2-Step verification/authentication (2FA)

[PeteC]

Is anyone using this on computers or phones and if so, was there an incident that convinced you to use it?

I'm sure like me, you all get reminders from every device ops system and communications app urging you to set it up and use it.

I just don't want extra steps in everything I do online making things yet more complicated.

[buksida]

Yes, I use it on anything to do with finances and certain accounts that now require it.

Its a bitch if you lose your phone though so probably wise to back up the QR codes and store them on a USB stick offline somewhere for easy recovery.

Edit: it is all managed on the Google Authenticator app - https://play.google.com/store/apps/deta ... enticator2

[Gregjam]

We are forced to use 2FA on a lot of things and while it is good in many ways there has been little consideration for those without a phone signal (workers on ships etc) or a poor internet connection (usually has a short time limit).
As a seafarer I usually opt out but when forced to use it have to time it so it has a chance to work.

[PeteC]

We are forced to use 2FA on a lot of things and while it is good in many ways there has been little consideration for those without a phone signal (workers on ships etc) or a poor internet connection (usually has a short time limit).
As a seafarer I usually opt out but when forced to use it have to time it so it has a chance to work.

Off topic I know and I'll move it if it turns into a discussion. Are you anywhere near the mess in the Red Sea/ME?

[pharvey]

Somewhat like buks whereas I use it on anything and everything financial and there are as mentioned several others that use/require it.

Prior to current issues when I was travelling a great deal, we were on many occasions forced to use local Sim Cards (or even those actually tied to a particular site at times). This caused problems much in the same way as Gregjam mentions....

[hhinner]

Where required I prefer to use Authy rather than Google authenticator. Backup and recovery is easier and also has a PC version.

[Gregjam]

In response to PeteC I am fortunately not on that area. I normally trade between Malaysia and China and use a Malaysian SIM as I get unfettered internet in China using that SIM for some reason. Still causes issues with 2FA which a VPN helps with but not always. You may have an IP in the country you need but those clever tech guys can tell if you are using a VPN for more well funded sites

[404cameljockey]

Where required I prefer to use Authy rather than Google authenticator. Backup and recovery is easier and also has a PC version.

I'm looking into this and the Authy website sadly says: "The Authy Desktop app will reach their End-of-Life in Aug 2024. If you are downloading Authy for the first time, please use one of our mobile apps."

So if (or for me 'when') you lose your phone I guess you'll be unable to use your 2FA apps until you get a new phone, just like with the other 2FA phone apps.

[hhinner]

Where required I prefer to use Authy rather than Google authenticator. Backup and recovery is easier and also has a PC version.

I'm looking into this and the Authy website sadly says: "The Authy Desktop app will reach their End-of-Life in Aug 2024. If you are downloading Authy for the first time, please use one of our mobile apps."

So if (or for me 'when') you lose your phone I guess you'll be unable to use your 2FA apps until you get a new phone, just like with the other 2FA phone apps.

Hadn't seen the eol notice.

BTW, I see that Google authenticator now has backup functionality.

When you set up 2FA for a banking app (for example) there should also be an alternative method of authentication to sign in if you lose your phone. This could be something like a string of unrelated words, a long string of random characters, or something else. that you should save securely (not on the phone).

[404cameljockey]

When you set up 2FA for a banking app (for example) there should also be an alternative method of authentication to sign in if you lose your phone. This could be something like a string of unrelated words, a long string of random characters, or something else. that you should save securely (not on the phone).

Yes I noticed that. I use Bitwarden free password safe across all browsers and devices, I can access these safety login measures on a laptop too, so seems all good.

[GroveHillWanderer]

Is anyone using this on computers or phones and if so, was there an incident that convinced you to use it?

I'm sure like me, you all get reminders from every device ops system and communications app urging you to set it up and use it.

I just don't want extra steps in everything I do online making things yet more complicated.

If you don't use 2FA, then anyone that can get access to your password by whatever means (phishing, key loggers, trojans, security vulnerabilities in apps or browsers, etc) can take over the account that password belongs to.

So if you have anything that you consider sensitive (financial stuff, for instance) or simply that you wouldn't want to lose access to, you'd be well advised to use 2FA for those accounts.

All the 2FA systems that I use allow multiple options for authentication. So even if you lost your primary phone, there are still alternatives (email, tablet, second phone etc).

Also, some of them only require you to use 2FA once on any given device, so after you've done it once, you don't need to do it again until or unless you start to use a new device.

I have some accounts that it wouldn't bother me if I lost access to them, so I don't bother with 2FA for those.