Enhanced Forum Account Security - 2FA


16 posts in this topic Last Reply

Recommended Posts

Hey Unraiders,

 

We have enabled the option to add extra layers of security to your forum account on top of the usual login layer.  You are now able to enable 2 new forum account security options:

  • Additional Security Question
  • 2FA using Google Authenticator/Authy/KeePassXC etc. 

 

These additional security layers are optional, but recommended. 

 

We have received reports of hacking/bot login attempts on forum member's accounts so on top of enabling 2FA, it’s always a good idea to use a strong password which is changed periodically.

 

To enable one or both, head to your forum account info in the top right and click Account Settings. 
The following instructions are to set up Google Authenticator as an example. 

 

 Screen Shot 2021-03-12 at 11.59.32 AM.png

 

Click on Security and Privacy and reauthenticate with your password. 

 

From there, follow the prompts to enable a Security Question and/or Google Authenticator:

 

Screen Shot 2021-03-12 at 9.01.19 AM.png

 

For Google Authenticator, you will need to download the app on your phone. Once downloaded, click on Enable within the forum Security page and scan the QR code with your phone authenticator to verify the code.

 

Gauthen.png

 

Thereafter, when prompted, you will need to supply the randomly generated code from the Authenticator app:

 

Screen Shot 2021-03-12 at 11.33.00 AM.png

 

When enabled, you will need to authenticate when:

  • Changing your email address 
  • Logging into the forum from a new device
  • Managing Authorized Devices
  • Updating two-factor authentication setup 
  • Changing your password 
  • Logging into the front-end from a known device. Note: This does not apply if the user is logged in automatically because they have used the 'Remember Me' checkbox.

 

Happy Friday,

Spencer

  • Like 6
  • Thanks 4
Link to post

Nice work. I just had to set this up to reply. Is there going to be an SMS option? Super nice on iOS where Safari can auto grab the code from a txt and punch it in.

Link to post
2 minutes ago, falconexe said:

Nice work. I just had to set this up to reply. Is there going to be an SMS option? Super nice on iOS where Safari can auto grab the code from a txt and punch it in.

 

Looking into Authy. There is an SMS option with them.

Link to post

I just turned it on using Authy without problem. Anything that Google Authenticator does, Authy can do. 

I migrated over to Authy because when getting a new device, it'll carry the accounts over and you don't need to set everything back up.

  • Like 1
  • Thanks 2
Link to post

You don't have to use Google Authenticator the use 2FA. i use KeePassXC (desktop) and andOTP (android phone) they bold work on this forum.

Edited by sjaak
Link to post
11 hours ago, DayspringGaming said:

I just turned it on using Authy without problem. Anything that Google Authenticator does, Authy can do. 

I migrated over to Authy because when getting a new device, it'll carry the accounts over and you don't need to set everything back up.

 

51 minutes ago, sjaak said:

You don't have to use Google Authenticator the use 2FA. i use KeePassXC (desktop) and andOTP (android phone) they bold work on this forum.

Thanks! Will update the post. 

Link to post

I've set this up and I like it! Appreciate the effort.

 

One question though, what recovery options are there should I loose access to all my devices (unlikely thanks to Authy)? Typically services offer backup codes or recovery codes or similar. I keep those offline and secure, but available just in case the extraordinary happens.

Link to post
20 minutes ago, hpka said:

I've set this up and I like it! Appreciate the effort.

 

One question though, what recovery options are there should I loose access to all my devices (unlikely thanks to Authy)? Typically services offer backup codes or recovery codes or similar. I keep those offline and secure, but available just in case the extraordinary happens.

 

If you lose access to your 2FA linked device(s), there is an account recovery tool to regain access via the email account linked to your forum account. 

Link to post
2 minutes ago, cwboomer said:

Hello. 
I use LastPass. 

I would like to share my steps that were successful without the use of the google app.


I was able to login to the forum this way, without the google app, fyi.

In my LassPass Vault:
- Turn on 2FA in Account>MobileDevice:
- Add phone in Account>MobileDevice:(once the two phone apps are installed)
- Enable Lastpass authenticator app in the 2FA
    - I definately see that google is an option, but that requires another app/service.

On the device:
- Installed Lastpass & LastpassAuthenticator apps.

On the device/LastPassAuthenticator app:
- add account (plus-sign)
- Use the scan QR option. 
Scan the QR. Enter code from phone. All Set!


 

Thanks for sharing!

Link to post

The problem with Google Auth as far as I know is you lose your device, you lose your auth.  Authy however has a better system of multi device sync and backups and supports anything that Google Auth would normally be used for.  

Link to post
On 3/13/2021 at 4:59 AM, SpencerJ said:

 

Looking into Authy. There is an SMS option with them.

Please only allow SMS as a final resort - no need to perpetuate the horribly flawed scheme where you need to wait a 3rd party to deliver the codes to you when it could get intercepted midway or even failed delivery.

Other apps as alternatives for the OTP generation

* Microsoft Authenticator (has automatic multi device support and recovery)

* KeeWeb - stores the seeds in a KeePass kdbx file

* AuthPass

* Yubico Authenticator (stores the seeds with a Yubikey)

  • Like 1
  • Thanks 1
Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.