Pretty sure I was just scammed.

I use 2factor authentication on any site that requires it. It is indeed a pain in the butt, but if required so be it.
If I don't value a particular site, well, who cares? I stop using the site.

I've never 'turned on' 2factor authentication as an option... I wait for a site to require it because that usually indicates that the site has been properly vetted by the owner/administrator and its operations team to use the authentication scheme properly, and that the authentication scheme usually works properly due to the maintenance and testing that has been applied.

I've also never used an authentication scheme that requires I have an account on some OTHER site to pass the authentication credentials through. To me, that's just begging for trouble as it mean at least two more points of entry for a credentials to be falsified/faked/rendered inoperative ... or stolen.

I don't consider myself to be any wiz at computer or network security. I know the basics, and I do what seems required as long as it doesn't seem ridiculous or fraught with more complexity/risk than is required.

What this is saying, in essence, is that when RangeFinder Forum has fully emplaced and vetted 2factor authentication such that it is a well-supported and known quantity for the site owner and the admin team to deal with, and requires it, then I'll simply do what I must to incorporate its use into my daily knocking about here because I do value this forum. 🙂 E.G.: when Apple put it in place, when my bank put it in place, when the US Social Security Administration and the California Department of Motor Vehicles put it in place (never mind Ebay and Paypal et al), I of course accepted it and follow the instructions for use. And when it or I screw up in using it, I contact those agencies and get assistance to make things work correctly.

G
 
The search of the IP addresses from the Ad revealed it was a scam. The RFF member was not active for a few years. The Member registered as being from CAlifornia, the Ad IP showed Morocco.

Would it be possible to require approval for Ads from a Moderator, and to check IP addresses as part of a standard operating procedure?
Also require that Location be Set as a Mandatory condition of placing the ad?
 
Dogman said:
This is all beyond my level of comprehension. Making something so secure it's a PITA to use makes it useless to me. I'm old, barely computer literate and life is becoming so damn complex I'm almost glad I'll die soon. I have to remember multiple passwords and user names on multiple accounts, each with multiple letters, numbers and symbols so I save these in my iPhone but I expect someone will eventually hack into that system and eff it up, requiring more levels of security. I'm willing to roll the dice and keep my fingers crossed. I can't live in a locked-in world.


.....................
Click to expand...
I hear you but try a password manager. Then you only have to remember one password, everything else gets auto-filled on demand. Bitwarden is great and free but there are others.
 
hap said:
Would you consider DUO to be some OTHER site to pass the authentication?
Click to expand...
I don't know what or who DUO is, and have no basis for evaluating their accreditation as a credentialing agency.

Which is my point: evaluating and emplacing a credentialing system should be transparent to a user, it is the responsibility of the site installing 2factor authentication to do that vetting and relationship without need for the users to even know about it.

G
 
Sonnar Brian said:
The search of the IP addresses from the Ad revealed it was a scam. The RFF member was not active for a few years. The Member registered as being from CAlifornia, the Ad IP showed Morocco.

Would it be possible to require approval for Ads from a Moderator, and to check IP addresses as part of a standard operating procedure?
Also require that Location be Set as a Mandatory condition of placing the ad?
Click to expand...
The problem with this is that some people use VPNs as a matter of course, whether it be due to paranoia, network restrictions (i.e. at work/school/home), or government issues (i.e. China).

Two-factor authentication is rapidly becoming standard across the web. It's annoying, but it is what it is. I usually just use text message/SMS two-factor, as my phone messages come in on my laptop while I'm working anyway.
 
The 2-factor on RFF has been available since the site switched to Xenforo, and it's been an integral part of Xenforo for 7 years. So it's very well-established.
 
Coldkennels said:
...Two-factor authentication is rapidly becoming standard across the web. It's annoying, but it is what it is. I usually just use text message/SMS two-factor, as my phone messages come in on my laptop while I'm working anyway.
Click to expand...
Yes, that's when it is convenient. When I'm out and about and ONLY have my phone with me, and I want/need to connect to some service or forum, well ... That's usually the moment when I brain-fade and cannot remember the code or password which comes in on top of whatever app/site I'm looking at.

G
 
splitimageview said:
The 2-factor on RFF has been available since the site switched to Xenforo, and it's been an integral part of Xenforo for 7 years. So it's very well-established.
Click to expand...
If so, why was it not established as a site requirement and marketed as a security-plus to the participants?

As I said, I'm no computer/network security wizard, but it would seem to me that having added security with 2factor authentication for a site works best if *everyone* utilizes it, not some few who elect to use an option. And if it is so effective, then it should be required. That is, indeed, how the US SSA, Apple, Amazon, et al, view the matter.

G
 
Godfrey said:
When I'm out and about and ONLY have my phone with me, and I want/need to connect to some service or forum, well ... That's usually the moment when I brain-fade and cannot remember the code or password which comes in on top of whatever app/site I'm looking at.
Click to expand...
You won't have to remember anything; you'll either get a code from one of the auth apps, or via your email.
 
Godfrey said:
If so, why was it not established as a site requirement and marketed as a security-plus to the participants?

As I said, I'm no computer/network security wizard, but it would seem to me that having added security with 2factor authentication for a site works best if *everyone* utilizes it, not some few who elect to use an option. And if it is so effective, then it should be required.
Click to expand...

You'd need to ask the owner of the site. 🙂
 
Godfrey said:
I don't know what or who DUO is, and have no basis for evaluating their accreditation as a credentialing agency.

Which is my point: evaluating and emplacing a credentialing system should be transparent to a user, it is the responsibility of the site installing 2factor authentication to do that vetting and relationship without need for the users to even know about it.

G
Click to expand...
I have to use it for authentication as a part time physician in the UC hospital system and also required to authenticate or enter the network of a national radiology system.

It requires a smartphone app to authenticate.

duo.com

Identity Security, MFA & SSO

Protect your workforce with Cisco Duo’s industry leading suite of identity security solutions, Single Sign-On (SSO), and Multi-Factor Authentication (MFA).
duo.com duo.com
 
In the 2010's while working at a defense sub-contractor, I had to access supplier sites for NavAir, Raytheon, Boeing, Northrop Grumman, Lockheed, et. al. using 2FA dongles which produced a number string changing about every minute. Needed: Username, Password, PIN, then enter the dongle string before it changed... 🙂

I don't think they are used anymore as there are more elegant solutions available. I had quite a collection.

I always try to use bio-metrics (Face ID) when accessing sensitive sites/apps with my iPhone and also use it to access my Password app.

iu
iu
 
Last edited:
raydm6 said:
In the 2010's while working at a defense sub-contractor, I had to access supplier sites for NavAir, Raytheon, Boeing, Northrop Grumman, Lockheed, et. al. using 2FA dongles which produced a number string changing about every minute. Needed: Username, Password, PIN, then enter the dongle string before it changed... 🙂

I don't think they are used anymore as there are more elegant solutions available. I had quite a collection.

I always try to use bio-metrics (Face ID) when accessing sensitive sites/apps with my iPhone and also use it to access my Password app.

iu
iu
Click to expand...
MDToolbox (for doctors using eRX to pharmacies) use this t ype of authentication. the dongle changes every 15 seconds.
 
The problem is not with RFF members that sign in on a regular basis. The problem is with accounts that have not been accessed for a long time.
Sweep through the old accounts and have the accounts require moderator approval to place a post as we do for a new account. This places the burden on the Admin and Moderators, not on the RFF members.

TFA is not the norm for smaller sites such as this one.
 
I believe the OP has taken this action, and the conversation has turned towards methods to prevent scam ads on RFF.

I was surprised that Paypal did not reverse charges when my wife reported Fraud, just after the data breach, and it was her Credit Card company that ended up reversing the charges. Paypal opened a dispute case, but was very, very slow. So slow- the credit card company fixed the problem. Paypal would not let my wife close the account while the dispute was open. A few months went by, guess Paypal figured they were not going to get to keep their fees, dispute over- then she closed it.
 
You must log in or register to reply here.

Similar threads

J
  • Article Article
Buying on eBay: A Savvy Guide to the World’s Top Online Auction Site
2
Replies
34
Views
2K
WoodallP
WoodallP
TenEleven
  • Sticky
TenEleven's Zeiss Contax (I, II, IIa) Lens Compendium
2 3
Replies
54
Views
11K
davidswiss
D
Back
Top Bottom