2 Factor Authentication
 

Hi guys

Please get the app for your phone 'Authy" from your Apple iPhone/iPad or Android app store or the Authy website for a desktop/notebook version.
Authy can also be used on your desktop computer.

Then go to your TRF 'User CP' (on the left at menu row near the top of this page) and if you scroll down you will see at the bottom of the column on the left hand side '2 factor authentication'.

Click the "Enable 2 factor authentication" button.

This should provide a second level of security so scammers cannot access your account (even if they steal) your log in credentials.

Attachment 1142071
Attachment 1142449

Thank you, done! :dude:

So did it work for you?

You will not have to do it every time, only if you log in from an unrecognised location.

Yes worked fine, I use the Google authenticator for many sites. 2FA is great.

Thank you.

What it means, if enabled by you now, that your account cannot be stolen and your password is useless to anyone but you.

So please everyone enable this now, its very straightforward.

Great work Steve. :thumbsup:

Do you envision this might become a requirement for sellers?

It’s those accounts that are targeted by scammers methinks.


Sent from my iPhone using Tapatalk Pro

Thanks a lot OP for this information.

Not just sellers, but EVERYONE, its very important.
However, it is critical for sellers.

The forum reserves the right to nevertheless ban people and require them to undergo an authentication process if they are suspected of untoward account activity.

Steve
I tried it with TapaTalk but don’t believe their server is linked? Sorry for the extra question.


Sent from my iPhone using Tapatalk Pro

Enabled with no issues.

Thank you Steve!!

I just tried with Tapatalk but wasn't given the option. Had to use the computer to activate / view the Two Factor option under User CP.

Thanks much. I access multiple forums so TapaTalk actually intermediates the authentication process.


Sent from my iPhone using Tapatalk Pro

To enable it, I think you need the full TRF interface.
Tapatalk is a slimmed down version.
So just install it from a normal computer first and you are good to go.

Attachment 1142070

OK done. Thanks Steve for the suggestion.


Sent from my iPhone using Tapatalk

I turned on 2 Factor Authentication.


I changed my password and nothing. Do I have to hit the road to experience the re-authentication process? Can someone with experience with this form of 2 factor authentication warn me (and everybody else that will enable it) what to expect when I/we may have to re-authenticate in the future.


If this is voluntary, is there any way of telling if another member is using 2 Factor Authentication?

Thanks Steve. I have enabled 2FA for this forum, logged out and could log back in without the 2FA kicking in. After that I have tried it in two more different browsers (so Firefox, Google Chrome and Safari in total) but the 2FA never kicked in. And I'm an avid 2FA user and have it enabled on my Nest, Synology NAS, you name it. If I go back to my control panel and click 'Two-factor authentication' again, I have the option to disable it so it is switched on. Do any other members experience the same?

Got it, worked for me. :thumbsup:

Done! :cheers:

Done...thank you Steve!

hmmm, I'm not seeing the google app in the App Store.

From what Steve 'Lol-x' said above, I think the re-authentication only kicks in when/if you change your ip address. Can you test that?

All I'll say is it is working.
Don't ask technical questions about how it works.
Security modus operandi are not going to be revealed.
No security system is infallible, but this 2FA is an extra and a very worthwhile layer of added protection.

One should always be on guard against persons seeking unauthorised access to ones account.

I stand corrected. You can easily test it by using your smart phone, switch off WiFi (it then jumps to 4G (in my case) and your phone will be assigned a new IP-address. And yes, 2FA kicks in very elegantly. Thanks again and indeed, very recommendable!

It’s there.

Thanks Steve. I tested it from an iPhone and iPad and was able to enable it. You explained it well. We must use a browser on the phone or tablet to set it up.

I won’t go all wonky on the elegance - But...it follows the basic tenet of simple, effective security: Use something you know plus something you have. The something you know is of course the password; the something you have is a time-sensitive token generated by Google.

Thanks for the extra effort to enable this on TRF. I know it will add to your load and that of the Mods for awhile. But the benefit will be less of those gut-wrenching scams where a member has lost thousands.

When I did this for a living, and a client’s CIO or CISO asked, “so are we done?” My answer was Invariably “there is no finish line”. As threats evolve, so must policies, strategies and tactics.

For now, I would encourage considering a policy for sellers. If I was a black hat, they would be my hijacking targets.

Nicely done! any chance of a display somewhere on a users profile to show they are using 2FA?

Yes - and users who do not pay their ISP extra to get a static IP address will have an IP address change every so often...so we should not be surprised if we get a 2FA challenge even though nothing changed on our home computer.

Those who use a laptop and log-in from different WiFi hotspots throughout the day will also get the 2FA challenge.

Done. Thank you Steve for added this extra security layer. :cheers:

A badge is sometimes used but not sure how hard that is...

Done, thanks for the heads up Steve :thumbsup: