- Aug 4, 2016
- 1,465
As for cookies I don't keep any ever, & never have, they are all deleted when the browser closes which is often - It means logging into to sites each time but I prefer it that way.
Attachments
Last edited:
Questions And Answers about the 2-Step Verification
- Thread starter Jack
- Start date
I use 2FA anywhere if possible.
Sadly sites are very slow in progress with that and even slower with the more secure FIDO/ U2F or even FIDO2.
Sadly sites are very slow in progress with that and even slower with the more secure FIDO/ U2F or even FIDO2.
- Aug 27, 2020
- 446
Hi, I log in with Facebook & Google Authenticator, it is a little bit annoying but the security outweighs it.
- Jan 29, 2017
- 1,201
I kept the backup codes (somewhere?) but instead, I rely on backups from my Authenticator app that allows me to quickly reload if my phone/PC breaks/goes missing. Just say "no" to Google Authenticator.
Is there a technical reason for 2FA expiring every 30 days but logouts not? Seems like those two should go hand-in-hand.
It can be a little inconvenient because a lot of password managers don't know how to autocomplete a OTP prompt without a login.
It can be a little inconvenient because a lot of password managers don't know how to autocomplete a OTP prompt without a login.
- Jul 27, 2015
- 5,459
I can't speak for Google Authenticator as I never used it, other then I know it's updated 12th of May this year ( 2020 ). What I recall is that it has a pretty poor track record/history of updates as it previous went non updated for years. Personal I use Microsofts Authenticator, but I know there are several other more then well enough and working apps available. Most important part is that people use them when they are available, but as said, it is a risk with any lost of the backups/backup codes. It's simply something one have to be aware of and normally that information is always there to read/grasp before one enable it. It's also normally recommended to test. Pretty the same as with any backups. Make sure those actually works = verify!
- Jan 8, 2011
- 22,361
You can force log out from Other Devices via the Account Security settings - https://malwaretips.com/account/two-step/
justinblack
New Member
- Nov 4, 2021
- 4
- Jan 24, 2011
- 9,378
Your account does not have 2FA active. You should be able to log in just with your username and password.
I enabled, scan that QR Code and suppose to fill in the Verification Code
But I'm not seeing the Verification Code in Yubico Authenticator
So cannot enable 2FA
From below you can see my yubikey is USB to my phone and the Yubico Authenticator display
Last edited:
- Jan 24, 2011
- 9,378
Have you tried manually adding the secret code that is provided?I enabled, scan that QR Code and suppose to fill in the Verification Code
But I'm not seeing the Verification Code in Yubico Authenticator
So cannot enable 2FA
From below you can see my yubikey is USB to my phone and the Yubico Authenticator display
Finally, I enabled 2FA. Stored the backup codes as well. The problem was I did not set up the physical key properly. Found and filled in the secret code and then it works.
Yubikey/Yubico Authenticator works flawlessly in setting up 2FA
Big clap for myself
Yubikey/Yubico Authenticator works flawlessly in setting up 2FA
Big clap for myself
Last edited:
- Sep 13, 2012
- 191
this can provide greater security, but prevents hundreds of users from creating or even accessing their own accounts, in case of loss, defect or theft of the cell phone or smartphone
As long as you take proper steps to do proper backup, I believe the inconvenience is minimized
Assume the following scenarios
1) Loss/theft/defective phone
If you have 2 phones you can simulate the above. Assume you set up 2FA with a physical security key for MWT forums. Now, assume this phone is not in use i.e. lost. So, you take your physical security key, go to the 2nd phone, open up MWT forums and access it with the physical security key. It'll work.
2) Defective/loss of physical security key
In this case, it's highly recommended by the security key manufacturer that you should have a 2nd security key as back up if the above should happen. If you lose the 1st security key you can replace with another security key as a back-up, now, for the 2nd security key.....and so on.
There you see your problems are solved.
Last edited:
piquiteco
Level 14
- Oct 16, 2022
- 626
MalwareTips doesn't support 2FA by security key as far as I know, it works only by TOTP, if I didn't misunderstand what you said. I don't see much need to use it Yubico Authenticator it is limited only in 32 accounts, which is too little for me. In this case I still prefer Aegis Authenticator which stores an unlimited number of accounts. What you can do with your Yubikey if you are a little paranoid, is to protect your e-mail like G-mail with 2FA only with your Yubikey security key and receive the 2FA tokens through that e-mail, when you login to your MT account you will always receive a new 6-digit token in that e-mail that only you will have access to, because it is protected by your Yubikey, as it requires physical access from tap to key, It will be almost impossible for someone to get access to your e-mail.
Last edited:
MalwareTips doesn't support 2FA by security key as far as I know, it works only by TOTP, if I didn't misunderstand what you said. I don't see much need to use it Yubico Authenticator it is limited only in 32 accounts, which is too little for me. In this case I still prefer Aegis Authenticator which stores an unlimited number of accounts. What you can do with your Yubikey if you are a little paranoid, is to protect your e-mail like G-mail with 2FA only with your Yubikey security key and receive the 2FA tokens through that e-mail, when you login to your MT account you will always receive a new 6-digit token in that e-mail that only you will have access to, because it is protected by your Yubikey, as it requires physical access from tap to key, It will be almost impossible for someone to get access to your e-mail.
Yes, accessing MWT needs an authenticator. In this case, I have chosen Yubico Authenticator. It ask for Yubikey to access the Yubico Authenticator through NFC(or USB-C) as below
I'm still thinking of whether to get Bitwarden Premium. Then my Yubikey would be put to better use. Also, waiting for the passwordless login feature. 1Password and Keeper already using passwordless login.
Last edited:
piquiteco
Level 14
- Oct 16, 2022
- 626
I see, you have chosen to use Yubico Authenticator instead of using another authenticator. So it might be useful for you to add more important accounts that support TOTP as a password manager or another website of great importance for you.
Yes, Yubikey in Bitwarden only works for Premium users unfortunately. No, 1Password doesn't work for password-less login yet, they are in tests, they haven't implemented this feature yet. About Keeper I can't say because I don't use it.
I see, you have chosen to use Yubico Authenticator instead of using another authenticator. So it might be useful for you to add more important accounts that support TOTP as a password manager or another website of great importance for you.
Yes, Yubikey in Bitwarden only works for Premium users unfortunately. No, 1Password doesn't work for password-less login yet, they are in tests, they haven't implemented this feature yet. About Keeper I can't say because I don't use it.
Will be using Yubikey 5C NFC for
1) signing into web accounts
2) signing into MS accounts
3) Tutanota email
4) eBay
5) Secure disk for BitLocker. Maybe...... just use TPM+PIN for BitLocker will do
6) BW Premium. Wait and see.
Last edited:
piquiteco
Level 14
- Oct 16, 2022
- 626
Yes, all web accounts that I use and support security keys I activate and only use 2FA per security key.
Yes, I use it on my MS account, because I only need the Yubikey PASSWORD/PIN and then on my MS account with no password, just using the security key.
Tutanota email is phenomenal and indescribable the service is one of the few emails that you can choose to use only 2FA per security key, in my humble opinion is the best encrypted email service. Proton is not on the list because, it does not allow you to use only the security key, so I do not recommend using it currently, one day when you have the ability to use only 2FA per security key, then it will be the second best encrypted email service.
No, I have an eBay account, so I can't give an opinion here. If you have an eBay account and it is protected with a security key like Yubikey, then you are well protected.
Yes, if your laptop or computer has the TPM, just use the PIN and you will be safe.
BW Premium, I believe it is worth it, it was 10$ a year for 1 user, I don't know if the price has changed, I am thinking of paying per year just to support them, it seems they take security seriously and there was the community.
Similar threads
