-
Ever wanted an RSS feed of all your favorite gaming news sites? Go check out our new Gaming Headlines feed! Read more about it here.
-
We have made minor adjustments to how the search bar works on ResetEra. You can read about the changes here.
Just a reminder to turn on 2FA on your accounts
- Thread starter DFG
- Start date
I love 2FA. Just turned it on 2 minutes ago on my Cisco Academy account.
Netflix really needs it.
Netflix really needs it.
Someone in Russia has been steady trying to log into my old Steam account that has one game on it for years now. Thanks to 2FA, they'll never get to experience the first Max Payne.
I use Authy and highly recommend it
authy.com
Authy | Two-factor Authentication (2FA) App & Guides
Two-factor authentication (2FA) adds an additional layer of protection beyond passwords. Download our free app today and follow our easy to use guides to protect your accounts and personal information.
authy.com
What happens if my phone breaks as I'm using Google's authenticator for like 8 services? Always kinda bugged me, but never tried to find out. SMS always comes to the number and the number doesn't get affected by say a broken phone. But I hear SMS is not that secure. And they've added a warning on the SMSs that some charges may apply.
There are other authenticator programs like Authy which lets you back up your 2FA codes to the cloud.
I learnt that lesson the hard way long ago. When my BT e-mail was logged into because I used the same/similar password for most things. Didn't take long for my original ChemicalWorld gamertag to disappear into the void of being hacked. Thankfully I was able to recover my PlayStation account/Star Citizen account (with all the pledged content intact...) and anything else that had been messed around with.
When that happened I switched to multiple e-mail addresses, Last Pass and 2FA where possible to prevent fucking up to that extent ever again.
When that happened I switched to multiple e-mail addresses, Last Pass and 2FA where possible to prevent fucking up to that extent ever again.
OP
OP
No problem. Yeah it took them a really long time to implement it.
I still wish Sony would add app authentication instead of just SMS.
How do you know when and if someone is trying to hack your Xbox account? Is there anything weird in your Sign-In Activity page?
From my experience, I would receive e-mail alerts, which then pop up on my mobile push notifications bar.
2FA is pretty much a must these days. I also strongly recommend against reusing any passwords. You think it's fine but eventually you will likely get pwned from a site somewhere and hackers will have gained a password that's shared with a ton of your accounts.
I didn't think hackers would want my accounts but nope, they tried getting into my Microsoft, MEGA, Sony, Bank (successful), and others. I save my passwords in a special place. You could consider getting a physical key like a flash drive with a notepad of your passwords, as well as on your phone on a default notepad app (preferably password-protected)
Yeah, you'll find it in your sign in activity page. If 2FA is activated, you'll also get an alert when someone signs in using the correct password, so if that happens you know to change it.
OP
OP
Pretty much what Alan said. I got a text about using a code to sign in. Obviously I didn't even sign in through the website.
If you get a 2FA code that wasn't issued by yourselves, update your passwords.
Failed logins with no 2FA codes issued = the perpetrator don't know your password and are just credential stuffing emails on various services to try and get lucky.
Failed logins with 2FA codes issued = they know your username and password combination and you are likely to be targeted for additional attacks specific to circumventing 2FA layers of protection. Maybe not today, or this week, but your account goes into a list, that info may be resold to other perpetrators that will eventually target you again through more elaborate vectors you may not successfully stop.
Failed logins with no 2FA codes issued = the perpetrator don't know your password and are just credential stuffing emails on various services to try and get lucky.
Failed logins with 2FA codes issued = they know your username and password combination and you are likely to be targeted for additional attacks specific to circumventing 2FA layers of protection. Maybe not today, or this week, but your account goes into a list, that info may be resold to other perpetrators that will eventually target you again through more elaborate vectors you may not successfully stop.
Deleted member 44122
Guest
Yup, honestly astounded that they don't have it as an option in this day and age.
It's funny in such threads almost no one talks that first and foremost you should follow good password security practices.
You backup your 2FA data to a service which requires 2FA to access? How is that gonna work in case of emergency?
That happens when you use the same email multiple times. That's why I have a separate email for Xbox, PS and Switch accounts. I don't use those emails for anything else.
I had two emails from Nintendo yesterday. Both the same. Someone had attempted to add my Nintendo account to their Nintendo Switch.
"It looks like this e-mail address is already registered to a Nintendo Account."
Hmmm...
"It looks like this e-mail address is already registered to a Nintendo Account."
Hmmm...
Yeah that's the downside to 2FA but I think any implementation of 2FA also has backup codes incase you get locked out. And yes SMS 2FA can be defeated by a hacker spoofing your SIM card essentially.
2FA for the win! On the Sony site it still only shows SMS as the only option for me 😭
Since some months 1password also has a function for storing 2FA codes and inserting them automatically. Idk if LastPass had it too, but I stopped using Authy since then because I have it in one app instead of 2. Very convenient :)
Since some months 1password also has a function for storing 2FA codes and inserting them automatically. Idk if LastPass had it too, but I stopped using Authy since then because I have it in one app instead of 2. Very convenient :)
Never use Google Authenticator. If you break or lose your phone and don't have backup codes, your account is gone forever.
With Sony? If you've got SMS 2Factor turned on you have to disable it. Re-enable it and you should be able to select either SMS or App just select the App and then follow instructions.
With Authy as long as you're using same phone number you can restore it on a new phone easily. I had my Ninitendo account 2FA'd with Google on an old phone, broke its screen this year and had to spend $70 to get it fixed just to disable the 2FA.
Someone cracked my passwords on a couple of sites last week so I updated them now with 2FA. I think I've had about 4 breaches in total and they've all been big american services. It was Netflix, Amazon, Microsoft and Blizzard. The last one hurt the most because they took all my gear in Diablo 3. :(
Yep Authy or Microsoft Authenticator have some clouds saves. So you can switch phone or even use it on 2 devices simultaneously (at least id does with MS app). Have it on my iPhone and iPad.
Call me dumb, I never found how to change to 2FA on PSN. I still get a SMS...
Edit: I needed to deactivate and reactivate it, then I could chose between SMS or App.
Also, don't forget to download a Password Manager! BIWARDEN is free and open-source. Also avalaible for different platforms.
The password manager trusted by millions | Bitwarden
Bitwarden makes it easy for businesses and individuals to securely generate, store, and share passwords from any location, browser, or device. Create your free Bitwarden account today.
bitwarden.com
(I use mSecure, but you need to buy it. Installed Bitwarden on my GFs iPhone and Laptop, works great!)
Last edited:
Information on how to use 2FA
OP
OP
Make sure you create back up code. This link will help you explaining the process.
Sign in with backup codes - Computer - Google Account Help
If you can’t sign into your Google Account with your normal 2-Step Verification, you can use a backup code for the second step. Create backup codes to use in case you lose your phone, change your phon
support.google.com