo supports them.
You guys don't own digital games etc? Are you really that carefree about potentially losing your account(s)?
That's not true. You only have to login to the new device / restored device and it will download your 2FA settings.
I mean, I care about my digital games a little, though I'm more physical. Losing my digital games would be like losing my wallet with a good amount of cash in it or something. Worst case scenario I can contact customer support and regain access to my account (I've done this when my Steam account was compromised).
It would absolutely suck, but so far it hasnt happened once. And my Steam library consists of like 25 games or so. Outside my Switch I barely go digital.
Pretty much the same for me. Sony is the only one left and it sucks because they are the people who historically have given me the most trouble with my account getting compromised.
2FA is a fucking must. Trust me.
I've been hacked a few years ago, PSN. The annoying thing was that I couldn't remote download, for the rest I could do everything and I never stored payment stuff ever since the PS3. I couldn't set my PS4 to primary anymore. I called Sony and they kind of said my account was compromised, but ofcourse didn't want to give details. Only solution in that case is sitting out for half a year, and deactivate all your systems. I immediately activated 2FA and changed all my passwords. Never been compromised ever since.
I would also advise against leaving CC details or a linked PP account on your system.
I've been hacked a few years ago, PSN. The annoying thing was that I couldn't remote download, for the rest I could do everything and I never stored payment stuff ever since the PS3. I couldn't set my PS4 to primary anymore. I called Sony and they kind of said my account was compromised, but ofcourse didn't want to give details. Only solution in that case is sitting out for half a year, and deactivate all your systems. I immediately activated 2FA and changed all my passwords. Never been compromised ever since.
I would also advise against leaving CC details or a linked PP account on your system.
Hopefully you actually get Nintendo's email when you try to set it up. I never do...
Didn't work for any of mine. I got my three accounts pop up but it just told me to re-scan the QR codes to re-register them.
After going through the process yesterday, I can confirm Authy - unlike Google Authenticator - has a desktop app for Windows, Mac and Linux. That's why I switched from Google's solution to Authy.
I'm going through a 2FA nightmare with my Twitch account right now
Despite having Twitch sending me login codes via Authy for 2 YEARS it has suddenly entirely stopped giving me codes, leaving me totally locked out
Contacted both Twitch and Authy with both pointing the fingers at each other instead of giving me any damn help at all
Making me frustrated enough to wish I never turned the thing on
Despite having Twitch sending me login codes via Authy for 2 YEARS it has suddenly entirely stopped giving me codes, leaving me totally locked out
Contacted both Twitch and Authy with both pointing the fingers at each other instead of giving me any damn help at all
Making me frustrated enough to wish I never turned the thing on
Same omg! Hundreds of dollars across like 4 platforms i almost lost.