The Rolex Forums   The Rolex Watch

ROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEX


Go Back   Rolex Forums - Rolex Forum > Miscellaneous Forums > Announcements/feedback & support

Reply
 
Thread Tools Display Modes
Old 17 June 2020, 10:23 PM   #1
Lol-x
Facilitator
 
Lol-x's Avatar
 
Join Date: Nov 2005
Real Name: Steve
Location: Omnipresent
Posts: 33,544
2 Factor Authentication

Hi guys

Please get the app for your phone 'Authy" from your Apple iPhone/iPad or Android app store or the Authy website for a desktop/notebook version.
Authy can also be used on your desktop computer.

Then go to your TRF 'User CP' (on the left at menu row near the top of this page) and if you scroll down you will see at the bottom of the column on the left hand side '2 factor authentication'.

Click the "Enable 2 factor authentication" button.

This should provide a second level of security so scammers cannot access your account (even if they steal) your log in credentials.

306.png
Authy-G-Authenticator.jpg
__________________

Most folks are about as happy as they make up their minds to be. ~Abraham Lincoln
Nothing compares to the simple pleasure of a bike ride. ~John F. Kennedy

ROLEXploitation - yeah I'm a victim
Lol-x is offline   Reply With Quote
Old 17 June 2020, 10:36 PM   #2
beshannon
"TRF" Member
 
beshannon's Avatar
 
Join Date: Jun 2009
Real Name: Brian
Location: Northern Virginia
Watch: One of Not Many
Posts: 17,892
Thank you, done!
__________________
IWC Portugieser 7 Day, Omega Seamaster SMP300m, Vacheron Constantin Traditionnelle Complete Calendar, Glashutte PanoInverse, Glashutte SeaQ Panorama Date, Omega Aqua Terra 150, Omega CK 859, Omega Speedmaster 3861 Moonwatch, Breitling Superocean Steelfish, JLC Atmos Transparent Clock
beshannon is offline   Reply With Quote
Old 17 June 2020, 10:42 PM   #3
Lol-x
Facilitator
 
Lol-x's Avatar
 
Join Date: Nov 2005
Real Name: Steve
Location: Omnipresent
Posts: 33,544
Quote:
Originally Posted by beshannon View Post
Thank you, done!
So did it work for you?

You will not have to do it every time, only if you log in from an unrecognised location.
__________________

Most folks are about as happy as they make up their minds to be. ~Abraham Lincoln
Nothing compares to the simple pleasure of a bike ride. ~John F. Kennedy

ROLEXploitation - yeah I'm a victim
Lol-x is offline   Reply With Quote
Old 17 June 2020, 10:49 PM   #4
beshannon
"TRF" Member
 
beshannon's Avatar
 
Join Date: Jun 2009
Real Name: Brian
Location: Northern Virginia
Watch: One of Not Many
Posts: 17,892
Quote:
Originally Posted by Lol-x View Post
So did it work for you?

You will not have to do it every time, only if you log in from an unrecognised location.
Yes worked fine, I use the Google authenticator for many sites. 2FA is great.
__________________
IWC Portugieser 7 Day, Omega Seamaster SMP300m, Vacheron Constantin Traditionnelle Complete Calendar, Glashutte PanoInverse, Glashutte SeaQ Panorama Date, Omega Aqua Terra 150, Omega CK 859, Omega Speedmaster 3861 Moonwatch, Breitling Superocean Steelfish, JLC Atmos Transparent Clock
beshannon is offline   Reply With Quote
Old 17 June 2020, 10:54 PM   #5
Lol-x
Facilitator
 
Lol-x's Avatar
 
Join Date: Nov 2005
Real Name: Steve
Location: Omnipresent
Posts: 33,544
Thank you.

What it means, if enabled by you now, that your account cannot be stolen and your password is useless to anyone but you.

So please everyone enable this now, its very straightforward.
__________________

Most folks are about as happy as they make up their minds to be. ~Abraham Lincoln
Nothing compares to the simple pleasure of a bike ride. ~John F. Kennedy

ROLEXploitation - yeah I'm a victim
Lol-x is offline   Reply With Quote
Old 17 June 2020, 11:00 PM   #6
77T
2024 SubLV41 Pledge Member
 
77T's Avatar
 
Join Date: Dec 2010
Real Name: PaulG
Location: Georgia
Posts: 41,843
Quote:
Originally Posted by Lol-x View Post
Thank you.

What it means, if enabled by you now, that your account cannot be stolen and your password is useless to anyone but you.

So please everyone enable this now, its very straightforward.


Great work Steve.

Do you envision this might become a requirement for sellers?

It’s those accounts that are targeted by scammers methinks.


Sent from my iPhone using Tapatalk Pro
__________________


Does anyone really know what time it is?
77T is offline   Reply With Quote
Old 17 June 2020, 11:03 PM   #7
vint0
Banned
 
Join Date: May 2020
Location: USA
Watch: Rolex 116610ln
Posts: 136
Thanks a lot OP for this information.
vint0 is offline   Reply With Quote
Old 17 June 2020, 11:06 PM   #8
Lol-x
Facilitator
 
Lol-x's Avatar
 
Join Date: Nov 2005
Real Name: Steve
Location: Omnipresent
Posts: 33,544
Quote:
Originally Posted by 77T View Post
Great work Steve.

Do you envision this might become a requirement for sellers?
Not just sellers, but EVERYONE, its very important.
However, it is critical for sellers.

The forum reserves the right to nevertheless ban people and require them to undergo an authentication process if they are suspected of untoward account activity.
__________________

Most folks are about as happy as they make up their minds to be. ~Abraham Lincoln
Nothing compares to the simple pleasure of a bike ride. ~John F. Kennedy

ROLEXploitation - yeah I'm a victim
Lol-x is offline   Reply With Quote
Old 17 June 2020, 11:07 PM   #9
77T
2024 SubLV41 Pledge Member
 
77T's Avatar
 
Join Date: Dec 2010
Real Name: PaulG
Location: Georgia
Posts: 41,843
Steve
I tried it with TapaTalk but don’t believe their server is linked? Sorry for the extra question.


Sent from my iPhone using Tapatalk Pro
__________________


Does anyone really know what time it is?
77T is offline   Reply With Quote
Old 17 June 2020, 11:10 PM   #10
stylinleems
2024 SubLV41 Pledge Member
 
stylinleems's Avatar
 
Join Date: Mar 2011
Location: N/A
Watch: 116500
Posts: 3,209
Enabled with no issues.

Thank you Steve!!
__________________
Rolex: 126334 (BL) | 116610LN | 116500LN (WT) | 116500LN (BK) | 126710BLRO | 116610LV | 116710BLNR
stylinleems is offline   Reply With Quote
Old 17 June 2020, 11:11 PM   #11
stylinleems
2024 SubLV41 Pledge Member
 
stylinleems's Avatar
 
Join Date: Mar 2011
Location: N/A
Watch: 116500
Posts: 3,209
Quote:
Originally Posted by 77T View Post
Steve
I tried it with TapaTalk but don’t believe their server is linked? Sorry for the extra question.


Sent from my iPhone using Tapatalk Pro
I just tried with Tapatalk but wasn't given the option. Had to use the computer to activate / view the Two Factor option under User CP.
__________________
Rolex: 126334 (BL) | 116610LN | 116500LN (WT) | 116500LN (BK) | 126710BLRO | 116610LV | 116710BLNR
stylinleems is offline   Reply With Quote
Old 17 June 2020, 11:13 PM   #12
77T
2024 SubLV41 Pledge Member
 
77T's Avatar
 
Join Date: Dec 2010
Real Name: PaulG
Location: Georgia
Posts: 41,843
Quote:
Originally Posted by stylinleems View Post
I just tried with Tapatalk but wasn't given the option. Had to use the computer to activate.

Thanks much. I access multiple forums so TapaTalk actually intermediates the authentication process.


Sent from my iPhone using Tapatalk Pro
__________________


Does anyone really know what time it is?
77T is offline   Reply With Quote
Old 17 June 2020, 11:14 PM   #13
Lol-x
Facilitator
 
Lol-x's Avatar
 
Join Date: Nov 2005
Real Name: Steve
Location: Omnipresent
Posts: 33,544
To enable it, I think you need the full TRF interface.
Tapatalk is a slimmed down version.
So just install it from a normal computer first and you are good to go.

306.png
__________________

Most folks are about as happy as they make up their minds to be. ~Abraham Lincoln
Nothing compares to the simple pleasure of a bike ride. ~John F. Kennedy

ROLEXploitation - yeah I'm a victim
Lol-x is offline   Reply With Quote
Old 18 June 2020, 03:19 AM   #14
42itus
"TRF" Member
 
42itus's Avatar
 
Join Date: Sep 2018
Real Name: Tom
Location: Honolulu
Watch: 116519LN
Posts: 3,828
OK done. Thanks Steve for the suggestion.


Sent from my iPhone using Tapatalk
42itus is offline   Reply With Quote
Old 18 June 2020, 03:44 AM   #15
ZOOK
2024 SubLV41 Pledge Member
 
ZOOK's Avatar
 
Join Date: Sep 2017
Real Name: Dave
Location: PDX
Posts: 9,812
I turned on 2 Factor Authentication.


I changed my password and nothing. Do I have to hit the road to experience the re-authentication process? Can someone with experience with this form of 2 factor authentication warn me (and everybody else that will enable it) what to expect when I/we may have to re-authenticate in the future.


If this is voluntary, is there any way of telling if another member is using 2 Factor Authentication?
ZOOK is offline   Reply With Quote
Old 18 June 2020, 04:19 AM   #16
Goodwatch
"TRF" Member
 
Goodwatch's Avatar
 
Join Date: Aug 2005
Real Name: Frans ®
Location: Rotterdam
Watch: the sunrise...
Posts: 10,230
Thanks Steve. I have enabled 2FA for this forum, logged out and could log back in without the 2FA kicking in. After that I have tried it in two more different browsers (so Firefox, Google Chrome and Safari in total) but the 2FA never kicked in. And I'm an avid 2FA user and have it enabled on my Nest, Synology NAS, you name it. If I go back to my control panel and click 'Two-factor authentication' again, I have the option to disable it so it is switched on. Do any other members experience the same?
__________________
Member# 127
Goodwatch is offline   Reply With Quote
Old 18 June 2020, 04:21 AM   #17
cop414
TRF Moderator & 2024 SubLV41 Patron
 
cop414's Avatar
 
Join Date: Apr 2012
Real Name: Tim
Location: Pennsylvania
Watch: 14060M
Posts: 72,058
Got it, worked for me.
__________________

Rolex Submariner 14060M
Omega Seamaster 2254.50
DOXA Professional 1200T

Card carrying member of TRF's Global Association of Retro-Grouch-Curmudgeons
TRF's "After Dark" Bar & NightClub Patron
P Club Member #17
2 FA ENABLED
cop414 is offline   Reply With Quote
Old 18 June 2020, 04:31 AM   #18
GradyPhilpott
2024 SubLV41 Pledge Member
 
GradyPhilpott's Avatar
 
Join Date: Sep 2008
Location: New Mexico
Watch: Seiko #SRK050
Posts: 34,446
Done!
__________________
JJ

Inaugural TRF $50 Watch Challenge Winner
GradyPhilpott is online now   Reply With Quote
Old 18 June 2020, 04:49 AM   #19
Latrodectus
2024 SubLV41 Pledge Member
 
Latrodectus's Avatar
 
Join Date: Sep 2008
Real Name: Fred
Location: KY, USA
Watch: GMT-Master II
Posts: 10,039
Done...thank you Steve!
__________________

Member # 16057
4-Hands Club
Tosser Club Member
TRF Skypers Group
Latrodectus is offline   Reply With Quote
Old 18 June 2020, 05:04 AM   #20
Brew
"TRF" Member
 
Brew's Avatar
 
Join Date: Mar 2018
Real Name: Larry
Location: Finger Lakes
Posts: 6,007
hmmm, I'm not seeing the google app in the App Store.
Brew is offline   Reply With Quote
Old 18 June 2020, 05:04 AM   #21
ZOOK
2024 SubLV41 Pledge Member
 
ZOOK's Avatar
 
Join Date: Sep 2017
Real Name: Dave
Location: PDX
Posts: 9,812
Quote:
Originally Posted by Lol-x View Post
So did it work for you?

You will not have to do it every time, only if you log in from an unrecognised location.
Quote:
Originally Posted by Goodwatch View Post
Thanks Steve. I have enabled 2FA for this forum, logged out and could log back in without the 2FA kicking in. After that I have tried it in two more different browsers (so Firefox, Google Chrome and Safari in total) but the 2FA never kicked in. And I'm an avid 2FA user and have it enabled on my Nest, Synology NAS, you name it. If I go back to my control panel and click 'Two-factor authentication' again, I have the option to disable it so it is switched on. Do any other members experience the same?

From what Steve 'Lol-x' said above, I think the re-authentication only kicks in when/if you change your ip address. Can you test that?
ZOOK is offline   Reply With Quote
Old 18 June 2020, 05:52 AM   #22
Lol-x
Facilitator
 
Lol-x's Avatar
 
Join Date: Nov 2005
Real Name: Steve
Location: Omnipresent
Posts: 33,544
All I'll say is it is working.
Don't ask technical questions about how it works.
Security modus operandi are not going to be revealed.
No security system is infallible, but this 2FA is an extra and a very worthwhile layer of added protection.

One should always be on guard against persons seeking unauthorised access to ones account.
__________________

Most folks are about as happy as they make up their minds to be. ~Abraham Lincoln
Nothing compares to the simple pleasure of a bike ride. ~John F. Kennedy

ROLEXploitation - yeah I'm a victim
Lol-x is offline   Reply With Quote
Old 18 June 2020, 05:59 AM   #23
Goodwatch
"TRF" Member
 
Goodwatch's Avatar
 
Join Date: Aug 2005
Real Name: Frans ®
Location: Rotterdam
Watch: the sunrise...
Posts: 10,230
I stand corrected. You can easily test it by using your smart phone, switch off WiFi (it then jumps to 4G (in my case) and your phone will be assigned a new IP-address. And yes, 2FA kicks in very elegantly. Thanks again and indeed, very recommendable!
__________________
Member# 127
Goodwatch is offline   Reply With Quote
Old 18 June 2020, 11:27 AM   #24
cop414
TRF Moderator & 2024 SubLV41 Patron
 
cop414's Avatar
 
Join Date: Apr 2012
Real Name: Tim
Location: Pennsylvania
Watch: 14060M
Posts: 72,058
Quote:
Originally Posted by Brew View Post
hmmm, I'm not seeing the google app in the App Store.
It’s there.
Attached Images
File Type: jpeg E36AB4B7-79BE-4B81-B2BF-38CEF504D766.jpeg (58.3 KB, 1380 views)
__________________

Rolex Submariner 14060M
Omega Seamaster 2254.50
DOXA Professional 1200T

Card carrying member of TRF's Global Association of Retro-Grouch-Curmudgeons
TRF's "After Dark" Bar & NightClub Patron
P Club Member #17
2 FA ENABLED
cop414 is offline   Reply With Quote
Old 18 June 2020, 01:03 PM   #25
77T
2024 SubLV41 Pledge Member
 
77T's Avatar
 
Join Date: Dec 2010
Real Name: PaulG
Location: Georgia
Posts: 41,843
Quote:
Originally Posted by Lol-x View Post
To enable it, I think you need the full TRF interface.
Tapatalk is a slimmed down version.
So just install it from a normal computer first and you are good to go.

Attachment 1142070
Thanks Steve. I tested it from an iPhone and iPad and was able to enable it. You explained it well. We must use a browser on the phone or tablet to set it up.

I won’t go all wonky on the elegance - But...it follows the basic tenet of simple, effective security: Use something you know plus something you have. The something you know is of course the password; the something you have is a time-sensitive token generated by Google.

Thanks for the extra effort to enable this on TRF. I know it will add to your load and that of the Mods for awhile. But the benefit will be less of those gut-wrenching scams where a member has lost thousands.

When I did this for a living, and a client’s CIO or CISO asked, “so are we done?” My answer was Invariably “there is no finish line”. As threats evolve, so must policies, strategies and tactics.

For now, I would encourage considering a policy for sellers. If I was a black hat, they would be my hijacking targets.
__________________


Does anyone really know what time it is?
77T is offline   Reply With Quote
Old 18 June 2020, 01:10 PM   #26
interestedwatcher
2024 Pledge Member
 
interestedwatcher's Avatar
 
Join Date: May 2019
Location: Hobart
Posts: 1,030
Quote:
Originally Posted by Lol-x View Post
Hi guys

Please get the app for your phone 'Google Authenticator" from your app store.

Then go to your TRF 'User CP' (on the left at menu row near the top of this page) and if you scroll down you will see at the bottom of the column on the left hand side '2 factor authentication'.

Click the "Enable 2 factor authentication" button.

This should provide a second level of security so scammers cannot access your account (even if they steal) your log in credentials.

Attachment 1142071
Nicely done! any chance of a display somewhere on a users profile to show they are using 2FA?
interestedwatcher is offline   Reply With Quote
Old 18 June 2020, 01:18 PM   #27
77T
2024 SubLV41 Pledge Member
 
77T's Avatar
 
Join Date: Dec 2010
Real Name: PaulG
Location: Georgia
Posts: 41,843
Quote:
Originally Posted by Goodwatch View Post
I stand corrected. You can easily test it by using your smart phone, switch off WiFi (it then jumps to 4G (in my case) and your phone will be assigned a new IP-address. And yes, 2FA kicks in very elegantly. Thanks again and indeed, very recommendable!
Yes - and users who do not pay their ISP extra to get a static IP address will have an IP address change every so often...so we should not be surprised if we get a 2FA challenge even though nothing changed on our home computer.

Those who use a laptop and log-in from different WiFi hotspots throughout the day will also get the 2FA challenge.
__________________


Does anyone really know what time it is?
77T is offline   Reply With Quote
Old 18 June 2020, 01:19 PM   #28
sickened1
2024 SubLV41 Pledge Member
 
sickened1's Avatar
 
Join Date: Aug 2014
Real Name: Ed
Location: SoCal
Watch: ugiveiswatchuget
Posts: 9,047
Done. Thank you Steve for added this extra security layer.
sickened1 is offline   Reply With Quote
Old 18 June 2020, 01:24 PM   #29
77T
2024 SubLV41 Pledge Member
 
77T's Avatar
 
Join Date: Dec 2010
Real Name: PaulG
Location: Georgia
Posts: 41,843
Quote:
Originally Posted by interestedwatcher View Post
Nicely done! any chance of a display somewhere on a users profile to show they are using 2FA?
A badge is sometimes used but not sure how hard that is...
Attached Images
File Type: jpeg 298480BD-2B04-4AC6-ABA0-393A2DFFE8FB.jpeg (59.0 KB, 1416 views)
__________________


Does anyone really know what time it is?
77T is offline   Reply With Quote
Old 18 June 2020, 04:48 PM   #30
swatty
2024 SubLV41 Pledge Member
 
swatty's Avatar
 
Join Date: Dec 2007
Real Name: Peter
Location: Sydney
Watch: The Game
Posts: 17,414
Done, thanks for the heads up Steve
swatty is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Wrist Aficionado

DavidSW Watches

Takuya Watches

My Watch LLC

OCWatches

Asset Appeal


*Banners Of The Month*
This space is provided to horological resources.





Copyright ©2004-2024, The Rolex Forums. All Rights Reserved.

ROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEX

Rolex is a registered trademark of ROLEX USA. The Rolex Forums is not affiliated with ROLEX USA in any way.