Pretty much the same here. If somewhere has their own 2FA I'll use it but I'm trying to get away from Google because it's definitely a pain. I don't use a password manager though I just have a freakish memory. I have to change my passwords at work every 90 days so every 2 or 3 cycles where I change just a few characters (different number, randomized capitalization, etc.) I'll come up with a completely random password for my personal accounts that I think I can memorize based on how the rhythm of typing it out feels. Special characters, numbers, capital letters, 8-14 characters typically, the whole deal. Then I turn my old personal password into my new work password with the same kinds of changes but nothing drastic. I even have alternate versions of my personal passwords for different sites....doesn't usually end up in a mess but I am cutting back on that kind of stuff since it can be hard to manage sometimes.I don't mind using systems like Steam or PSN's 2 step but I absolutely cannot stand those authenticator type apps. They're a colossal pain and I'd be 50x more worried about getting locked out of my account than anyone else getting in. I use passwords managers, complex passwords and check the vital ones aren't in the wild once in a while. I've not had an account breached in years, since swapping to long and complex passwords.
yea the problem will arise when you "forget" and trade in your new phone/tablet. i upgraded iPhone and iPad around same time and it was a disaster lol. given that microsoft just saves it in iCloud, I just prefer that at this pointI've been using google authenticator for a while -- Since I'm fortunate enough to have both a phone and a tablet, I just export my stuff to the tablet as well, that way I have a redundancy. It's super easy/quick to copy over things between devices using the QR code
Pretty much the same here. If somewhere has their own 2FA I'll use it but I'm trying to get away from Google because it's definitely a pain. I don't use a password manager though I just have a freakish memory. I have to change my passwords at work every 90 days so every 2 or 3 cycles where I change just a few characters (different number, randomized capitalization, etc.) I'll come up with a completely random password for my personal accounts that I think I can memorize based on how the rhythm of typing it out feels. Special characters, numbers, capital letters, 8-14 characters typically, the whole deal. Then I turn my old personal password into my new work password with the same kinds of changes but nothing drastic. I even have alternate versions of my personal passwords for different sites....doesn't usually end up in a mess but I am cutting back on that kind of stuff since it can be hard to manage sometimes.
Laying it all out like that....what the hell is wrong with me? lol. Haven't had a breach in around 5 years though, and that was only because Gamestop was compromised.
I use Authy and then this year I added a password manager, I use BitWarden.
I also use BitWarden because it not only stores passwords but also can function as one of those one time passcode generators. It is not perfect but access management is still one of those industries that was shaped by enterprise needs instead of consumer needs.
that only applies to SMS 2fa, which sucks. App-based 2fa isn't tied to your phone number and doesn't require an internet connection or phone service. The codes are always available and only require your device to have the correct time.My biggest problem with 2FA is that the whole "give us the number you just got sent to your phone number" thing only works when it wants to and nothing is more fun than getting locked out of your shit because the message isn't getting through to my phone. It has happened way too many times to me.
And God forbid you dare to change phone numbers and forget to let one of your many 2FA accounts know before you lose the previous number because you're fucked then.
I have battle.net on authy, just use the mail for steamSteam and b.net use their own system so you can't use these universal apps, you still have to use their own. Kinda sucks.
Hmm interesting. I don't know shit about app based 2fa. Is there a centralized app everyone used or does everyone require a different app?that only applies to SMS 2fa, which sucks. App-based 2fa isn't tied to your phone number and doesn't require an internet connection or phone service. The codes are always available and only require your device to have the correct time.
Also doesn't b.net use a different number of digits compared to the standard?I think you have to use the app to buy/sell trading cards though. That's the reason I installed it in the first place. I'm not sure if you can have that active and use emails to authenticate.
Hmm interesting. I don't know shit about app based 2fa. Is there a centralized app everyone used or does everyone require a different app?
Is MS Authenticator account based like Authy?Big three are Google, Microsoft and Authy. Google's is a nightmare. I prefer MS Authenticator, but Authy is top notch also.
Google is a nightmare? How come? I'd prefer using my gmail account if possible!Big three are Google, Microsoft and Authy. Google's is a nightmare. I prefer MS Authenticator, but Authy is top notch also.
b.net app by default just asks to permit a login with a Yes/No prompt, think you can fall back on digits. This has been the way Google has been moving to with mobile notifications.Also doesn't b.net use a different number of digits compared to the standard?
But how can you use a 3rd party app instead?b.net app by default just asks to permit a login with a Yes/No prompt, think you can fall back on digits. This has been the way Google has been moving to with mobile notifications.
Google is a nightmare? How come? I'd prefer using my gmail account if possible!
Tbh all authenticators are more or less the same, they are just number generators. You should never pay for that service.I am planning to move away from Google auth. Does Authy have a monthly subscription or anything?
google authenticator doesn't have any kind of cloud backup so if something happens to your phone and you didn't back up your 2fa codes yourself, you're fuckedGoogle is a nightmare? How come? I'd prefer using my gmail account if possible!
So...TIL Google Authenticator on phones doesn't have backup codes, only QR images?
I cleared my browsers cookies for the first time in a while and wanted to log back into humblebundle.com for today's new humble choice bundle. They switched from Authy to Google Authenticator this year. I log back in and it asks for a token from google authenticator and I open that app up on my...www.resetera.com
Thanks! Microsoft Authenticator it is then!google authenticator doesn't have any kind of cloud backup so if something happens to your phone and you didn't back up your 2fa codes yourself, you're fucked
however the google authenticator app doesn't really have anything to do with gmail or your google account. it's just a very basic authenticator app that's made by google. there's really no reason you would want to use it over any other authenticator app. they're all implementations of the same system.
Depending on your service provider and what kind of service plan you have (or especially don't have, if you're on prepay), it's possible to spoof your SIM or otherwise obtain your number and get the auth message. It's less likely to occur if you are on a proper service plan and have a digital SIM (because at that point someone has to perform a considerable degree of social engineering), but then the security falls on your service provider and you'll have to ask yourself if you trust that to be fool proof and it's still obviously vulnerable to identify theft.
You'll thank yourself for doing it once someone tries and fail at hacking your accounts :DOkay okay you got me OP, I went ahead I set up 2FA (Authy) on all major sites and accounts.
I used to not care about 2FA up until the day I got a "Someone in Russia logged into your account (that is tied to every important gaming, school work, and entertainment service you use) " notification from Google.
Since then, everything is LOCKED DOWN.
The standard has a variable number of digits, authy actually prefers 7Also doesn't b.net use a different number of digits compared to the standard?
Yeah I am not sure why Twitch was automatically installed and why I cannot delete it.Guys so I stumbled upon this thread one or two days ago, and I have a trip outside the site, and now I am freaked out because I have always used Google authenticator and now I am kind of scared after reading some posts lol.
Anyways I downloaded Authy and for some reason it automatically had twitch assigned to it.. I tried the authy token and it worked on my twitch account BUT I also tried the code the google authenticator gave me and it also worked...
So Idk, my question is can sites have two different authenticators assigned? (Like google authenticator AND authy?) should I remove google authenticator OR add authy?
I was thinking of adding authy and writing the codes? (Authy gives codes, right? in case you lose your phone?)
Thanks for the help.