• Light/Dark
  • Ever wanted an RSS feed of all your favorite gaming news sites? Go check out our new Gaming Headlines feed! Read more about it here.
  • We have made minor adjustments to how the search bar works on ResetEra. You can read about the changes here.

Turn on two-factor authentication now.

Metanoia Prime

Metanoia Prime

Member
Oct 26, 2017
4,163
California
Someone just tried getting into my Microsoft account. Thankfully, I have 2FA on, and was able to stop all attempts.

Just a friendly reminder for you to do the same on all your eligible accounts.

Edit: I'm not saying this is bulletproof. I'm saying it helps. A lot.
 
Last edited:
Jacknapes

Jacknapes

Member
Oct 26, 2017
3,199
Newport, South Wales
Got it on many accounts including here, can't be too careful these days. Did have someone try to get into an account of mine once, but because i had 2FA i refused access and changed the passwords
 
Terror-Billy

Terror-Billy

Chicken Chaser
Banned
Oct 25, 2017
2,460
Yup, always do it. Someone has been messing around with my Gmail accounts and it's been a pain, but I've been saved by 2FA.
 
CreepingFear

CreepingFear

Banned
Oct 27, 2017
16,766
Officer Big Mac said:
Dont tell me what to do. You're not my dad.
Click to expand...
Click to shrink...
giphy.gif
 
Horns

Horns

Member
Dec 7, 2018
2,594
Wish every place that had 2FA also offered multiple phone numbers to authenticate with. There are some places I cannot use 2FA because I share the account with my wife.
 

MAK11

Banned
Oct 29, 2017
473
Metanoia Prime said:
Someone just tried getting into my Microsoft account. Thankfully, I have 2FA on, and was able to stop all attempts.

Just a friendly reminder for you to do the same on all your eligible accounts.
Click to expand...
Click to shrink...
Something ain't right with hotmail/outlook this past few days. May main account which is 20+ years old and used daily has been getting those attempts at least 1 once day since the past week-end. Never had any such thing ever.
 
Ravelle

Ravelle

Member
Oct 31, 2017
17,898
Yep. Have it on steam, Gmail and PlayStation.

My steam account got hacked once and learned my lesson.
 
Dest

Dest

Has seen more 10s than EA ever will
Coward
Jun 4, 2018
14,150
Work
ANYTHING YOU CAN ENABLE 2FA ON YOU SHOULD ENABLE 2FA ON
I DON'T CARE WHAT SITE IT IS
DO IT
DO IT FOR EVERY ACCOUNT YOU POSSIBLY CAN
 
Tunesmith

Tunesmith

Fraud & Player Security
Verified
Oct 25, 2017
1,946
Note: If a hacker gets into your computer and steals your browser's authentication tokens (standard practice these days), two-factor-authentication will not protect you. They have the secret keys your browser keeps that get you directly into the account.

So keep your computer clean and safe too.
 
Odrion

Odrion

Banned
Oct 27, 2017
1,148
another thing from experience: apparently paypal's two step verification is fake, you can choose "verify a different way" (or whatever) and then all you have to do is answer two security questions. which shouldn't be that hard if you've stolen the person's identity, tbh. maybe there's a way to change it, and if so people should def check to see what theirs is set at
 
zma1013

zma1013

Member
Oct 27, 2017
7,693
3FA is best.

3FA is when you lose access to your 2FA and not even you can get into your account. Maximum security.
 
thewienke

thewienke

Member
Oct 25, 2017
16,098
Which big company got hacked recently?

I've had like three attempts to get into my shit in the past week.
 
xxracerxx

xxracerxx

Avenger
Oct 25, 2017
31,222
Tunesmith said:
Note: If a hacker gets into your computer and steals your browser's authentication tokens (standard practice these days), two-factor-authentication will not protect you. They have the secret keys your browser keeps that get you directly into the account.

So keep your computer clean and safe too.
Click to expand...
Click to shrink...
And this is why you never tick the "remember this computer" toggle.
 
boontobias

boontobias

Avenger
Apr 14, 2018
9,598
2FA doesnt work WHEN YOUR PHONE COMPANY LETS SOMEONE SWAP YOUR NUMBER TO THEIR DEVICE

METRO POS
 

Deleted member 11985

User requested account closure
Banned
Oct 27, 2017
4,168
I wish we could trust devices forever on this site with 2FA. Having to reenter a 2FA code every 30 days doesn't sound too bad at face value, but when you factor in the fact that I'm logged in to like 4 different devices, then it gets to be pretty annoying.
 
Pendas

Pendas

Member
Oct 28, 2017
4,730
I never used 2FA because I never had account issues.

Then I made a Twitch and PSN account.... and suddenly it became an issue. I guess those services are targeted / have bad security.
 
lt519

lt519

Member
Oct 25, 2017
8,064
I haven't played Diablo 3 in years and basically once a week someone tries to log into my Blizzard account. If I weren't lazy I'd actually turn off the 2FA and let them have it.
 
BonneMort

BonneMort

Avenger
Oct 28, 2017
163
Just don't do it if it's your Nintendo Account and you are not from North America or Japan.

I kid you not, I factory resetted my cellphone with my authenticator tokens and lost my access to my Nintendo account because of it. Support for Latin America was garbage and they literally told me there was nothing I could do to recover it, even though I provided all information required. I was locked out of my account forever cause they don't have a way to verify your access with a phone message or alternate email.

The experience soured me so much that I sold my Nintendo Switch and I'm never getting one of their products again.
 
StrangerDanger

StrangerDanger

Member
Jul 18, 2018
5,897
BonneMort said:
Just don't do it if it's your Nintendo Account and you are not from North America or Japan.

I kid you not, I factory resetted my cellphone with my authenticator tokens and lost my access to my Nintendo account because of it. Support for Latin America was garbage and they literally told me there was nothing I could do to recover it, even though I provided all information required. I was locked out of my account forever cause they don't have a way to verify your access with a phone message or alternate email.

The experience soured me so much that I sold my Nintendo Switch and I'm never getting one of their products again.
Click to expand...
Click to shrink...
This shit sucks. Especially when you use the Google Authenticator and you factory reset your phone or are unable to backup phone to new phone via android. I've had this happen to me for other gaming accounts and it was a pain in the ass to get the accounts back with new codes. I only stick to 2FA that doesn't rely on that
 
Chikor

Chikor

Banned
Oct 26, 2017
14,239
If you enable 2FA, make pretty damn sure it's not done by SMS alone. This makes you vulnerable to sim swap attacks.

More info in this thread and link-




Getting fucked by sim swap attack is awful, and generally way harder to fix than no 2FA hack/identity theft.
 
Jimmypython

Jimmypython

Member
Oct 27, 2017
1,533
I got the Microsoft notification that someone was attempting to change security info on my account....i then turned on the 2FA..
 

VG Aficionado

Member
Nov 6, 2017
1,385
Has magic powers said:
2FA doesnt work WHEN YOUR PHONE COMPANY LETS SOMEONE SWAP YOUR NUMBER TO THEIR DEVICE

METRO POS
Click to expand...
Click to shrink...
Yup. I didn't understand how 2FA failed in some cases until I found out that someone phoning the company could request to turn it off and even change main account details. Several times over. Without raising flags or prompting background checks. I thought some sort of SIM swap / sophisticated SMS spoofing system could be in place, but no...

Still better than nothing, but not evolved enough yet.
 
Vilix

Vilix

Banned
Oct 25, 2017
6,055
Texas
Tunesmith said:
Note: If a hacker gets into your computer and steals your browser's authentication tokens (standard practice these days), two-factor-authentication will not protect you. They have the secret keys your browser keeps that get you directly into the account.

So keep your computer clean and safe too.
Click to expand...
Click to shrink...
Great advice. Thanks for this.
 
smurfx

smurfx

Member
Oct 25, 2017
10,629
the other day i got a message on my phone from google telling me that somebody tried to access my gmail account and i said it wasn't me. changed my password right away but i still wonder how the hell they even knew it to begin with.
 

VG Aficionado

Member
Nov 6, 2017
1,385
Tunesmith said:
Note: If a hacker gets into your computer and steals your browser's authentication tokens (standard practice these days), two-factor-authentication will not protect you. They have the secret keys your browser keeps that get you directly into the account.

So keep your computer clean and safe too.
Click to expand...
Click to shrink...

Even if your hard drive is cloned to another device (same model and all), wouldn't some fingerprinting data/metadata prevent this from happening? I can see this working in many cases though.
 
Tunesmith

Tunesmith

Fraud & Player Security
Verified
Oct 25, 2017
1,946
xxracerxx said:
And this is why you never tick the "remember this computer" toggle.
Click to expand...
Click to shrink...
Doesn't necessarily protect you either.

Depends on the auth flow used, most scenarios involving a browser there are two tokens, a refresh token and an access token. The refresh token is used once to generate the short-lived access tokens; the latter is sent in every request.

The refresh token regardless of "remembering" last until you manually log out or a set expiration (a time set by the site/service). Gmail to take one example their tokens last for weeks.

With that token in hand, a bad guy can generate access tokens whenever they choose as long as it's valid
 
jelly

jelly

Banned
Oct 26, 2017
33,841
I've had it on before here and there but it got annoying to pull out my phone with an authenticator app to log in when I was using the laptop. I definetly see merit in it but generally if anything major is changed the services ask to confirm via another method anyway that is less annoying. Yeah, I get everyone has the phone by their side but I know the password in my head. Banking aside, I don't use it.

/awaits thread, I've lost my account :D
 
The Albatross

The Albatross

Member
Oct 25, 2017
39,227
Wait era has 2fa? No shit.

Does this product exist:

- An app like Authy or Google Authenticator that gives me similar 2FA functionality BUT...
- Also lets me launch the app in an already-authenticated web browser, etc?

So I use 2FA for everything, but I'd say 95% of my 2FA is SMS or email based and I want to switch over full time to an authy-like solution. BUT... I keep my phone in my desk like 90% of the day at work, and I keep it in my room at home often, not carrying it around with me. So is there a 2FA app like Authy/GA that lets me also verify/authenticate via some service that can additionally launch in my browser or computer app of an aready-authenticated device? I can do this with SMS & Email already which is why I usually default to that out of convenience. The phone thing for me is important, I made a conscious decision a few years ago to cut back on phone addiction and like having my phone not on my person at all times.

*edit*

Ooh... Authy might also work as a Chrome extension? That'd probably solve my use case.

Yaboosh said:
You couldn't possibly know that.
Click to expand...
Click to shrink...

this made me lol
 
Last edited:
OP
OP
Metanoia Prime

Metanoia Prime

Member
Oct 26, 2017
4,163
California
jelly said:
I've had it on before here and there but it got annoying to pull out my phone with an authenticator app to log in when I was using the laptop. I definetly see merit in it but generally if anything major is changed the services ask to confirm via another method anyway that is less annoying. Yeah, I get everyone has the phone by their side but I know the password in my head. Banking aside, I don't use it.

/awaits thread, I've lost my account :D
Click to expand...
Click to shrink...
I don't think there is much financial damage someone can do with your Era account, though.
 
You must log in or register to reply here.