nakamura12 (OP)
|
|
October 01, 2018, 05:52:16 PM Last edit: May 11, 2023, 11:53:18 AM by nakamura12 |
|
Hello guys I am nakamura12, I would like to share this tip on "how to enable Two Factor Authentication also known as 2FA by using address only" to newbies and other forum members that didn't know how to enable 2FA. To those who already know how can also help (if you want to). At the bottom is an explanation why you should make a back up of the secret key of the 2FA.
Before I start, You must download and install an Authenticator in your mobile device or in desktop if you know an authenticator that have desktop version. There are Authenticator that you can use.The Authenticator used in this thread is Google Authenticator since it is what I used before and this is only an example and the point or goal of this is all about how to enable 2FA. It's up to you on what 2FA authenticator you will use. 1] Open the website where you want to enable 2FA and log in your account, after that open account settings. In my case refer to image below where I can see the 2FA in my accounts settings. My case is in einax website. (Note: I'm not advertising their website and I use it for example only)2] Click the Two-Factor Authentication as shown in image above and you will be redirect to new page where you can see the address needed to enable 2FA. Refer Image below. 3] Copy the address that is provided from the website.4] Open the Google Authenticator you downloaded from Playstore. Next, Press the red + sign button. Next, Click enter a provided key Enter the name of the website where you want to enable 2FA account and paste the address and then Click "ADD". Ex: Bitcointalk 2FA Guide Address: LBCUE6MW2GV2I4VI You can see the "CODE" now in your mobile device and it changes time after time Now, type the code where you copy the address and "CLICK ENABLE 2FA". Ex code: 105885 You're good to go. You're 2FA is enabled. UPDATE: Don't forget to backup secret key because it's very important when you lose your device. Make sure it's well written on the piece of paper or make a backup copy in your USB device or PC.
2FA - Important Precautions with Google AuthenticatorOther Authenticators you can use:Best 2FA applications to use. Open source, free, secure. Better than Google'sREASON: You can't get code again from another device if you lose your mobile device but by doing the same guide with the same secret/address key you use in google authenticator that you backed up then you don't have to worry.
Feel free to ask questions or correct my mistakes If i have mistakes in my guide. In my case I enable 2FA in my account in einax.com to be an example on how to enable 2FA.
|
|
|
|
BitMaxz
Legendary
Offline
Activity: 3444
Merit: 3173
Playbet.io - Crypto Casino and Sportsbook
|
|
October 01, 2018, 06:34:26 PM |
|
Don't forget to backup secret key because it's very important when you lose your device. Make sure it's well written on the piece of paper or make a backup copy in your USB device or PC.
I just want you to add this method because the android google authenticator doesn't have a backup feature unlike in laptop/PC.
|
|
|
|
nakamura12 (OP)
|
|
October 01, 2018, 07:58:49 PM |
|
Don't forget to backup secret key because it's very important when you lose your device. Make sure it's well written on the piece of paper or make a backup copy in your USB device or PC.
I just want you to add this method because the android google authenticator doesn't have a backup feature unlike in laptop/PC.
Got it thanks, I'll update it right away.
|
|
|
|
pozmu
|
|
October 02, 2018, 01:53:00 AM |
|
Please correct me if I'm wrong: - There is no 2FA option for Bitcointalk.
- Google authenticator 2FA (I think it's called time based 2FA?) is flawed as it assumes your computer is clean at the time of 2FA activation, if there is some kind of malware on your computer it could simply steal your 2FA key (secret key)
|
|
|
|
joniboini
Legendary
Offline
Activity: 2380
Merit: 1806
|
|
October 02, 2018, 04:31:15 AM |
|
Do we really need a tutorial like this here? Almost every site who applies 2FA have a guide on how to do it, and you can search this quite easily on the web. - There is no 2FA option for Bitcointalk.
- Google authenticator 2FA (I think it's called time based 2FA?) is flawed as it assumes your computer is clean at the time of 2FA activation, if there is some kind of malware on your computer it could simply steal your 2FA key (secret key)
1. He doesn't talk about 2FA on this forum but in general. 2. What kind of malware can do that?
|
| CHIPS.GG | | | ▄▄███████▄▄ ▄████▀▀▀▀▀▀▀████▄ ▄███▀░▄░▀▀▀▀▀░▄░▀███▄ ▄███░▄▀░░░░░░░░░▀▄░███▄ ▄███░▄░░░▄█████▄░░░▄░███▄ ███░▄▀░░░███████░░░▀▄░███ ███░█░░░▀▀▀▀▀░░░▀░░░█░███ ███░▀▄░▄▀░▄██▄▄░▀▄░▄▀░███ ▀███░▀░▀▄██▀░▀██▄▀░▀░███▀ ▀███░▀▄░░░░░░░░░▄▀░███▀ ▀███▄░▀░▄▄▄▄▄░▀░▄███▀ ▀████▄▄▄▄▄▄▄████▀ █████████████████████████ | | ▄▄███████▄▄ ▄███████████████▄ ▄█▀▀▀▄█████████▄▀▀▀█▄ ▄██████▀▄█▄▄▄█▄▀██████▄ ▄████████▄█████▄████████▄ ████████▄███████▄████████ ███████▄█████████▄███████ ███▄▄▀▀█▀▀█████▀▀█▀▀▄▄███ ▀█████████▀▀██▀█████████▀ ▀█████████████████████▀ ▀███████████████████▀ ▀████▄▄███▄▄████▀ ████████████████████████ | | 3000+ UNIQUE GAMES | | | 12+ CURRENCIES ACCEPTED | | | VIP REWARD PROGRAM | | ◥ | Play Now |
|
|
|
einax
Copper Member
Member
Offline
Activity: 164
Merit: 40
einax.com
|
|
October 02, 2018, 06:08:44 AM |
|
Please correct me if I'm wrong: - There is no 2FA option for Bitcointalk.
- Google authenticator 2FA (I think it's called time based 2FA?) is flawed as it assumes your computer is clean at the time of 2FA activation, if there is some kind of malware on your computer it could simply steal your 2FA key (secret key)
You should never use the same machine to log in and store 2FA keys. This is the whole point - your 2FA key is in one place, and your login/password in a completely different place. If your PC will be breached and login information was stolen - your account is still safe, and if you lose your device - auth codes are useless because nobody knows login/password or even what they suppose to open. Even though you should not use the same device to get OTP and log in it is relatively safe to neglect this rule on mobile, since mobile environments often use means to isolate mobile apps from each other (Android phones are slightly more vulnerable compared to iOS but still mostly safe to use). Stay safe!
|
|
|
|
nakamura12 (OP)
|
Please correct me if I'm wrong: - There is no 2FA option for Bitcointalk.
- Google authenticator 2FA (I think it's called time based 2FA?) is flawed as it assumes your computer is clean at the time of 2FA activation, if there is some kind of malware on your computer it could simply steal your 2FA key (secret key)
You're not wrong nor right. I'm not telling or referring that there's a 2FA in bitcointalk it's just an example. Do we really need a tutorial like this here? Almost every site who applies 2FA have a guide on how to do it, and you can search this quite easily on the web.
Yes, but not for who already know on how to do so and some newbies doesn't know yet so I'm sharing this for those real newbies. 1. He doesn't talk about 2FA on this forum but in general. 2. What kind of malware can do that?
You got my point on this one.
|
|
|
|
gellany32
Newbie
Offline
Activity: 26
Merit: 0
|
|
October 03, 2018, 03:10:09 AM Last edit: October 10, 2018, 08:21:19 AM by gellany32 |
|
I have already downloaded Google Authenticator and it seems it only works on smart phone. I have used the email which is connected to my phone. Now it work even if I used my PC still ask for a 2FA google authenticator. However, I am only picking some website that should be used with 2FA google authenticator for it will be annoying also if it will be applied to all websites.
|
|
|
|
Crypto Girl
|
|
October 03, 2018, 10:35:03 AM |
|
It work even if I used my PC still ask for a 2FA google authenticator. However, I am only picking some website that should be used with 2FA google authenticator for it will be annoying also if it will be applied to all websites.
If you think that you're doing something serious on that site then you can enable the 2FA, it isn't necessary to use this from everything. Just choose a site that seems substantial such in trading sites that we mostly use and sometimes leave our coins for a while. Don't forget to backup secret key because it's very important when you lose your device. Make sure it's well written on the piece of paper or make a backup copy in your USB device or PC.
I just want you to add this method because the android google authenticator doesn't have a backup feature unlike in laptop/PC.
I just know this. Thanks.
|
|
|
|
muhammedayo1
Member
Offline
Activity: 151
Merit: 10
Stalker.network - POS Smart Contract ETH Token
|
|
October 03, 2018, 12:32:48 PM |
|
This is simplified enough , any newbie that have further questions can ask ,I'm sure many people are here to respond approximately.
It should also be noted that the 16Digits code should be kept safely
|
|
|
|
nakamura12 (OP)
|
|
October 04, 2018, 08:37:57 AM |
|
This is simplified enough , any newbie that have further questions can ask ,I'm sure many people are here to respond approximately.
It should also be noted that the 16Digits code should be kept safely
I know you're trying to help but it is noted already, I guess you didn't read all of it. Secret key/address key is the 16digit code what you want to be noted. BitMaxz already mention it . Don't forget to backup secret key because it's very important when you lose your device. Make sure it's well written on the piece of paper or make a backup copy in your USB device or PC.
|
|
|
|
pozmu
|
|
October 05, 2018, 03:51:18 PM |
|
Please correct me if I'm wrong: - There is no 2FA option for Bitcointalk.
- Google authenticator 2FA (I think it's called time based 2FA?) is flawed as it assumes your computer is clean at the time of 2FA activation, if there is some kind of malware on your computer it could simply steal your 2FA key (secret key)
You should never use the same machine to log in and store 2FA keys. This is the whole point - your 2FA key is in one place, and your login/password in a completely different place. If your PC will be breached and login information was stolen - your account is still safe, and if you lose your device - auth codes are useless because nobody knows login/password or even what they suppose to open. Even though you should not use the same device to get OTP and log in it is relatively safe to neglect this rule on mobile, since mobile environments often use means to isolate mobile apps from each other (Android phones are slightly more vulnerable compared to iOS but still mostly safe to use). Stay safe! Consider this scenario: 1. Your computer is infected with malware. 2. You set-up account on exchange and enable 2FA. 3. You fund your account on exchange from another device/ hardware wallet - you think you're safe, you're using hardware wallet and exchange account is secured by 2FA 4. After few days you find out that someone stole your coins from exchange - how this could happen??? Well, the answer is simple, points 1&2 - you received 2FA secret key on infected PC, so 2FA won't stop robbers.
|
|
|
|
nakamura12 (OP)
|
|
October 07, 2018, 06:21:47 AM |
|
Consider this scenario: 1. Your computer is infected with malware. 2. You set-up account on exchange and enable 2FA. 3. You fund your account on exchange from another device/ hardware wallet - you think you're safe, you're using hardware wallet and exchange account is secured by 2FA 4. After few days you find out that someone stole your coins from exchange - how this could happen???
Well, the answer is simple, points 1&2 - you received 2FA secret key on infected PC, so 2FA won't stop robbers.
It won't happen unless you know how to keep your computer safe (at least) from malwares. If that someone trying to steal your coins from your exchange account should at least need the exchange account (Username and Password) and the private key of course for 2fa. Changing the password after enabling 2FA is important as the saying goes "PREVENTION IS BETTER THAN CURE".
|
|
|
|
pozmu
|
|
October 16, 2018, 09:52:05 PM |
|
But 2FA job is to secure you account against malware, it doesn't protect from hacks etc. contrary to what many people believe.
|
|
|
|
nakamura12 (OP)
|
|
October 17, 2018, 10:26:16 AM |
|
But 2FA job is to secure you account against malware, it doesn't protect from hacks etc. contrary to what many people believe.
Yes, it is. Let's just say that it's not a perfect security but it also help.
|
|
|
|
Psalms23
Full Member
Offline
Activity: 546
Merit: 105
#SWGT PRE-SALE IS LIVE
|
|
October 24, 2018, 02:11:58 PM |
|
I just want to add about my experience with 2FA Authenticator which gives me a problem (well because this was new to me), I wanst able to log in however I try to encode my code and discovered that the time settings in my phone is different from the net. i just changed my time settings to set automatically and viola! its good. Just sharing, maybe some can meet this problem.
|
|
|
|
socks435
Legendary
Offline
Activity: 2058
Merit: 1030
I'm looking for free spin.
|
|
October 24, 2018, 03:31:09 PM |
|
I just want to add about my experience with 2FA Authenticator which gives me a problem (well because this was new to me), I wanst able to log in however I try to encode my code and discovered that the time settings in my phone is different from the net. i just changed my time settings to set automatically and viola! its good. Just sharing, maybe some can meet this problem.
This is also happening to me before I always tried to use the generated code from 2fa but it doesn't work and I notice that my laptop time is not the same as my local time so I just edit and update the time and after that, I sync it from google authenticator and it works again. So I advise to other users who experience the same thing you should always check your time if it's updated or not.
|
Decided to end it with zer0 profit.
|
|
|
alexgeller22
Copper Member
Jr. Member
Offline
Activity: 331
Merit: 1
|
|
October 25, 2018, 09:00:40 AM |
|
I don’t know how anyone, but I don’t like Google Authenticator, problems with it alone, the code is not correct that time, and I came across a similar program but many times better is Authy, everything can be done easily and backups easily
|
☆✩✩✩✩ SINOVATE ☆✩✩✩✩ X25X Algo | INFINITY NODES | IDS | RSV | Anonymity | ════☛ sinovate.io ☚════
|
|
|
nakamura12 (OP)
|
|
October 25, 2018, 02:04:37 PM |
|
I don’t know how anyone, but I don’t like Google Authenticator, problems with it alone, the code is not correct that time, and I came across a similar program but many times better is Authy, everything can be done easily and backups easily I know that but it doesn't mean that it is best to use google authenticator, there are other people that also use google authenticator and this thread is to show on how to enable 2FA. One thing I can tell is it depends on you what authenticator you would use.
|
|
|
|
roosbit
Member
Offline
Activity: 893
Merit: 43
Random coins :)
|
|
October 25, 2018, 02:16:57 PM |
|
Nice guide OP but imo I think Authy is a far much better alternative to the once popular Google Authenticator because - Authy automatically backups 2FA data which google can not
- Authy has several ways of getting back onto your account unlike limited ways of Google 2fa
- Lastly the interface is user friendly too
|
|
|
|
|