Questions And Answers about the 2-Step Verification

Have you turned on 2-Step Verification for your account?

  • Yes

  • No, because ...


Results are only viewable after voting.

Cortex

Level 26
Verified
Top Poster
Well-known
Aug 4, 2016
1,465
As for cookies I don't keep any ever, & never have, they are all deleted when the browser closes which is often - It means logging into to sites each time but I prefer it that way.
 

Attachments

  • Cookies.jpg
    Cookies.jpg
    68.9 KB · Views: 569
Last edited:

upnorth

Level 68
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,458
I kept the backup codes (somewhere?) but instead, I rely on backups from my Authenticator app that allows me to quickly reload if my phone/PC breaks/goes missing. Just say "no" to Google Authenticator.
I can't speak for Google Authenticator as I never used it, other then I know it's updated 12th of May this year ( 2020 ). What I recall is that it has a pretty poor track record/history of updates as it previous went non updated for years. Personal I use Microsofts Authenticator, but I know there are several other more then well enough and working apps available. Most important part is that people use them when they are available, but as said, it is a risk with any lost of the backups/backup codes. It's simply something one have to be aware of and normally that information is always there to read/grasp before one enable it. It's also normally recommended to test. Pretty the same as with any backups. Make sure those actually works = verify!
 

Ink

Administrator
Verified
Jan 8, 2011
22,490
Is there a technical reason for 2FA expiring every 30 days but logouts not? Seems like those two should go hand-in-hand.

It can be a little inconvenient because a lot of password managers don't know how to autocomplete a OTP prompt without a login.
You can force log out from Other Devices via the Account Security settings - https://malwaretips.com/account/two-step/
 

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
Hi

Just removed Google Authenticator

I just tried my Yubikey 5C NFC. I could not set up 2FA with it.

I have MalwareTips forums saved to my Yubico Authenticator and there's also a 6-digit pin associated with it

Any help? Thanks
Your account does not have 2FA active. You should be able to log in just with your username and password.
ew.jpg
 

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,152
Your account does not have 2FA active. You should be able to log in just with your username and password.
View attachment 274303

I enabled, scan that QR Code and suppose to fill in the Verification Code

But I'm not seeing the Verification Code in Yubico Authenticator

So cannot enable 2FA

From below you can see my yubikey is USB to my phone and the Yubico Authenticator display

IMG-20230407-120944.jpg
 
Last edited:

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
I enabled, scan that QR Code and suppose to fill in the Verification Code

But I'm not seeing the Verification Code in Yubico Authenticator

So cannot enable 2FA

From below you can see my yubikey is USB to my phone and the Yubico Authenticator display

IMG-20230407-120944.jpg
Have you tried manually adding the secret code that is provided?
 

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,152
Finally, I enabled 2FA. Stored the backup codes as well. The problem was I did not set up the physical key properly. Found and filled in the secret code and then it works.

Yubikey/Yubico Authenticator works flawlessly in setting up 2FA

Big clap for myself 👏
 
Last edited:

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,152
this can provide greater security, but prevents hundreds of users from creating or even accessing their own accounts, in case of loss, defect or theft of the cell phone or smartphone

As long as you take proper steps to do proper backup, I believe the inconvenience is minimized

Assume the following scenarios

1) Loss/theft/defective phone

If you have 2 phones you can simulate the above. Assume you set up 2FA with a physical security key for MWT forums. Now, assume this phone is not in use i.e. lost. So, you take your physical security key, go to the 2nd phone, open up MWT forums and access it with the physical security key. It'll work.

2) Defective/loss of physical security key

In this case, it's highly recommended by the security key manufacturer that you should have a 2nd security key as back up if the above should happen. If you lose the 1st security key you can replace with another security key as a back-up, now, for the 2nd security key.....and so on.

There you see your problems are solved.
 
Last edited:

piquiteco

Level 14
Verified
Top Poster
Well-known
Oct 16, 2022
624
Finally, I enabled 2FA. Stored the backup codes as well. The problem was I did not set up the physical key properly. Found and filled in the secret code and then it works.

Yubikey/Yubico Authenticator works flawlessly in setting up 2FA
MalwareTips doesn't support 2FA by security key as far as I know, it works only by TOTP, if I didn't misunderstand what you said. I don't see much need to use it Yubico Authenticator it is limited only in 32 accounts, which is too little for me. In this case I still prefer Aegis Authenticator which stores an unlimited number of accounts. What you can do with your Yubikey if you are a little paranoid, is to protect your e-mail like G-mail with 2FA only with your Yubikey security key and receive the 2FA tokens through that e-mail, when you login to your MT account you will always receive a new 6-digit token in that e-mail that only you will have access to, because it is protected by your Yubikey, as it requires physical access from tap to key, It will be almost impossible for someone to get access to your e-mail. (y)
 
Last edited:
  • Like
  • +Reputation
Reactions: Nevi and a090

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,152
MalwareTips doesn't support 2FA by security key as far as I know, it works only by TOTP, if I didn't misunderstand what you said. I don't see much need to use it Yubico Authenticator it is limited only in 32 accounts, which is too little for me. In this case I still prefer Aegis Authenticator which stores an unlimited number of accounts. What you can do with your Yubikey if you are a little paranoid, is to protect your e-mail like G-mail with 2FA only with your Yubikey security key and receive the 2FA tokens through that e-mail, when you login to your MT account you will always receive a new 6-digit token in that e-mail that only you will have access to, because it is protected by your Yubikey, as it requires physical access from tap to key, It will be almost impossible for someone to get access to your e-mail. (y)

Yes, accessing MWT needs an authenticator. In this case, I have chosen Yubico Authenticator. It ask for Yubikey to access the Yubico Authenticator through NFC(or USB-C) as below

IMG-20230408-175045.jpg


I'm still thinking of whether to get Bitwarden Premium. Then my Yubikey would be put to better use. Also, waiting for the passwordless login feature. 1Password and Keeper already using passwordless login.

1680949198876.png
 
Last edited:
  • Like
Reactions: piquiteco

piquiteco

Level 14
Verified
Top Poster
Well-known
Oct 16, 2022
624
Yes, accessing MWT needs an authenticator. In this case, I have chosen Yubico Authenticator. It ask for Yubikey to access the Yubico Authenticator through NFC(or USB-C) as below
I see, you have chosen to use Yubico Authenticator instead of using another authenticator. So it might be useful for you to add more important accounts that support TOTP as a password manager or another website of great importance for you.(y)
I'm still thinking of whether to get Bitwarden Premium. Then my Yubikey would be put to better use. Also, waiting for the passwordless login feature. 1Password and Keeper already using passwordless login.
Yes, Yubikey in Bitwarden only works for Premium users unfortunately. No, 1Password doesn't work for password-less login yet, they are in tests, they haven't implemented this feature yet. About Keeper I can't say because I don't use it. ;)
 
  • Like
Reactions: HarborFront

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,152
I see, you have chosen to use Yubico Authenticator instead of using another authenticator. So it might be useful for you to add more important accounts that support TOTP as a password manager or another website of great importance for you.(y)

Yes, Yubikey in Bitwarden only works for Premium users unfortunately. No, 1Password doesn't work for password-less login yet, they are in tests, they haven't implemented this feature yet. About Keeper I can't say because I don't use it. ;)

Will be using Yubikey 5C NFC for

1) signing into web accounts
2) signing into MS accounts
3) Tutanota email
4) eBay
5) Secure disk for BitLocker. Maybe...... just use TPM+PIN for BitLocker will do
6) BW Premium. Wait and see.
 
Last edited:
  • Like
Reactions: piquiteco

piquiteco

Level 14
Verified
Top Poster
Well-known
Oct 16, 2022
624
Would be using Yubikey 5C NFC for

1) signing into web accounts
Yes, all web accounts that I use and support security keys I activate and only use 2FA per security key. (y)
2) signing into MS accounts
Yes, I use it on my MS account, because I only need the Yubikey PASSWORD/PIN and then on my MS account with no password, just using the security key.
3) Tutanota email
Tutanota email is phenomenal and indescribable the service is one of the few emails that you can choose to use only 2FA per security key, in my humble opinion is the best encrypted email service. Proton is not on the list because, it does not allow you to use only the security key, so I do not recommend using it currently, one day when you have the ability to use only 2FA per security key, then it will be the second best encrypted email service. ;)
No, I have an eBay account, so I can't give an opinion here. If you have an eBay account and it is protected with a security key like Yubikey, then you are well protected.
5) Secure disk for BitLocker. Maybe...... just use TPM+PIN for BitLocker will do
Yes, if your laptop or computer has the TPM, just use the PIN and you will be safe. (y)
6) BW Premium. Wait and see
BW Premium, I believe it is worth it, it was 10$ a year for 1 user, I don't know if the price has changed, I am thinking of paying per year just to support them, it seems they take security seriously and there was the community. ;)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top