-
Ever wanted an RSS feed of all your favorite gaming news sites? Go check out our new Gaming Headlines feed! Read more about it here.
-
We have made minor adjustments to how the search bar works on ResetEra. You can read about the changes here.
Hey you, reminder to turn on 2FA right now
- Thread starter DFG
- Start date
Pretty much the same here. If somewhere has their own 2FA I'll use it but I'm trying to get away from Google because it's definitely a pain. I don't use a password manager though I just have a freakish memory. I have to change my passwords at work every 90 days so every 2 or 3 cycles where I change just a few characters (different number, randomized capitalization, etc.) I'll come up with a completely random password for my personal accounts that I think I can memorize based on how the rhythm of typing it out feels. Special characters, numbers, capital letters, 8-14 characters typically, the whole deal. Then I turn my old personal password into my new work password with the same kinds of changes but nothing drastic. I even have alternate versions of my personal passwords for different sites....doesn't usually end up in a mess but I am cutting back on that kind of stuff since it can be hard to manage sometimes.
Laying it all out like that....what the hell is wrong with me? lol. Haven't had a breach in around 5 years though, and that was only because Gamestop was compromised.
My biggest problem with 2FA is that the whole "give us the number you just got sent to your phone number" thing only works when it wants to and nothing is more fun than getting locked out of your shit because the message isn't getting through to my phone. It has happened way too many times to me.
And God forbid you dare to change phone numbers and forget to let one of your many 2FA accounts know before you lose the previous number because you're fucked then.
And God forbid you dare to change phone numbers and forget to let one of your many 2FA accounts know before you lose the previous number because you're fucked then.
I also use BitWarden because it not only stores passwords but also can function as one of those one time passcode generators. It is not perfect but access management is still one of those industries that was shaped by enterprise needs instead of consumer needs.
yea the problem will arise when you "forget" and trade in your new phone/tablet. i upgraded iPhone and iPad around same time and it was a disaster lol. given that microsoft just saves it in iCloud, I just prefer that at this point
100%, started the process a little over 2 years ago and now I have 2FA on EVERYTHING! EVERYYYYTHING!
+1 For Authy
+1 For Authy
Hey if it works then it works! I spent a long time using really easy passwords and tbh the only reason they even got breached was because Hotmail in general had a huge leak. Still, I considered myself lucky that all they seemingly bothered to try was the Hotmail and my old Warthunder account, so figured it was time to start using proper passwords and a manager. I'm sure at some point I'll add some sort of authenticator to the list, but in the meantime they'd need to break into multiple accounts with 20+ character passwords where possible that are a jumbled mess, just to have a hope of getting into anything worth accessing. Not to mention financial are locked behind additional security layers on top of that anyway.
I will no doubt add one in one day. Just I'm also not immediately worried. I'm pretty confident in the current setup I have which is also using 2FA anyway, just not on the really inconsequential stuff.
I used to not care about 2FA up until the day I got a "Someone in Russia logged into your account (that is tied to every important gaming, school work, and entertainment service you use) " notification from Google.
Since then, everything is LOCKED DOWN.
Since then, everything is LOCKED DOWN.
BitWarden is amazing. Aside from one single master password, I basically don't even know any of my passwords these days... I don't need to! Bitwarden remembers them for me.
that only applies to SMS 2fa, which sucks. App-based 2fa isn't tied to your phone number and doesn't require an internet connection or phone service. The codes are always available and only require your device to have the correct time.
Hmm interesting. I don't know shit about app based 2fa. Is there a centralized app everyone used or does everyone require a different app?
Also doesn't b.net use a different number of digits compared to the standard?
Big three are Google, Microsoft and Authy. Google's is a nightmare. I prefer MS Authenticator, but Authy is top notch also.
Google is a nightmare? How come? I'd prefer using my gmail account if possible!
b.net app by default just asks to permit a login with a Yes/No prompt, think you can fall back on digits. This has been the way Google has been moving to with mobile notifications.
So...TIL Google Authenticator on phones doesn't have backup codes, only QR images?
I cleared my browsers cookies for the first time in a while and wanted to log back into humblebundle.com for today's new humble choice bundle. They switched from Authy to Google Authenticator this year. I log back in and it asks for a token from google authenticator and I open that app up on my...
www.resetera.com
Tbh all authenticators are more or less the same, they are just number generators. You should never pay for that service.
google authenticator doesn't have any kind of cloud backup so if something happens to your phone and you didn't back up your 2fa codes yourself, you're fucked
however the google authenticator app doesn't really have anything to do with gmail or your google account. it's just a very basic authenticator app that's made by google. there's really no reason you would want to use it over any other authenticator app. they're all implementations of the same system.
So...TIL Google Authenticator on phones doesn't have backup codes, only QR images?
I cleared my browsers cookies for the first time in a while and wanted to log back into humblebundle.com for today's new humble choice bundle. They switched from Authy to Google Authenticator this year. I log back in and it asks for a token from google authenticator and I open that app up on my...
Thanks! Microsoft Authenticator it is then!
Depending on your service provider and what kind of service plan you have (or especially don't have, if you're on prepay), it's possible to spoof your SIM or otherwise obtain your number and get the auth message. It's less likely to occur if you are on a proper service plan and have a digital SIM (because at that point someone has to perform a considerable degree of social engineering), but then the security falls on your service provider and you'll have to ask yourself if you trust that to be fool proof and it's still obviously vulnerable to identify theft.
OP
OP
You'll thank yourself for doing it once someone tries and fail at hacking your accounts :D
I use OTP Auth on iOS but effectively does the same thing as Microsoft Authenticator, Google Authenticator and Authy. I actually turned off receiving codes via SMS so it *only* uses the application to generate codes. I also wish that Battle.net would open up to 3rd party applications but c'est la vie.
In fact, I think the only services that still force you to use text are my bank and credit cards at this point but at least they have some sort of secondary authentication.
In fact, I think the only services that still force you to use text are my bank and credit cards at this point but at least they have some sort of secondary authentication.
My wakeup call was when my poorly protected Apple ID got hacked and they started spending money. It took me several long phone calls to get back control and my money.
The standard has a variable number of digits, authy actually prefers 7
Doesn't seem to warrant a new thread, but it's 2FA related.
Is there any new steps when changing phones? Planning to go from a Galaxy A8 to a S21. I have 2FA on most things (Steam, PlayStation, Epic, Ubi, ect. Everything is some app or SMS. The only one I'm 100% sure I'll have to deactive first before swapping phones is Steam.)
Is there any new steps when changing phones? Planning to go from a Galaxy A8 to a S21. I have 2FA on most things (Steam, PlayStation, Epic, Ubi, ect. Everything is some app or SMS. The only one I'm 100% sure I'll have to deactive first before swapping phones is Steam.)
Authy trades 1 risk (losing your authenticator device) for other risks (sim spoofing, and needing to actually trust another company in authy)
Basically just keep that in mind. You will be a little safer with a traditional authenticator than authy, but you will be much safer with authy than nothing. I also particularly recommend getting a yubikey and a backup and using it with everything you can.
Basically just keep that in mind. You will be a little safer with a traditional authenticator than authy, but you will be much safer with authy than nothing. I also particularly recommend getting a yubikey and a backup and using it with everything you can.
Last edited:
Guys so I stumbled upon this thread one or two days ago, and I have a trip outside the site, and now I am freaked out because I have always used Google authenticator and now I am kind of scared after reading some posts lol.
Anyways I downloaded Authy and for some reason it automatically had twitch assigned to it.. I tried the authy token and it worked on my twitch account BUT I also tried the code the google authenticator gave me and it also worked...
So Idk, my question is can sites have two different authenticators assigned? (Like google authenticator AND authy?) should I remove google authenticator OR add authy?
I was thinking of adding authy and writing the codes? (Authy gives codes, right? in case you lose your phone?)
Thanks for the help.
Anyways I downloaded Authy and for some reason it automatically had twitch assigned to it.. I tried the authy token and it worked on my twitch account BUT I also tried the code the google authenticator gave me and it also worked...
So Idk, my question is can sites have two different authenticators assigned? (Like google authenticator AND authy?) should I remove google authenticator OR add authy?
I was thinking of adding authy and writing the codes? (Authy gives codes, right? in case you lose your phone?)
Thanks for the help.
Yeah I am not sure why Twitch was automatically installed and why I cannot delete it.
Rijapega I found the answer. Supposedly if you enable 2FA on Twitch, it automatically creates an Authy account for you. Per reddit:
www.reddit.com
Reddit - Dive into anything
www.reddit.com