Bitcoin Forum
November 15, 2024, 04:06:27 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 [6]  All
  Print  
Author Topic: 2FA added  (Read 1868 times)
robelneo
Legendary
*
Offline Offline

Activity: 3430
Merit: 1226



View Profile WWW
January 25, 2024, 01:06:29 AM
Merited by PowerGlove (1)
 #101

(...) Am I the only one any help will be appreciated.
I'm sorry for the month-late response...

I think that what likely happened there is that you mistyped your OTP and then got spooked by the badly-worded error message. That error message has now been improved. Wink



Yes, I did, I mistyped it  Cheesy sorry too for not updating my post, I'm now using it and glad that we have this, and thank you for adding this feature here on Bitcointalk.

..cryptomus..   
  
.
lllllllllllllllllll CRYPTO
PAYMENT GATEWAY
▄█▀▀██▄░░░▄█████▄░░░▄▀████▄
██░▀▄██░░░██▄░▄██░░░██▄▀▀▀█
██░▀▄██░░░███▄███░░░███░░▄█
▀▀▀▀▀░░░░░▀▀▀▀▀░░░░░▀▀▀▀▀
▄▄▄▄▄░░░░░▄▄▄▄▄░░░░░▄▄▄▄▄
███▀▄██░░░██▀░▀██░░░██▀▀▀▀█
██▀▄███░░░██░░░██░░░█▄███░█
▀█▄▄▄█▀░░░▀██▄██▀░░░▀█▄▄▄█▀

▄█████▄░░░▄█▀▀██▄░░░▄█████▄
█▀░█░▀█░░░█░▀░▀▀█░░░██▄░▄██
█▄█▄█▄█░░░███░▀▄█░░░███▄███
▀▀▀▀▀░░░░░▀▀▀▀▀░░░░░▀▀▀▀▀
ACCEPT
CRYPTO
PAYMENTS
..GET STARTED..
RickDeckard
Legendary
*
Offline Offline

Activity: 1148
Merit: 3119



View Profile
March 25, 2024, 12:35:54 AM
Merited by vapourminer (1), Cricktor (1)
 #102

Considering that I was away a couple of months, seeing this update to the forum security really made my eyes gauge with excitement. Thank you theymos for finding the time to analyze and adapt to the code of the forum the magnificent piece of code that PowerGlove made (props as well to you PowerGlove, you rock \o/). If anyone is lost in the sea of 2FA applications, my recommendation boils down to two excellent, free and open-source apps: ente Authenticator[1] and Aegis Authenticator[2] (both available in F-Droid).

[1]https://github.com/ente-io/auth/
[2]https://github.com/beemdevelopment/Aegis
Small update to my previous entry: Aegis has now reached v3.0 (~8 hours ago)[1] with a couple of neat features which deserves our attention:
Quote
Material 3 (and Material You)
Automatic assignment of icons to entries
Ability to select all entries in one go
Support for importing 2FAS schema v4 backups
Sort entries based on the last time they were used
Some clarifications related to importing and backup permission errors
Preparations for the ability to assign a single entry to multiple groups
Performance improvements when scrolling through an entry list with lots of icons
A new look for the third-party licenses list
For whoever still using Google Authenticator, do note that your secrets are in the cloud[2] which means that you are no longer in control of the data and a malicious entity may be able to access them.

[1]https://github.com/beemdevelopment/Aegis/releases/tag/v3.0
[2]https://security.googleblog.com/2023/04/google-authenticator-now-supports.html

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
joker_josue
Legendary
*
Offline Offline

Activity: 1848
Merit: 5074


**In BTC since 2013**


View Profile WWW
March 25, 2024, 07:48:42 AM
 #103

For whoever still using Google Authenticator, do note that your secrets are in the cloud[2] which means that you are no longer in control of the data and a malicious entity may be able to access them.

One question: Is it easy to migrate from one service to another?

Or will it be necessary to do a new registration/configuration for each service that uses 2FA?

███████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████

███████████████████████
.
BC.GAME
▄▄▀▀▀▀▀▀▀▄▄
▄▀▀░▄██▀░▀██▄░▀▀▄
▄▀░▐▀▄░▀░░▀░░▀░▄▀▌░▀▄
▄▀▄█▐░▀▄▀▀▀▀▀▄▀░▌█▄▀▄
▄▀░▀░░█░▄███████▄░█░░▀░▀▄
█░█░▀░█████████████░▀░█░█
█░██░▀█▀▀█▄▄█▀▀█▀░██░█
█░█▀██░█▀▀██▀▀█░██▀█░█
▀▄▀██░░░▀▀▄▌▐▄▀▀░░░██▀▄▀
▀▄▀██░░▄░▀▄█▄▀░▄░░██▀▄▀
▀▄░▀█░▄▄▄░▀░▄▄▄░█▀░▄▀
▀▄▄▀▀███▄███▀▀▄▄▀
██████▄▄▄▄▄▄▄██████
.
..CASINO....SPORTS....RACING..


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
RickDeckard
Legendary
*
Offline Offline

Activity: 1148
Merit: 3119



View Profile
March 25, 2024, 09:39:59 AM
 #104

For whoever still using Google Authenticator, do note that your secrets are in the cloud[2] which means that you are no longer in control of the data and a malicious entity may be able to access them.

One question: Is it easy to migrate from one service to another?

Or will it be necessary to do a new registration/configuration for each service that uses 2FA?
Aegis supports importing your 2FA codes, so you don't need to add them individually into the application (or, worse, remove them first and add them on Aegis). If you use Google Authenticator you can try any of the methods explained here[1]. Aegis also supports backing up the file so that you can keep it in a safe place in the event that you loose your phone (for example).

[1]https://www.theverge.com/21410260/google-authenticator-2fa-how-to-phone-security-iphone-android

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Cricktor
Legendary
*
Offline Offline

Activity: 952
Merit: 1474


Crypto Swap Exchange


View Profile
March 25, 2024, 07:45:55 PM
 #105

One question: Is it easy to migrate from one service to another?

As far as I experienced it, migration from one app to another is rarely possible. Either the source 2FA app can show the secret in plain text or as QR code or export a backup file in which you can easily find the shared secrets of your 2FA accounts. But digital backup files are risky if you don't know how secure your device is which you usually can't know for certain depending on what internet shit you've already done with your device.

Therefore I developed the habit to make a physical backup on paper of the 2FA shared secret when I setup a new 2FA account. If I can get only a QR code for 2FA setup, I scan it with a designated privacy friendly QR code scan app that I have on my phone which allows me to decode the QR 2FA setup code and doesn't share this with any other app or cloud storage.

I don't make a digital photo of the 2FA setup QR code because usually pictures are uploaded to some cloud. If the QR code is displayed on a computer, printing it safely is another option. I make some effort to not leave any digital traces of 2FA setup codes on online digital devices.

Backup and migration is far from user friendly if you're concerned of security, unfortunately.


Or will it be necessary to do a new registration/configuration for each service that uses 2FA?

If you can't migrate a 2FA account or have no physical backup, that's unfortunately the only option to go for setup on a new device or 2FA app. I'd rather go the route to temporarily disable 2FA if that is possible and re-enable it for setup newly. But you have to be careful not to loose access and having to perform some painful recovery with service desk hell.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
RickDeckard
Legendary
*
Offline Offline

Activity: 1148
Merit: 3119



View Profile
March 26, 2024, 05:55:12 PM
 #106

As far as I experienced it, migration from one app to another is rarely possible. Either the source 2FA app can show the secret in plain text or as QR code or export a backup file in which you can easily find the shared secrets of your 2FA accounts. But digital backup files are risky if you don't know how secure your device is which you usually can't know for certain depending on what internet shit you've already done with your device.
This is the case with Google Authenticator. The application only provides the scanning of a QR code as the way to import the details into another device. The most probable scenario is that a user wants to import the codes into another application using the same smartphone, so they are forced to take a picture of the QR code (ideally with a non internet connected device such as a digital camera) and then scan that picture with their smartphone.

Isn't Google smart enough to know this is a cumbersome process and that they should provide a better way to export their users codes (such as an encrypted backup)? They are. Would they do it? No because this process makes it difficult for users to leave the application and acts more as a way to deter people from leaving the service.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
joker_josue
Legendary
*
Offline Offline

Activity: 1848
Merit: 5074


**In BTC since 2013**


View Profile WWW
March 26, 2024, 07:36:19 PM
 #107

Isn't Google smart enough to know this is a cumbersome process and that they should provide a better way to export their users codes (such as an encrypted backup)? They are. Would they do it? No because this process makes it difficult for users to leave the application and acts more as a way to deter people from leaving the service.

It is true that perhaps they create these difficulties, so that the person does not easily leave their services.
But we also have to be realistic, that if it were easy to obtain this information, security levels would lower, making it even easier for criminals to obtain this data.

███████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████

███████████████████████
.
BC.GAME
▄▄▀▀▀▀▀▀▀▄▄
▄▀▀░▄██▀░▀██▄░▀▀▄
▄▀░▐▀▄░▀░░▀░░▀░▄▀▌░▀▄
▄▀▄█▐░▀▄▀▀▀▀▀▄▀░▌█▄▀▄
▄▀░▀░░█░▄███████▄░█░░▀░▀▄
█░█░▀░█████████████░▀░█░█
█░██░▀█▀▀█▄▄█▀▀█▀░██░█
█░█▀██░█▀▀██▀▀█░██▀█░█
▀▄▀██░░░▀▀▄▌▐▄▀▀░░░██▀▄▀
▀▄▀██░░▄░▀▄█▄▀░▄░░██▀▄▀
▀▄░▀█░▄▄▄░▀░▄▄▄░█▀░▄▀
▀▄▄▀▀███▄███▀▀▄▄▀
██████▄▄▄▄▄▄▄██████
.
..CASINO....SPORTS....RACING..


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
Pages: « 1 2 3 4 5 [6]  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!