Getting started with Google Authenticator

hridoyb

sr. member

Activity: 826

Merit: 250

Bitgesell (BGL) Decentralized Cryptocurrency!

Quote from: clover12 on February 21, 2019, 12:51:34 PM

I am setting upp Google Auth for my Binance account.

How does this thing work?

I put in my email address
It makes a code in blue and flashed red colored.
What next?
Where do I input the code?

Huh

Now most of the exchanger required to use Google Authenticator for account security and also add withdraw password some exchanger. when you enable Google Authenticator 2f you must be stored your security code because when your phone change or lost this key helps to login your account.So more details about its visit https://support.binance.com/hc/en-us/articles/115000433432-Google-2FA-Guideline

Artemis3

legendary

Activity: 2030

Merit: 1563

CLEAN non GPL infringing code made in Rust lang

Quote from: clover12 on March 01, 2019, 03:46:17 PM

OK. i removed my SMS option from Binance. It seems a WHOLE LOT BETTER. thanks for assistance everyone.

Now I am staring at this API option. What is that??? I click the link to API options and it goes into nowheres land...

You don't have to worry about the API unless you want to use a third party program with Binance. For example a trading bot.

clover12

jr. member

Activity: 168

Merit: 2

Quote from: DdmrDdmr on March 01, 2019, 01:17:48 PM

Quote from: clover12 on March 01, 2019, 12:30:37 PM

<…>So I should turn OFF the SMS and only use Authy <…>

That’s how I’ve got it (only Authy). After all, SMS is considered less secure, and 2FA is thought as being way more secure, with the token expiring every 30 seconds.

OK. i removed my SMS option from Binance. It seems a WHOLE LOT BETTER. thanks for assistance everyone.

Now I am staring at this API option. What is that??? I click the link to API options and it goes into nowheres land...

DdmrDdmr

legendary

Activity: 2338

Merit: 10802

There are lies, damned lies and statistics. MTwain

Quote from: clover12 on March 01, 2019, 12:30:37 PM

<…>So I should turn OFF the SMS and only use Authy <…>

That’s how I’ve got it (only Authy). After all, SMS is considered less secure, and 2FA is thought as being way more secure, with the token expiring every 30 seconds.

Edit: It may be a bit early to start messing around with API keys. They are risky if you do not manage them properly. In any case, you need to type an API label of your choice before you hit the "create new key", or nothing will happen (as seems to be the case).

API will typically be used to create your own trading software, or use a trading bot. Unless that is the case, I would stay clear of creating them since they enable trading on your behalf. There is online documentation on Binance ...

clover12

jr. member

Activity: 168

Merit: 2

Quote from: DdmrDdmr on March 01, 2019, 07:28:20 AM

Quote from: clover12 on February 28, 2019, 05:37:41 PM

<…>

It’s another safety feature, but not one that is not inexpungable:

- The whitelist is meant to work along with Binance’s software ecosysytem. If the exchange itself get’s hacked at some point, those restrictions may be bypassed easily. There is no tie to your whilelist outside Binance ecosystem.

- Binance is pretty safe, but no exchange is safe from hackers. Officially they have not been hacked yet, although during March 2018 there was an incident by which a third party app requested API keys and started to trade on some user’s behalf, pumping Viacoin in the process. No user was really affected in the aftermaths, as Binance reverted all the trades.

- Software is what it is, and can have bugs and backdoors that lead to unexpected breaches at some point.

Having said that, I pretty much like binance and all it’s user security features. Nevertheless, never consider your assets there invulnerable (after all, you do not control your private keys).

It's a scary yet very real description. Thanks for heads UP....

clover12

jr. member

Activity: 168

Merit: 2

Today I logged into Binance but this was the issue....

It gave 2 options to log in. The Google Authenticator (in my case Authy) and then SMS.

I typed in the SMS code and I was in. So it did not require Authy at all, just the SMS.

So I should turn OFF the SMS and only use Authy?

DdmrDdmr

legendary

Activity: 2338

Merit: 10802

There are lies, damned lies and statistics. MTwain

Quote from: clover12 on February 28, 2019, 05:37:41 PM

<…>

It’s another safety feature, but not one that is not inexpungable:

- The whitelist is meant to work along with Binance’s software ecosysytem. If the exchange itself get’s hacked at some point, those restrictions may be bypassed easily. There is no tie to your whilelist outside Binance ecosystem.

- Binance is pretty safe, but no exchange is safe from hackers. Officially they have not been hacked yet, although during March 2018 there was an incident by which a third party app requested API keys and started to trade on some user’s behalf, pumping Viacoin in the process. No user was really affected in the aftermaths, as Binance reverted all the trades.

- Software is what it is, and can have bugs and backdoors that lead to unexpected breaches at some point.

Having said that, I pretty much like binance and all it’s user security features. Nevertheless, never consider your assets there invulnerable (after all, you do not control your private keys).

clover12

jr. member

Activity: 168

Merit: 2

It's a prety decent outfit being all set with the Authy.

I like the Binance, White List feature too... is that a strong idea to block out hackers or something? Huh

it seems like the White List has potential to be much smarter than AUTHY is. If you can only withdrawl into your private wallets, how could anybody steal anything from your Binance? Huh

?

jademaxsuy

full member

Activity: 924

Merit: 220

Quote from: clover12 on February 28, 2019, 04:55:13 PM

What does "3FA" stand for?

This may help you what 3FA means as there's another meaning of it if it's not for authenticating. 3FA is three-factor authentication (3FA) or you can visit here https://searchsecurity.techtarget.com/definition/three-factor-authentication-3FA.

Quote from: clover12 on February 28, 2019, 04:55:13 PM

It was confusing setting up because my "Passcode" was my Binance password, not my Authy Backup Passcode.
Then my "Google Authentification Code" was the 16 digit QR Code, not my Authy 6 digit Token... or the other way around?

Once your 2FA is activated access binance and sign in then when you are prompted to input a code just open your authy, select the name you use and copy the 6 digit provided in authy then your good to go. In my case is not binance but all I did was sign in to the site then press the sign in button and input the 6 digit code then validate to continue.

JeromeTash

legendary

Activity: 2100

Merit: 1208

Heisenberg

Quote from: clover12 on February 28, 2019, 04:55:13 PM

It was confusing setting up because my "Passcode" was my Binance password, not my Authy Backup Passcode.
Then my "Google Authentification Code" was the 16 digit QR Code, not my Authy 6 digit Token... or the other way around?

Binance did not exactly word it self explanatory since it is juggling all these different codes and phones and iphones and desktops and emails.

It's all good to go. Now how do I TEST this thing out? Huh

I'm scared to Log Out of binance now...

Yes your Binance password/passcode is different from Authy backup passcode because authy is an entirely different thing from Binance.
Authy stores an encrypted copy of all your Authenticator accounts... if you lose your phone, It is that passcode you are going to use to recover your backups stored by authy so that you can get your 6 digit token for authentication.
It's more like an online cloud for your Authenticator accounts.

The 16 digit QR code from Google authentication is actually the recovery code... which you can write and keep somewhere safe. Since google authenticator does not offer cloud back, that is the code you use to recover your binance account.

Otherwise, once you set them up, both authentication apps will display a similar 6 digit token code every 30 seconds

clover12

jr. member

Activity: 168

Merit: 2

OK Folks... i completed Authy registration with Binance!! It is all 2FA from here on.

What does "3FA" stand for?

It was confusing setting up because my "Passcode" was my Binance password, not my Authy Backup Passcode.
Then my "Google Authentification Code" was the 16 digit QR Code, not my Authy 6 digit Token... or the other way around?

Binance did not exactly word it self explanatory since it is juggling all these different codes and phones and iphones and desktops and emails.

It's all good to go. Now how do I TEST this thing out? Huh

I'm scared to Log Out of binance now...

DontSayLies

newbie

Activity: 2

Merit: 0

Quote from: Real14Hero on February 27, 2019, 09:51:36 AM

if you have google authenticator QR code Backup ?

It is why I mentioned above that before activate 2FA, the 2FA codes should backup.
After backup, please remember to test the 2FA backup codes in assumed scenario in which you lost your phone, computer.
If those backup of 2FA works fine for you, it's time to start send money to your account.

Real14Hero

hero member

Activity: 952

Merit: 576

Quote from: clover12 on February 21, 2019, 01:31:43 PM

Really confused what to do now.

If I lose my phone my Binance account is not accessible? Huh

??

if you have google authenticator QR code Backup ?

Ipwich

hero member

Activity: 1050

Merit: 529

Student Coin

Quote from: Tamilson on February 26, 2019, 05:05:10 AM

Quote from: logfiles on February 25, 2019, 06:01:27 PM

Quote from: scambust on February 25, 2019, 05:44:34 PM

This is what I use and it runs offline too.
https://chrome.google.com/webstore/detail/authenticator/bhghoamapcdpbohphigoooaddinpkbai?utm_source=chrome-ntp-icon

I have been using it for four years.

I think a standalone app would be much better and also having it on multiple devices. Encrypted with a master password of course.

Why settle for GA when you can use Authy, I use GA before and when my friend lost his phone and got broke, good thing binance support is very responsive and got the account back. This is what I'm afraid of, to lose access to sites that I often use.

In GA there's no recovery back up but in Authy can encrypt a back up in the cloud so if you lost your phone you can still access those authy accounts from other device.

This is what I actually meant, sorry for my previous posts, there was a little confusion on my part.
I'm using AUTHY for both my phone and my PC and they all sync with each other.

DontSayLies

newbie

Activity: 2

Merit: 0

A guide for someone who need .details to activate 2FA on Binance
https://coinsutra.com/google-authenticator-setup-guide/
And, more important step is never forget or too lazy and do not backup 2FA codes.
One more step, is after saving backup of 2FA, make sure that you test the backup to see it works for your account when you lost your phone or not.
If not, return to your Binance account profile, deactivate 2FA, then reactivate it and get new 2FA codes.
Then, reappyling those steps again till you see your 2FA backup codes work fine.

DdmrDdmr

legendary

Activity: 2338

Merit: 10802

There are lies, damned lies and statistics. MTwain

Quote from: clover12 on February 26, 2019, 04:48:48 PM

<…> but what if I lost my phone? Is the White List going to block me from sending funds out of Binance?

The whitelist is not related to your phone, but rather to the wallet addresses you can send them to, so losing your phone will not stop you from withdrawing your funds.

Since you are going to setup 2FA using Authy, just make sure that you keep an Authy backup in case of phone loss. You can even set it up on multiple devices, all sharing your access codes. For example, I have got it on my phone and ipad, and can use Authy on either of them to gain access to my 2FA protected accounts.

Check Authy’s website on how to do this. If I recall correctly, I installed Authy on my second device, used the same phone number as on my primary device upon registration, received an SMS password to use for my second device on my first device, and followed a couple more steps to unlock each 2FA token on the device (It requires creating a backup previously I believe).

clover12

jr. member

Activity: 168

Merit: 2

Quote from: Harlot on February 26, 2019, 01:59:34 PM

There are several step by step guides for setting up 2fa on Binance account there is even one included on the official support site of Binance. The thing you are feeling now is doubt and fear that you might lose your account when you messed up the process but to tell you honestly if you done all the things in the guide you won't need to worry about anything, just think of it as the next process for your account's safety and doing nothing now won't help you secure your account.

Correctamundo. It is one diligent step at a time. Tomorrow I should figure out how to set up the 2FA with Authy.

I just set up my White List (of the only wallets that can send funds out of Binance ) it goes to my Ledger Nano. That seems decent... but what if I lost my phone? Is the White List going to block me from sending funds out of Binance?

Artemis3

legendary

Activity: 2030

Merit: 1563

CLEAN non GPL infringing code made in Rust lang

Quote from: clover12 on February 26, 2019, 11:49:27 AM

OP again. I am trying to load Authy into my binance account and it looks like it only uses Google Authenticator?? Huh

There is no options for Authy setup. What am I doing wrong here? When I went the GA route and inputed my Authy info, I get the error message "Binding failed"

Authy (and any other 2fa) use the same config as Google Authenticator. You don't need separate setups, they are the same thing.

If you already had created the 2fa and just want to switch from GA to Authy, you need to use the backup 16 char code in Authy to recover your already active setup. Else you would need to disable 2fa and enable it again.

If you keep getting errors double check your phone time/date is correct.

In all sites the procedure is the same:

When you request 2FA, It generates a (backup) key which you must write-down somewhere and keep it very safe and then scan that qrcode (or input the key manually) in your 2FA app (here you can use GA, Authy or any other).

That is all. the site will now ask you your 2FA code which is the one your app is showing and keeps changing every minute or so.

Harlot

hero member

Activity: 1806

Merit: 671

There are several step by step guides for setting up 2fa on Binance account there is even one included on the official support site of Binance. The thing you are feeling now is doubt and fear that you might lose your account when you messed up the process but to tell you honestly if you done all the things in the guide you won't need to worry about anything, just think of it as the next process for your account's safety and doing nothing now won't help you secure your account.

clover12

jr. member

Activity: 168

Merit: 2

Right now I only use a Password, Anti Phishing Code, and SMS Authentification.

I'd like to set up all of it, including Authy, and API.

Topic: Getting started with Google Authenticator (Read 654 times)