Bitcoin Forum
December 15, 2024, 07:32:21 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 »  All
  Print  
Author Topic: How to use 2-factor auth on mtgox, even without a smartphone  (Read 27431 times)
no name
Newbie
*
Offline Offline

Activity: 43
Merit: 0


View Profile
February 14, 2013, 09:27:34 AM
 #21


[/quote]
Wrong time zone on the offline computer?
[/quote]

I guess that mini xp don't have time zone setup!
I'll check it again today!

I done 2fa setup for bitcoincentral with same online comp and intend similar for mtgox until yubikey arrive.
BitCoinNutJob
Legendary
*
Offline Offline

Activity: 1330
Merit: 1000


View Profile
April 06, 2013, 04:56:03 PM
 #22


can someone confirm its safe to download the file given in this tutorial from the site github because i dont know github & OP has not signed in since march - no offense just a newbie donk Smiley
moni3z
Hero Member
*****
Offline Offline

Activity: 899
Merit: 1002



View Profile
April 06, 2013, 11:51:48 PM
 #23

https://github.com/gbraad?tab=activity

The guy who owns that github account last signed in 10 days ago, it's fine.
BitCoinNutJob
Legendary
*
Offline Offline

Activity: 1330
Merit: 1000


View Profile
April 07, 2013, 12:41:24 PM
 #24


ok cool guess its safe then, thanks
zxyzxy
Full Member
***
Offline Offline

Activity: 133
Merit: 100


View Profile
April 25, 2013, 07:46:09 AM
 #25

Or use the google authenticator app on an offline computer.

the clock on an offline computer will vary over time, which will make your otp give a bad result.  update the time manually if the otp is gives doesn't work.
hey, i used this setup to add OTP to my bitstamp account (any additional layer of security they offer? its kinda lame that i cant even receive an email if there is a withdrawal, only a deposit..) well back to my original point, i added the OTP before march, usually i was logged on 2-3 takes, now after DST it takes 10-15 takes for me to log in.. what am i doing wrong? it does not make sense to chance the computer time back to what it was before summer time.
Loozik
Sr. Member
****
Offline Offline

Activity: 378
Merit: 250


Born to chew bubble gum and kick ass


View Profile
April 29, 2013, 09:25:00 PM
 #26

Hello,

Newbie here asking for help setting up 2 factor auth on mtgox using a smartphone. A kind soul is kindly asked to help. The present state:

1. I have an account at Mtgox and want to add Google Authentication service in Mtgox in Security Systems.

2. I bought an Android phone yesterday.

3. I downloaded Google Authenticator into my phone and get the following sentences / commands on the phone after starting this app:

First screen

With 2-step verification , whenever you sign in to your Google Account you will need:
1. Your password (non-clickable)
2. A code that this app will generate for you (non-clickable)

Begin setup (clickable command which I click and arrive at):

Second screen that shows:

Add an account (non-clickable):
___________________
Manually add an account (non-clickable)
Scan a barcode (clickable; Q1: Is barcode reading app built-in Google Authenticator so that I do not need to download any other additional application?)
Enter provided key (clickable; Q2: Should I type Mtgosx's ''Auth Name'' or ''Standard Private Key'' or ''Secure Private Key''?)

Q3: Are ''scan barcode'' and ''add an account'' interchangable, meaning that performing any of the two will result in a success or do I need to both scan the barcode and enter the key?
_______________________
Available Google accounts (non-clickable)
xyz@gmail.com (clickable; Q4: is it advisable to create a new Google Account or is it okay if I use the existing one?)

Q5: Do I need to reveal my Google Account or this option is only for Gmail?

Thank you.
pandemic
Sr. Member
****
Offline Offline

Activity: 434
Merit: 250


View Profile
May 14, 2013, 12:22:35 PM
 #27

I just implemented 2-factor authentication in gox and a few pools. What happens if I lose the device with my google authenticator on it? 
Stephen Gornick
Legendary
*
Offline Offline

Activity: 2506
Merit: 1010


View Profile
May 14, 2013, 10:15:33 PM
 #28

I just implemented 2-factor authentication in gox and a few pools. What happens if I lose the device with my google authenticator on it? 

Each E-Wallet vendor may have differing practices. 

With Mt. Gox, I believe you need to re-verify your identity (sending in a new copy of your ID).  They might ask some questions, like how much was your balance, the amount of your last deposit, etc.

Google has a method to move the Google auth OTP stuff from one phone to the next, but I'm not sure if that helps with lost phones.

What you can do is copy the "secret" that is shown (it's just a string), or print out the QR code, so you have a backup of it so that you can re-load the code to a new device if you happen to lose your existing device.    Since you can't re-display the secret you are already using, you'ld need to remove OTP then re-add it and save a copy of the new secret code.

Unichange.me

            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █


dishwara
Legendary
*
Offline Offline

Activity: 1855
Merit: 1016



View Profile
May 15, 2013, 08:53:45 PM
 #29

Mtgox gave this thread link when i asked about 2FA.
But they didn't told anywhere what will do to login if phone lost.

Thanks Stephen Gornick for good trick/idea.
tclo
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500



View Profile
May 17, 2013, 06:43:09 PM
 #30

Thanks for the help with this and I use it on Gox, Bistamp and CampBX now..can't hurt to have that added layer of security
clipcoins
Member
**
Offline Offline

Activity: 119
Merit: 10



View Profile WWW
May 19, 2013, 09:00:06 AM
 #31

bump for a valuable thread that could save people a lot of hassle and money.

Opened Now: Clipcoins.com
malevolent
can into space
Legendary
*
Offline Offline

Activity: 3472
Merit: 1725



View Profile
May 20, 2013, 08:42:07 PM
 #32

In case anyone didn't know, the Google authenticator is not limited to Android, iOS and BlackBerry devices there are a few unofficial google authenticators that will work on Symbian devices (e.g. a lot of Nokia's older phones), I'm using this one: https://code.google.com/p/lwuitgauthj2me/ on my 5800XM.

What you can do is copy the "secret" that is shown (it's just a string), or print out the QR code, so you have a backup of it so that you can re-load the code to a new device if you happen to lose your existing device.    Since you can't re-display the secret you are already using, you'ld need to remove OTP then re-add it and save a copy of the new secret code.

Thanks for the tip Wink
I would just add: keep the key in a safe place e.g. on a separate memory stick.

Signature space available for rent.
dooglus
Legendary
*
Offline Offline

Activity: 2940
Merit: 1333



View Profile
May 20, 2013, 10:50:49 PM
 #33

Here's the Python script that I use.  It's based on one I found on StackExchange, but adapted to take command-line arguments, and to do the secret padding correctly.

If you give it just one argument it gives you the TOTP code (which most sites use), and if you give it a 2nd argument, it gives you the HOTP code, which isn't time-based.  That's the kind that bitfloor used.

Code:
#!/usr/bin/env python
#
# calculate google authenticator codes
#
# usage:
#
#  for Time-based One-time Passwords (TOTP), supply just one argument: the secret
#
#  for HMAC-based One-Time Passwords (HOTP), supply two arguments: the secret, and the counter
#      the counter should go up by one each time you generate a password
#
import base64, hashlib, hmac, string, struct, sys, time

def get_hotp_token(secret, number):
    h = hmac.new(base64.b32decode(secret, True), struct.pack(">Q", number), hashlib.sha1).digest()
    o = ord(h[19]) & 15
    return (struct.unpack(">I", h[o:o+4])[0] & 0x7fffffff) % 1000000

def get_totp_token(secret):
    return get_hotp_token(secret, int(time.time())//30)

def usage():
    sys.stderr.write("Usage: %s <secret> [ number ]\n")
    sys.exit(1)

argc = len(sys.argv)
if argc < 2 or argc > 3:
    usage()

secret = sys.argv[1]
secret += '======='[:7-((len(secret)-1)%8)]

if argc < 3:
    print "%06d" % (get_totp_token(secret))
else:
    number = string.atoi(sys.argv[2])
    print "%06d" % (get_hotp_token(secret, number))

Always remember to put a space at the start of your command line when running it so it doesn't get into the bash history file.  Alternatively create an alias in your .bashrc file so you can run it without having to type the secret each time (but then of course your secret is in the .bashrc file in plain text).

Just-Dice                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   Play or Invest                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   1% House Edge
Xer0
Hero Member
*****
Offline Offline

Activity: 826
Merit: 1000


°^°


View Profile
June 01, 2013, 06:28:38 PM
 #34

I also found that the HTML5 app works in Opera Mobile, so I now have Google Auth on my Nokia (Symbian) phone!

OM is slooow on Symbian. try a J2ME TOTP implementation!
starsoccer9
Legendary
*
Offline Offline

Activity: 1630
Merit: 1000



View Profile
June 10, 2013, 01:35:10 AM
 #35

Does anyone know a good program to do this.

I found http://www.toms-world.org/blog/google_authenticator which lets me use mulitple sites which is really nice, but mtgox wont work. The whole program crashes on me. I tried adding the six equal signs like stated to make it a base 32 or w.e. but it didnt work. Any advice is appreciated.
Financisto
Hero Member
*****
Offline Offline

Activity: 640
Merit: 771

BTC⇆⚡⇄BTC


View Profile WWW
June 17, 2013, 03:30:34 AM
 #36

Congratulations and thanks for the well done tutorial.

Cheers!

LIST • ESCROW providers • Ranking & ScoresLIST • FOSS BrainwalletsBTC ⇆⚡⇄ BTCBTC aka BTC: 16MBvhaJoRBxW3Vk6apnvz3UYT9HAgraVS ⚡ PGP: 2680207AA9A1B69FE7A033D80DE0F221074384C4 ⚡ If you think freedom matters, please support the development of these privacy projects→DONATE some sats: TailsQubes OSWhonixVeraCryptPicocryptKryptorSimpleX Chat
BitCoinNutJob
Legendary
*
Offline Offline

Activity: 1330
Merit: 1000


View Profile
July 03, 2013, 10:20:12 PM
 #37


retarded question does this work for BTC-e ?
BitCoinNutJob
Legendary
*
Offline Offline

Activity: 1330
Merit: 1000


View Profile
July 04, 2013, 07:43:55 AM
 #38

anyone?
davidpbrown
Sr. Member
****
Offline Offline

Activity: 531
Merit: 260


Vires in Numeris


View Profile WWW
August 12, 2013, 06:45:32 PM
 #39

Great abc - thanks.

I'm surprised that two versions - one on computer offline html and one on phone, are providing different keys and yet they both work.


฿://12vxXHdmurFP3tpPk7bt6YrM3XPiftA82s
Stephen Gornick
Legendary
*
Offline Offline

Activity: 2506
Merit: 1010


View Profile
August 15, 2013, 12:19:47 AM
 #40

does this work for BTC-e ?

In June, BTC-E added two-factor authentication:
 - https://btc-e.com/profile#security/2fa

So yes, any TOTP client such as this browser-based one will work with BTC-E's two-factor auth.

List of exchanges with two-factor authentciation:
 - http://bitcoin.stackexchange.com/questions/4113

Unichange.me

            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █


Pages: « 1 [2] 3 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!