Your Backup codes - Important

Deleted member 77746 · 22 Mar 2023 at 10:05

Feek said:
I wish I knew what it would take to get people to save their codes.

Perminant loss of their accounts. Problem is they will just sign up again with a new account causing the same issue.

Feek said:
The crazy thing is that it doesn't just affect them logging in here, they'll have lost access to every single site they access with 2FA.

You are assuming people use 2fa on all sites.

Energize · 29 Mar 2023 at 10:22

Feek said:
I wish I knew what it would take to get people to save their codes. Despite that huge announcement that we regularly reset to force it to show again, I still get a minimum of four requests a week to disable 2FA because members have changed phones, lost phones, lost their authenticator app etc.

The crazy thing is that it doesn't just affect them logging in here, they'll have lost access to every single site they access with 2FA.

It's an internet forum, most don't use 2fa because a forum account is simply not that important.

Murphy · 29 Mar 2023 at 11:01

If you've linked your OCUK store account with your forum account to get free postage couldn't someone use your stored payment details to order a load of stuff? I genuinely don't know is why I'm asking.

Deleted member 77746 · 29 Mar 2023 at 11:32

Murphy said:
If you've linked your OCUK store account with your forum account to get free postage couldn't someone use your stored payment details to order a load of stuff? I genuinely don't know is why I'm asking.

That's why you do NEVER store payment details. Convenience over security.

Websites should NOT allow card details to be stored IMO. Should be law.

Ice Tea · 6 Apr 2023 at 09:48

Genesis Market: Popular cybercrime website shut down by police

Genesis Market allowed online fraudsters to buy passwords and other personal data for less than $1.

www.bbc.co.uk

Deleted member 77746 · 6 Apr 2023 at 10:16

Ice Tea said:
Genesis Market: Popular cybercrime website shut down by police

Genesis Market allowed online fraudsters to buy passwords and other personal data for less than $1.

www.bbc.co.uk

I read this yesterday, they going in hard on cyber crime now there's too much of it about.

Feek · 19 Apr 2023 at 16:45

I can see from the support emails that there have been FOUR more instances already this week where people haven't saved their backup codes, have changed phones and lost their 2FA. It's only Wednesday.

For goodness sake, save the damn codes!

Energize · 19 Apr 2023 at 22:51

Feek said:
I can see from the support emails that there have been FOUR more instances already this week where people haven't saved their backup codes, have changed phones and lost their 2FA. It's only Wednesday.

For goodness sake, save the damn codes!

People probably save their backup codes to their phone...

Felon · 19 Apr 2023 at 23:03

Thanks @Feek for fixing my 2FA after I messed it up!

Pawnless Endgame · 19 Apr 2023 at 23:52

Another +1 for @Feek for helping me to get back online here yesterday.

I read the thread (yellow-stickied at the top) and thought I had the codes, but sadly I saved them to a phone that I no longer had due to a recent phone upgrade. I wrongly assumed that the credentials would copy over when using Samsung Smart Switch. Weirdly enough, my Microsoft authenticator did copy over ok but the Google one didn't, which was the one that contained my OcUK code. At least I know now, and will endeavour to behave better next time

Broken Hope · 24 Apr 2023 at 19:07

Google Authenticator finally supports cloud sync, surprised it's taken them this long.

Feek · 25 Apr 2023 at 11:48

Google Authenticator now backs up your 2FA authentication codes so if you are using that app, your details will be transferred when you change device etc.

That's assuming you trust google with that sort of information.

Scam · 25 Apr 2023 at 12:50

Feek said:
Google Authenticator now backs up your 2FA authentication codes so if you are using that app, your details will be transferred when you change device etc.

It does? I’m not seeing anything in my app (iPhone 13) :confused:

How do you turn this on?

Also, serious question.. where does one save your backup codes? I have 19 accounts/codes in Google Auth and a total mish mash of having saved some, not others etc. in varying locations. Do people chuck them in Google Keep or something and hope that their Google main account doesn’t get compromised? Or literally print them out? What is actually recommended?

Feek · 25 Apr 2023 at 13:48

Scam said:
where does one save your backup codes? I have 19 accounts/codes in Google Auth and a total mish mash of having saved some, not others etc. in varying locations. Do people chuck them in Google Keep or something and hope that their Google main account doesn’t get compromised? Or literally print them out? What is actually recommended?

I save them as notes against each account in 1Password. I would hope that most password managers have an option for notes against each account so it seems the logical place.

Scam said:
It does? I’m not seeing anything in my app (iPhone 13) How do you turn this on?

Dunno, I don't use it, even though I have it installed. The patch notes from the most recent version from a few hours ago say:

Cloud syncing: Your Authenticator codes can now be synced to your Google Account and across your devices, so you can always access them even if you lose your phone.

Scam · 25 Apr 2023 at 15:00

Feek said:
I save them as notes against each account in 1Password. I would hope that most password managers have an option for notes against each account so it seems the logical place.

Hmn I dont use any password managers. I think this is probably why a lot of people don't save their backup codes - because it's an additional risk having them accessible somewhere!

Feek said:
The patch notes from the most recent version from a few hours ago say:

Cloud syncing: Your Authenticator codes can now be synced to your Google Account and across your devices, so you can always access them even if you lose your phone.

Ah, stupid Apple. I had to force an update in the app store. I got a splash screen when I re-launched Google Auth asking me to sign into my Google account. Coming from someone who manages a system with MFA turned on - finally !! :rolleyes:

Broken Hope · 26 Apr 2023 at 06:59

Let's hope Google doesn't have a data breech..

https://twitter.com/x/status/1651021165727477763

TrojanWhore · 31 May 2023 at 23:24

Only semi-related to the thread, but I just had to re-authenticate my desktop on the forums and my code was ****** :cry:

Nice!! Thought I'd share

alphaomega16 · 30 Jun 2023 at 12:37

Can you not redownload backup codes?

Don't use my phone for browsing, im on payg.

Armageus · 30 Jun 2023 at 12:51

alphaomega16 said:
Can you not redownload backup codes?

Don't use my phone for browsing, im on payg.

Yes if you go to:
Your Account >Password and Security> There should be a Two-step verification option
Click Change, then there should be a manage button next to backup codes.
(It asks you to enter your password at some point)

Once you get to that page it shows your current set of backup codes (including those that have been used), and gives you an option to generate a new set

OspreyO · 1 Jul 2023 at 20:01

The phone I have MS Authenticator took a swim, and is on its last legs. I have my backup codes. How do I set up OcUK on MS Authenticator again. I've forgotten.