Godfrey
somewhat colored
I use 2factor authentication on any site that requires it. It is indeed a pain in the butt, but if required so be it.
If I don't value a particular site, well, who cares? I stop using the site.
I've never 'turned on' 2factor authentication as an option... I wait for a site to require it because that usually indicates that the site has been properly vetted by the owner/administrator and its operations team to use the authentication scheme properly, and that the authentication scheme usually works properly due to the maintenance and testing that has been applied.
I've also never used an authentication scheme that requires I have an account on some OTHER site to pass the authentication credentials through. To me, that's just begging for trouble as it mean at least two more points of entry for a credentials to be falsified/faked/rendered inoperative ... or stolen.
I don't consider myself to be any wiz at computer or network security. I know the basics, and I do what seems required as long as it doesn't seem ridiculous or fraught with more complexity/risk than is required.
What this is saying, in essence, is that when RangeFinder Forum has fully emplaced and vetted 2factor authentication such that it is a well-supported and known quantity for the site owner and the admin team to deal with, and requires it, then I'll simply do what I must to incorporate its use into my daily knocking about here because I do value this forum.
E.G.: when Apple put it in place, when my bank put it in place, when the US Social Security Administration and the California Department of Motor Vehicles put it in place (never mind Ebay and Paypal et al), I of course accepted it and follow the instructions for use. And when it or I screw up in using it, I contact those agencies and get assistance to make things work correctly.
G
If I don't value a particular site, well, who cares? I stop using the site.
I've never 'turned on' 2factor authentication as an option... I wait for a site to require it because that usually indicates that the site has been properly vetted by the owner/administrator and its operations team to use the authentication scheme properly, and that the authentication scheme usually works properly due to the maintenance and testing that has been applied.
I've also never used an authentication scheme that requires I have an account on some OTHER site to pass the authentication credentials through. To me, that's just begging for trouble as it mean at least two more points of entry for a credentials to be falsified/faked/rendered inoperative ... or stolen.
I don't consider myself to be any wiz at computer or network security. I know the basics, and I do what seems required as long as it doesn't seem ridiculous or fraught with more complexity/risk than is required.
What this is saying, in essence, is that when RangeFinder Forum has fully emplaced and vetted 2factor authentication such that it is a well-supported and known quantity for the site owner and the admin team to deal with, and requires it, then I'll simply do what I must to incorporate its use into my daily knocking about here because I do value this forum.
E.G.: when Apple put it in place, when my bank put it in place, when the US Social Security Administration and the California Department of Motor Vehicles put it in place (never mind Ebay and Paypal et al), I of course accepted it and follow the instructions for use. And when it or I screw up in using it, I contact those agencies and get assistance to make things work correctly. G
hap
Well-known
Would you consider DUO to be some OTHER site to pass the authentication?
The search of the IP addresses from the Ad revealed it was a scam. The RFF member was not active for a few years. The Member registered as being from CAlifornia, the Ad IP showed Morocco.
Would it be possible to require approval for Ads from a Moderator, and to check IP addresses as part of a standard operating procedure?
Also require that Location be Set as a Mandatory condition of placing the ad?
Would it be possible to require approval for Ads from a Moderator, and to check IP addresses as part of a standard operating procedure?
Also require that Location be Set as a Mandatory condition of placing the ad?
Dan
Let's Sway
I hear you but try a password manager. Then you only have to remember one password, everything else gets auto-filled on demand. Bitwarden is great and free but there are others.
Godfrey
somewhat colored
I don't know what or who DUO is, and have no basis for evaluating their accreditation as a credentialing agency.
Which is my point: evaluating and emplacing a credentialing system should be transparent to a user, it is the responsibility of the site installing 2factor authentication to do that vetting and relationship without need for the users to even know about it.
G
Coldkennels
Barnack-toting Brit.
The problem with this is that some people use VPNs as a matter of course, whether it be due to paranoia, network restrictions (i.e. at work/school/home), or government issues (i.e. China).
Two-factor authentication is rapidly becoming standard across the web. It's annoying, but it is what it is. I usually just use text message/SMS two-factor, as my phone messages come in on my laptop while I'm working anyway.
The 2-factor on RFF has been available since the site switched to Xenforo, and it's been an integral part of Xenforo for 7 years. So it's very well-established.
Godfrey
somewhat colored
Yes, that's when it is convenient. When I'm out and about and ONLY have my phone with me, and I want/need to connect to some service or forum, well ... That's usually the moment when I brain-fade and cannot remember the code or password which comes in on top of whatever app/site I'm looking at.
G
Godfrey
somewhat colored
If so, why was it not established as a site requirement and marketed as a security-plus to the participants?
As I said, I'm no computer/network security wizard, but it would seem to me that having added security with 2factor authentication for a site works best if *everyone* utilizes it, not some few who elect to use an option. And if it is so effective, then it should be required. That is, indeed, how the US SSA, Apple, Amazon, et al, view the matter.
G
You won't have to remember anything; you'll either get a code from one of the auth apps, or via your email.
Godfrey
somewhat colored
That is indeed how it is implemented on most of the sites I use that require it. And it only screws up about twice a month or so on every one of them.
G
Dogman
Veteran
Okay...good. Then I'll just continue to ignore it as always.
hap
Well-known
I have to use it for authentication as a part time physician in the UC hospital system and also required to authenticate or enter the network of a national radiology system.
It requires a smartphone app to authenticate.
Identity Security, MFA & SSO
Protect your workforce with Cisco Duo’s industry leading suite of identity security solutions, Single Sign-On (SSO), and Multi-Factor Authentication (MFA).
raydm6
Yay! Cameras! 🙈🙉🙊┌( ಠ_ಠ)┘ [◉"]
In the 2010's while working at a defense sub-contractor, I had to access supplier sites for NavAir, Raytheon, Boeing, Northrop Grumman, Lockheed, et. al. using 2FA dongles which produced a number string changing about every minute. Needed: Username, Password, PIN, then enter the dongle string before it changed...
I don't think they are used anymore as there are more elegant solutions available. I had quite a collection.
I always try to use bio-metrics (Face ID) when accessing sensitive sites/apps with my iPhone and also use it to access my Password app.
I don't think they are used anymore as there are more elegant solutions available. I had quite a collection.
I always try to use bio-metrics (Face ID) when accessing sensitive sites/apps with my iPhone and also use it to access my Password app.
Last edited:
hap
Well-known
MDToolbox (for doctors using eRX to pharmacies) use this t ype of authentication. the dongle changes every 15 seconds.In the 2010's while working at a defense sub-contractor, I had to access supplier sites for NavAir, Raytheon, Boeing, Northrop Grumman, Lockheed, et. al. using 2FA dongles which produced a number string changing about every minute. Needed: Username, Password, PIN, then enter the dongle string before it changed...
I don't think they are used anymore as there are more elegant solutions available. I had quite a collection.
I always try to use bio-metrics (Face ID) when accessing sensitive sites/apps with my iPhone and also use it to access my Password app.
Xenforo 2FA will work with any app authenticator that supports OATH TOTP protocol, there are many (including Duo)
The problem is not with RFF members that sign in on a regular basis. The problem is with accounts that have not been accessed for a long time.
Sweep through the old accounts and have the accounts require moderator approval to place a post as we do for a new account. This places the burden on the Admin and Moderators, not on the RFF members.
TFA is not the norm for smaller sites such as this one.
Sweep through the old accounts and have the accounts require moderator approval to place a post as we do for a new account. This places the burden on the Admin and Moderators, not on the RFF members.
TFA is not the norm for smaller sites such as this one.
JohnGellings
Well-known
OP, why not just:
Call PayPal Customer Support
1-888-221-1161 and your credit card and be done with it.
Call PayPal Customer Support
1-888-221-1161 and your credit card and be done with it.
I believe the OP has taken this action, and the conversation has turned towards methods to prevent scam ads on RFF.
I was surprised that Paypal did not reverse charges when my wife reported Fraud, just after the data breach, and it was her Credit Card company that ended up reversing the charges. Paypal opened a dispute case, but was very, very slow. So slow- the credit card company fixed the problem. Paypal would not let my wife close the account while the dispute was open. A few months went by, guess Paypal figured they were not going to get to keep their fees, dispute over- then she closed it.
I was surprised that Paypal did not reverse charges when my wife reported Fraud, just after the data breach, and it was her Credit Card company that ended up reversing the charges. Paypal opened a dispute case, but was very, very slow. So slow- the credit card company fixed the problem. Paypal would not let my wife close the account while the dispute was open. A few months went by, guess Paypal figured they were not going to get to keep their fees, dispute over- then she closed it.