-
Ever wanted an RSS feed of all your favorite gaming news sites? Go check out our new Gaming Headlines feed! Read more about it here.
-
We have made minor adjustments to how the search bar works on ResetEra. You can read about the changes here.
Turn on two-factor authentication now.
- Thread starter Metanoia Prime
- Start date
That is exactly what happened to me, unfortunately.
Thing is, I've had other problems way back in the past with Sony and it was very easy to recover access. And I'm not even a Sony fan nowadays, but I gotta hand it to them. Their customer service was pretty good when I needed, unlike the non-existent garbage Nintendo offers for who they probably consider "3rd world" customers.
Maintaining integrity of the device id in such a migration is possible if you know what you're doing, and most of the perpetrators dealing with this business at scale knows what they're doing.
Mobile sessions are even more open to abuse than PC as the tend to not be geo-location or IP-locked (because that would be a huge hassle for users traveling around) so there's even less layers prohibiting abuse on those platforms.
I've got 2FA activated on everything possible.
Once or twice I've gotten that iCloud popup showing someone trying to log-in from Romania or something, and thought "What the fuck are you trying to do?"
Once or twice I've gotten that iCloud popup showing someone trying to log-in from Romania or something, and thought "What the fuck are you trying to do?"
On this note, does anyone print the back up codes that 2FA enabled sites offer?
I printed them all and stuck them in the safe. I still haven't made up my mind whether its a good idea or not... but I figured the chances that that something happens to my phone or the 2fA apps (its already happened twice) is much higher than the chance that someone finds out my password and then breaks into my home, finds my safe and cracks it open to also steal the back up codes.
Doing 2FA within KeePass is less than ideal since it's a single point of failure if a) a hacker gets your KeePass DB password or b) you forget your KeePass password and lose everything.
Something to keep in mind is that while 2FA protects you from the hacking attacks, it can make things way worse for you in case someone mugs you and forces you to unlock your phone. They can then change the password and make your problems far worse, because then they are the owner of the device authorized for your account. So keep that in mind I guess, because there's not much that can be done about it. On iphone it's possible to pin-protect account changes using the Screen Time feature, which is a good idea to do in case you end up in this kind of situation. But only really helps if the mugger is in a rush, and doesn't know about this feature.
Considering my experience, I'd say do it. As you said, way harder for someone to do all of that stuff to crack your safe.
OP
OP
I have 2FA with Authy on all sites, Still sucks though. Xbox, Nintendo have true 2FA but my banking shit still rely on SMS 2FA.
andOTP is the best 2FA app for Android, imo. Open-source and leaves the secrets backup to the user instead of an unaccountable cloud service.
I'm sure other good password managers have their own OTP integrations too.
My password manager (KeePass) has many plugins, one of them lets you store OTP (one-time passwords, meaning 2FA) information in KeePass databases. When I run into a 2FA challenge in my browser I just toggle over to KeePass (presuming I'm logged into the right database) and grab the OTP answer from there. Pretty painless.
I'm sure other good password managers have their own OTP integrations too.
Have I Been Pwned: Check if your email has been compromised in a data breach
Have I Been Pwned allows you to search across multiple data breaches to see if your email address or phone number has been compromised.
Microsoft also has the "Safe" inside the One Drive. It only opens with fingerprint scan. (Im not sure how it opens on desktop) So, that is three layers of security at least.
nothing there that applies to me.Have I Been Pwned: Check if your email has been compromised in a data breach
Have I Been Pwned allows you to search across multiple data breaches to see if your email address or phone number has been compromised.haveibeenpwned.com
I've enabled TOTP-based 2FA on all my accounts from which I know that support it.
Before I started caring about security like this, my poorly secured (no 2fa, reused password) Apple ID got hacked once. They managed to spend about 50 euro. It took a few quite long phone calls with Apple to get things fixed.
Before I started caring about security like this, my poorly secured (no 2fa, reused password) Apple ID got hacked once. They managed to spend about 50 euro. It took a few quite long phone calls with Apple to get things fixed.
If you have 2FA enabled, make sure to guard your phone with your life. If you drop it down a sewer drain and you can't find your access codes, say bye-bye to your accounts.
If you use Authy, you can put the same 2FA authentiation tokens on multiple devices. so no single point of loss.
I only do it for websites I give a shit about.
Someone hacked my twitch account. I can't even be bothered to change the password. They can have it lol.
Someone hacked my twitch account. I can't even be bothered to change the password. They can have it lol.
I got a few requests a couple of days ago on my phone for access to my Blizzard account. Someone in China was trying to log in, but they obviously couldn't without my approval. Changed the password anyway. 2FA is awesome.
In light of recent events, wanted to bump this thread and ask about app-based 2FA.
I have been using a password manager for quite a while now, but have yet to start using app-based 2FA. The concept's always left me slightly worried/confused about various "what if"/"how screwed am I?" scenarios.
I know that if (for whatever reason) I can't get into my password manager (even if temporarily), I can resort to a password reset for most of my accounts. I don't know how that works if I add app-based 2FA into the mix.
I have been using a password manager for quite a while now, but have yet to start using app-based 2FA. The concept's always left me slightly worried/confused about various "what if"/"how screwed am I?" scenarios.
I know that if (for whatever reason) I can't get into my password manager (even if temporarily), I can resort to a password reset for most of my accounts. I don't know how that works if I add app-based 2FA into the mix.
- What if the 2FA company shuts down/kills the app?
- What if the 2FA app gets broken by an OS update?
- What if my phone dies and I need to factory reset or replace it?
- Are there various 2FA apps that are/aren't supported by different sites, so you'd end up needing multiple services, or are they one-size-fits-all?
- If I left my phone at home, and didn't have any other devices with the 2FA app on hand, and I SOL until I get back to my phone?
1. Not likely but the trust would be broken
2. Most of these will have a recovery method for obtaining a temporary PIN to use for authentication or a backdoor - sending transactions via text message or email for example.
3. You' deactivate and reactivate with a token from your new device. Pretty simple and common.
4. In some cases -- we have DUO and Google Authenticator that we use for most apps at work. We also have Entrust floating around with manual tokens.
5. See 2. You can usually verify identity and can get a temporary one time use PIN for use.
PSA: Download backup codes for important accounts! Do it right now, write them down or print them off and put them somewhere safe. It will let you access your account even if you lose access to your 2FA method. I know Google and Microsoft accounts support backup codes.
So on the new device, you'd download the app, log in, and "deactivate" (all my old tokens are dead) and "reactivate" (get a new token for each site as I log into them)? So I didn't really lose anything in the end, as long as I can log into the same 2FA app on the new device?
dont put 2FA thats fucking dumb. Send me your credit card info, name, and social security # and I will keep it safe. I dont require payment just dont check your bank account.
This happens to my Microsoft account every year or so. Someone from Vietnam or the Philippines.
