Newbies how to use the 2FA security system in the account?

[AirtelBuzz]

Many accounts in our forum get hacked or many steal maybe to solve this problem forum admin @theymos and @PowerGlove introduced a feature where you can protect your account through 2FA security system.
theymos post link: 2FA Added:>> https://bitcointalk.org/index.php?topic=5478824.0

So let's start discussing in detail how to use this 2FA security system on your account.
First you login to your bitcointalk account and after login click on account related setting.


After clicking on account related settings, you will see a page like this. There you can see your account username and the Gmail used in your account which you provided while opening the account. You can also see two factor authentication status. This two factor authentication status will be disabled you need to enable or enable it. To enable it, you will see that it says Enable Two Factor Authentication, you will tick the blank box

Then you will see the shared secret (base32) written under authentication, you will see that I have covered it with a red mark, you should copy that. And copy if you have Google authenticator then set it there as you have set your authenticator of Binance exchange and Kucoin exchange and save it.
If you don't have it then go to Google Play Store and download it.
Download link; https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2



After setting your google authenticator, copy the code from there and paste the Confirm OTP blank.
After pasting, see Current Password is written below, enter your password, then click on Change Profile in the right corner.
Then the 2FA security system will be added to your account

I have also used this 2FA security system and am showing it to you in my account.When logging in to the account in which you have used the 2FA security system, copy the username password of your account and the code from google authenticator and paste the blank OTP and click on the login option

In this way you can use 2FA authentication system in your account.

[1714701534]

1714701534

[Just Say]

I'm a new member here and can't figure out how to use it on my account.

[AirtelBuzz]

I'm a new member here and can't figure out how to use it on my account.

You are a new member This post is for new members.
Pay full attention and try to understand the whole post maybe you will succeed.

Try again and best of luck

[Faisal2202]

I'm a new member here and can't figure out how to use it on my account.

OP has made good efforts in explaining this 2FA feature. I doubted if anyone would still be confused about it, although I was also confused about it, but on the main post of theymos some members cleared up my doubts related to QR and the unique code we are given with.

I will say, follow the steps that OP has shown, then come back here and tell us if you are stuck somewhere, and we might be able to help you.

[Potato Chips]

But rather than google authenticator, I suggest opting for aegis instead!

Couple of reasons are:

1. It's open source - google auth isn't
2. Offers encryption - google auth doesn't provide
3. Smoother and safer backup scheme - IIRC, google auth only provides QR code image (and you can't take a screenshot of this in-app) which you can use to export entries plus cloud backups. In aegis, you can automate encrypted backup files which you can then copy to other drive/s as a 2nd or 3rd backup.
4. Has a good history of being maintained regularly - google auth has actually been abandoned for so long and it was only recently that they started making some changes.

Get it at https://getaegis.app/

[nakamura12]

Some newbies might find it hard to follow or to know where you can see the account related settings. If they didn't know where it is then i'll share it to them. It is in the "Profile" that is shown in the left top side right beside the search and my messages. Anyway, OP it would be better if you use different authenticator like aegis that potato chips provided and also the reasons why google authenticator isn't good to use.

[Saint-loup]

OP has made good efforts in explaining this 2FA feature. I doubted if anyone would still be confused about it, although I was also confused about it, but on the main post of theymos some members cleared up my doubts related to QR and the unique code we are given with.

I will say, follow the steps that OP has shown, then come back here and tell us if you are stuck somewhere, and we might be able to help you.

Unfortunately OP seems to have forgotten one critical thing about QR code and 2FA key : you should store it carefully elsewhere because the one displayed onto the profile is freshly generated each time you go the page or you reload it. So people shouldn't think the 2FA key is sustainably stored into their profile if they lost their smartphone or remove the code from the app they will have a bad surprise if they can't access their email box either.

[2Pizza410000BTC]

I'm a new member here and can't figure out how to use it on my account.

Yes I see you are new but the OP explained it very well here hopefully every new member will understand better. OTP is introduced to increase account security. But it's personal matter if you want you can start OTP system but after starting OTP you must keep 2FA private key very carefully. Because if you lose your 2FA private key, you will not be able to access your account.

[cryptoaddictchie]

Since Im not visiting that page I didnt noticed that 2fa, so its really active now and can be used. Anyway thanks for sharing, with this post, I might set up mine anytime sooner. I really dont mind it before but good to have 2fa for added security.

Because if you lose your 2FA private key, you will not be able to access your account.

Everyone must ALWAYS remember this cause not sure if it can be recover, like other 2fa if gotten lost.

[dzungmobile]

Aegis was introduced by mk4 4 years ago in 2019.

Some more 2FA tools and password managers for better password creation and management.
https://www.privacytools.io/secure-password-manager

Adding 2FA for Bitcointalk accounts is great but users must know they should do other things to secure their accounts and for account recovery later.


Signing a Bitcoin message from a staked Bitcoin address.
Signing a message from a PGP key.

Stake your PGP key.
Stake your Bitcoin address.

[MFahad]

But rather than google authenticator, I suggest opting for aegis instead!

Couple of reasons are:

1. It's open source - google auth isn't
2. Offers encryption - google auth doesn't provide
3. Smoother and safer backup scheme - IIRC, google auth only provides QR code image (and you can't take a screenshot of this in-app) which you can use to export entries plus cloud backups. In aegis, you can automate encrypted backup files which you can then copy to other drive/s as a 2nd or 3rd backup.
4. Has a good history of being maintained regularly - google auth has actually been abandoned for so long and it was only recently that they started making some changes.

Get it at https://getaegis.app/

adding a 2 factor verification method needs a lot of time and coding. they've already did a lot of work implementing google 2FA and it is not been so long. I don't think Forum Admins would like to add another one or change  current Google 2 Factor into Aegis
I prefer Google 2FA, every website and application I know use google 2fa. it sounds more authentic than a relatively unkown company. BTW I had never heard of Aegis before. it looks like it has been around for quite a few years. but still, I didn't see any website or apps using their 2fa.

[leonair]

I'm a new member here and can't figure out how to use it on my account.

OP has made good efforts in explaining this 2FA feature. I doubted if anyone would still be confused about it, although I was also confused about it, but on the main post of theymos some members cleared up my doubts related to QR and the unique code we are given with.

I will say, follow the steps that OP has shown, then come back here and tell us if you are stuck somewhere, and we might be able to help you.

2FA security system is used almost everywhere now so everyone should know it and I think everyone knows it though op explained it very nicely which will be very useful for newbies. But for me it's not a big deal. Anyway thanks to the op for clarifying the issue here very quickly after the feature was introduced on the forum. This post is very helpful for those who are not familiar with 2FA.

[NeuroticFish]

2FA security system is used almost everywhere now so everyone should know it

Still I can bet that most use 2FA software on the same device as the websites/apps needing 2FA for authentication (hence still pretty much one single point of failure, hence doing it wrong).
2FA is nice, but without certain precautions it's not so useful.
I think that having a bitcoin address staked in the proper place in the forum (and obviously, keeping its seed/private key really safe) is the correct move. All the rest, including this 2FA, is just some nice additions.

[Upgrade00]

Still I can bet that most use 2FA software on the same device as the websites/apps needing 2FA for authentication (hence still pretty much one single point of failure, hence doing it wrong).

Ideally it should be done on different devices but having them on the same device does not defeat the purpose of it. For example it can protect against a leak of your password, cause the attacker will still need your 2FA code to get into your account.
Not all breaches results in total security break on the device, so it has its perks.

I think that having a bitcoin address staked in the proper place in the forum (and obviously, keeping its seed/private key really safe) is the correct move. All the rest, including this 2FA, is just some nice additions.

Staking your address helps to recover your account after a hack, it does not protect you from one or the consequences.

[hd49728]

I think that having a bitcoin address staked in the proper place in the forum (and obviously, keeping its seed/private key really safe) is the correct move. All the rest, including this 2FA, is just some nice additions.

If staking a Bitcoin address and a Bitcoin signed message is reminded in a notification for all new registered members in Bitcoin Talk, it will be useful for many new users.

I think it is more useful if it is not only an one-time notification after registration but also a pinned message for all users.

It is useful if 2FA, staking a Bitcoin address, a signed message is written in welcome message.

[NeuroticFish]

If staking a Bitcoin address and a Bitcoin signed message is reminded in a notification for all new registered members in Bitcoin Talk, it will be useful for many new users.

I think it is more useful if it is not only an one-time notification after registration but also a pinned message for all users.

It is useful if 2FA, staking a Bitcoin address, a signed message is written in welcome message.

I think the way to have the best impact would be to make an infoid item about it.
The newcomers will most probably not know how to sign a message and such "requirement", even if not enforced, might scare them. On the other hand, seeing every few days about it could convince even existing users they may want to make an effort and learn how to secure their account.

Both are valid points, indeed.

[Potato Chips]

adding a 2 factor verification method needs a lot of time and coding. they've already did a lot of work implementing google 2FA and it is not been so long. I don't think Forum Admins would like to add another one or change  current Google 2 Factor into Aegis

The forum does not need to change anything since any totp app works. Aegis and Google authenticator are both totp app hence both should work.

I prefer Google 2FA, every website and application I know use google 2fa. it sounds more authentic than a relatively unkown company. BTW I had never heard of Aegis before. it looks like it has been around for quite a few years. but still, I didn't see any website or apps using their 2fa.

Platforms typically mention google authenticator but this doesn't mean only google auth works. I believe, I've also listed why aegis is a lot better than google auth but I just wanna say that they're not:

1. relatively unknown - if you look up on online communites such reddit, it actually been recommeded a lot particularly on privacy and security focused communities, and even on bitcointalk by prominent members. also see their github: https://github.com/beemdevelopment/Aegis

2. nor a company - just some fellas doing god's work at no cost

[albon]

This was one of the best features released this year, and indeed, they should activate this feature in the forum and in the accounts of the platforms they constantly use. This feature will help forum members increase the security level of their accounts, making it difficult for scammers to change their passwords or email addresses when an active OTP is present in their accounts. It is crucial for Newbies to download the official Google Authenticator app from Google Play, as mentioned by OP, or from the Apple Store without downloading any fake apps or from outside these trusted stores. Increasing protection in their email is important, using a genuine email rather than a fake one generated by a website. It is advisable to link the two-factor authentication app with the email so that in case of a lost phone, they can recover OTP codes and retain the Shared secret (Base32) code in a secure place.

Thanks to you, OP, for sharing this tutorial, and I hope many who don't know how to activate this important feature will implement it.

[Iced]

This a good one to end the year with For me, this is the best news on BT this year.

Though, as some already have said, I would recommend Aegis or Authenticator Pro (both on Android) as your 2FA app.

[Luzin]

Platforms typically mention google authenticator but this doesn't mean only google auth works. I believe, I've also listed why aegis is a lot better than google auth but I just wanna say that they're not:

1. relatively unknown - if you look up on online communites such reddit, it actually been recommeded a lot particularly on privacy and security focused communities, and even on bitcointalk by prominent members. also see their github: https://github.com/beemdevelopment/Aegis

2. nor a company - just some fellas doing god's work at no cost

I wish this existed since hearing about a lot of accounts being stolen. Of course I feel happy because there is multi-level security.

There are indeed several 2fa application options, but I have only heard of two familiar ones, Google Authenticator and Auty. I am a user of one of them. I've been using it for 9 years for my trading account. Right now I feel comfortable and quite safe. As for Aegis, I heard about it not long ago but I don't believe it yet. There is a feeling of hesitation to switch. But thank you, this makes me try to continue researching Aegis.