Your email address - Important!

Feek

Feek

Feek

Commissario
Joined
16 Oct 2002
Posts
342,938
Location
In the radio shack
This is another one of those threads where we ask you to check something on your account.

Please check your registered email address, make sure it's one you have access to and that you know what it is.

There's nothing nefarious in us asking you to do this, it's for your own benefit. If it's wrong, you won't receive notifications from subscribed threads, PMs etc, but more importantly, it's something else we use to verify ownership if you get locked out. And yes, despite asking people to take copies of their backup codes, we're still getting members locked out of their 2FA because they haven't done so.

We don't use it to spam you, we don't pass your details on to anyone else, there's no security issue in you checking it and ensuring it's correct.

Click on your name in the top right corner of the forum screen and select Account details. Your email address is shown there an if it's wrong, you can click the 'change' button and correct it.

You would have set up your email address when you first signed up. For some people, that could have been over twenty years ago.

If you get locked out for any reason then this is one of the questions we will ask you. If you aren't able to tell us what your registered email address is then we will not be able to get you back into your account.

While you're at it, check your date of birth as well.

Thank you.
 
I have to admit I haven't saved my backup codes.

Isn't 2FA meant to make things easier? Saving a set of codes for every site that you have Authenticator 2FA set up on seems excessive. Its already bad enough having to save passwords because every site has its own rules.
 
Last edited:
danlightbulb said:
I have to admit I haven't saved my backup codes.

Isn't 2FA meant to make things easier? Saving a set of codes for every site that you have Authenticator 2FA set up on seems excessive. Its already bad enough having to save passwords because every site has its own rules.
Click to expand...

Are you new to 2FA?

Backup/recovery codes exist everywhere that uses 2FA. If you no longer have access to your 2FA token and have never saved your backup codes then your account should be toast. Admittedly for a forum account there's probably less concern about unlocking the account, but for something that contains your confidential information you wouldn't want an attacker to be able to just phone up and say I'm locked out can you reset for me.

I'm assuming you're also not writing down your passwords? If you use a password manager, most have some sort of notes section for each account. Store your recovery codes there. At least then you only need to store one recovery code for your password manager somewhere safe.
 
Semple said:
Are you new to 2FA?

Backup/recovery codes exist everywhere that uses 2FA. If you no longer have access to your 2FA token and have never saved your backup codes then your account should be toast. Admittedly for a forum account there's probably less concern about unlocking the account, but for something that contains your confidential information you wouldn't want an attacker to be able to just phone up and say I'm locked out can you reset for me.

I'm assuming you're also not writing down your passwords? If you use a password manager, most have some sort of notes section for each account. Store your recovery codes there. At least then you only need to store one recovery code for your password manager somewhere safe.
Click to expand...

Im not new to using 2FA. But never had to restore lost access - I just assumed it was all linked to my google account so if I did lose or break my phone I'd just restore it by logging back in to google on the new device.

Re passwords - some are saved by google on the devices I use, again assumed this was linked to my google account so I'd just restore it by logging in. And some passwords are stored locally on a spreadsheet. Ive noticed some sites don't autopopulate a password depending on what front end they use. Eg British Gas doesn't.

Ive also enabled fingerprint log in for the apps that use it.
 
Last edited:
danlightbulb said:
Im not new to using 2FA. But never had to restore lost access - I just assumed it was all linked to my google account so if I did lose or break my phone I'd just restore it by logging back in to google on the new device.
Click to expand...

It's good practice to consider these things, or even test them. It's like when most people take backups of their data, but never actually occasionally test/check them to ensure everything is backed up correctly. Instead leaving it to the point when they need to restore the data and there's a problem and it's too late.

But no, AFAIK it's not linked. You'll have a cookie saved after you've logged into a device, so you don't need to keep logging in with 2FA codes. But if you lost your phone and then set up on a new phone that would require you to log in again.

I'm not sure what you're using to generate 2FA codes, I know Authy syncs across devices so you'd be able to get access again. I'm not so sure if Google Authenticator does though (it's been years since I stopped using it).
 
darael said:
An email should be sent out to every single member, with a link which must be clicked on 72 hours after the email was sent. If the link isn't sent, suspend the accounts until the accounts have been properly verified.
Click to expand...

That's a good way of getting rid of stale accounts and to get people to verify them. But this forum has 167,747 accounts. Might take a while.
 
You must log in or register to reply here.
Back
Top Bottom