**** Please enable 2FA on your OcUK forum account ****

mrk

mrk

Man of Honour
Joined
18 Oct 2002
Posts
90,779
Location
South Coast
I guess this highlights your new mission to find an email provider that actually cares about security then! Set up a forwarder to the new service and sack off plusnet email from the mind's eye. Gmail/Ootlook.com hell even Yahoo Mail are great in this regard.
 
Soldato
Joined
21 Jan 2016
Posts
2,513
Is there seriously a post in here equating the suggested use of 2FA to Chinese state authoritarianism?

Never mind the fact that you have the option here to use email based 2FA so if your mobile phone scares you so much then you can use that instead. Or of course option C, just ignore the recommendation and go about your day safe in the knowledge that your reluctance to employ basic security practises is really sticking it to the man.

This place never ceases to amaze me…
 
OcUK Staff
Joined
7 Nov 2010
Posts
1,937
Why the push for 2FA if there has been no security breach? securing an email address is basic internet that most people have managed for 20+ years.

What with the COVID passports will people be able to do anything in the future without a mobile phone? hey guys link everything to your mobile phone so we can monitor all of your text messages and see all of your accounts and whenever you login. Bye bye privacy.

Chinese social credit system here we come.
Welllll that's a new take, however given that 2FA doesn't require a phone (there is ones you can use on any device) what you are saying is baseless, here is the thing though, 2FA doesn't remove the need to have a password, you need both, so even if you think they are compromising your 2FA code from your phone, they still need to know your password, so in this instance it's the same as it would be if you didn't have 2FA on anyway.

If you fear the apps that are trusted by everyone else, just build your own and check the source code to ensure it's not sending your details to some shady organization.

https://github.com/freeotp/freeotp-android - an android one
https://github.com/freeotp/freeotp-ios - ios version
https://github.com/bitwarden - bit like Authy, create your own server, create the clients.
 
Associate
Joined
1 Feb 2017
Posts
888
Just enabled it, I started to use it more and more tbh. Sometimes can be a pain but generally works well.
 
Suspended
Joined
12 Jul 2007
Posts
6,604
Location
Norfolk.
Enabled it, way more of a faff than I expected needing with another bloody app adding to my phone, longer logins etc but this seems to be the crap we have to deal with nowadays to prevent scum scamming people.
 
Soldato
Joined
21 Jan 2010
Posts
11,001
Enabled it, way more of a faff than I expected needing with another bloody app adding to my phone, longer logins etc but this seems to be the crap we have to deal with nowadays to prevent scum scamming people.
"Remember me" :confused:
 
Caporegime
Joined
19 Oct 2002
Posts
27,493
Location
Surrey
I've enabled email TFA as I don't want any more apps on the phone. I have TFA on my email so hopefully email stays safe. It's a shame we have to use things like this. But there you go.
 
Man of Honour
Joined
11 Dec 2002
Posts
10,375
Location
Darkest Norfolk
I've enabled email TFA as I don't want any more apps on the phone. I have TFA on my email so hopefully email stays safe. It's a shame we have to use things like this. But there you go.

you can use a single 2FA app like google authenticator for most of your 2FA needs, your only going to have more and more accounts using this tbh
 

LiE

LiE

Soldato
Joined
2 Aug 2005
Posts
23,311
Location
Milton Keynes
I already use MS authenticator for various work sites, so it's no bother to add OcUK. MS Authenticator also backs up to iCloud which is handy.
 
Soldato
Joined
18 Aug 2007
Posts
9,214
Location
Liverpool
Why the push for 2FA if there has been no security breach? securing an email address is basic internet that most people have managed for 20+ years.

What with the COVID passports will people be able to do anything in the future without a mobile phone? hey guys link everything to your mobile phone so we can monitor all of your text messages and see all of your accounts and whenever you login. Bye bye privacy.

Chinese social credit system here we come.

Nonsensical rambling is nonsensical. No need for a phone if you're so inclined... OTP/2FA can be set up using a password manager, which anyone using the Internet these days ought to have. I run mine as a browser addon, but you can download desktop and phone clients too. Bitwarden is free and open source, everything is encrypted, and you can run it yourself (eg Vaultwarden in Docker) so you know the code and the server are both trustworthy. If you sign up directly with Bitwarden, the OTP feature is premium and £10 a year (enter the TOTP in the field, save, get a six digit code to enter into the login form in return). If you run it yourself, all 'premium', family and enterprise features are free - including OTP.

Is there seriously a post in here equating the suggested use of 2FA to Chinese state authoritarianism?
....
This place never ceases to amaze me…

I've said it before and I'll say it again - this place is great, but it's predominantly gamers and such, not actual techies (with some notable exceptions). Most people here don't have much in-depth knowledge about privacy, encryption, networking, servers or the like.

https://github.com/bitwarden - bit like Authy, create your own server, create the clients.

As I said, the correct answer. :) Enable 2FA/OTP on all the things, get yourself a YubiKey or similar for physical 2FA, and generate a solid curve ed25519 SSH key and a GPG key - and use them!
 
Soldato
Joined
18 Oct 2002
Posts
24,755
Any chance of giving people the option to sign in with Google or Microsoft accounts so that the auth workflow is handled by those companies and all the systems they have in place?
 
Top