**** Please enable 2FA on your OcUK forum account ****

[Werewolf]

I would use the app and backup alone, as that gives maximum protection (if someone is in your email account then email based 2fa is not going to do much).

 

[Deleted member 77746]

Left my previous place of employment last Feb and my manager immediately disabled 2FA on every site I had enabled it on because a handful of people complained it was too difficult to use and a massive inconvenience.

A year and a single phishing email later, some Russians walked on to their network and Hello Kitty ran riot which cost them their entire domain and over a million pounds.

I love 2FA/MFA and would expect every single person on a computer forum such as this to be using it.

That's great, a massive told you so moment.

 

[Timber]

I would use the app and backup alone, as that gives maximum protection (if someone is in your email account then email based 2fa is not going to do much).

Thank you, amended my profile to auth app + backup codes.

 

[Nevakonaza]

For the record, it will be compulsory to have 2FA on for anyone who has MM access soon.

Oh god, I had nothing but issues with the 2FA stuff and that google authenticator rubbish that never worked for me

 

[Deleted member 77746]

Oh god, I had nothing but issues with the 2FA stuff and that google authenticator rubbish that never worked for me

What do you mean it never worked?

 

[Feek]

That's why I wound up turning it off on this site. 30 days per device just became irritating.

Ten seconds once a month per device is irritating?

 

[Jimbeam3678]

Ten seconds once a month per device is irritating?

Times how many devices you have. I would say tedious as opposed to irritating, I have it enabled as I’d happily do tedious over the hassle of having any account compromised

 

[Skynet5]

About time. I have grips about any site that is only password based. One less to worry about. Will enable over the weekend.

 

[Nevakonaza]

What do you mean it never worked?

I cant recall what it was now, but i had something else ask me to set up 2FA and use google authenticator, So i did..it was useless, id scan the code and it just wouldn't do anything.

Hopefully this is not the case with overclockers, as id not want to loose MM access due to it not working for me.

 

[Rainmaker]

Times how many devices you have. I would say tedious as opposed to irritating, I have it enabled as I’d happily do tedious over the hassle of having any account compromised

It takes less than two seconds with a password manager. Just click the TOTP button to put the correct number into your clipboard (it's the clock on the right, in this case), and then paste the number into the form and you're done.

 

[Jimbeam3678]

It takes less than two seconds with a password manager. Just click the TOTP button to put the correct number into your clipboard (it's the clock on the right, in this case), and then paste the number into the form and you're done.

To unlock your vault assuming you are using a strong password takes longer than 2 seconds .... On mobile/tablet its just well.. tedious as I said. I'm all for cyber security I touched on it for 6 months in my old job. Original point was it would be better if it was every 60 days or something like that. Convivence and secure is a fine line to balance otherwise you have people not enabling extra layers of security as has been proven in this thread.

 

[Rainmaker]

To unlock your vault assuming you are using a strong password takes longer than 2 seconds .... On mobile/tablet its just well.. tedious as I said.

You unlock your vault once at the start of browsing, or leave it unlocked but rely on the OS for security (i.e. lock screen, sleep). After that it's instant access. On mobile I click the login button, my face gets scanned in half a second and the number is put in for me - even easier.

 

[Neil79]

Umm it's asked for my QR code again, this is the second time in a week! Already set to 60 days, and no I haven't changed IP or phone device

 

[ShiWarrior]

i didn't realise we could do these now, thanks for the heads up

 

[Feek]

Umm it's asked for my QR code again, this is the second time in a week! Already set to 60 days, and no I haven't changed IP or phone device

You should only be asked for your six digit numeric code every 30 days. If you're being prompted more often then you're doing something with cookies.

 

[Somnambulist]

Done. Have Authy installed on my phone for Kraken etc so no big deal adding this to it.

 

[Deleted member 77746]

You should only be asked for your six digit numeric code every 30 days. If you're being prompted more often then you're doing something with cookies.

They probably clearing them or using private browsing, or logging in via a vpn that's changing constantly.

 

[Grim5]

And have 2FA enabled on your emails too, otherwise the internet isn't for you.

How to become a Internet god:

* 2FA or 3FA on everything
* Password generator on everything
* Email forwarding generator on everything
* VPN everything
* Ad block everything
* Encrypt everything

 

[Deleted member 77746]

2FA or 3FA on everything

You can be even more of a god by saying "MFA on everything" instead of "FA or 3FA on everything. This covers the people who has more than 2FA enabled accounts.

 

[Valo]

Already had 2FA enabled but thanks for the heads up.