Pages:
Author

Topic: Newbies how to use the 2FA security system in the account? (Read 733 times)

sr. member
Activity: 420
Merit: 376
@AirtelBuzz
A minor correction that you can change in your OP if you like. You wrote that after clicking on "Account Related Settings", you will see your username and the gmail account connected to your Bitcointalk account. Gmail is only one out of many e-mail providers. You can use any e-mail service you want. Perhaps change "gmail" to "e-mail."

After clicking on account related settings, you will see a page like this. There you can see your account username and the Gmail used in your account which you provided while opening the account.

Hey, no one noticed this little mistake before, not even me.
@Pmalek Thanks for catching the slightest mistake and correcting it. Actually it was my typing mistake which caused Gmail to be written instead of Email.


Thanks for your good effort and learning. In fact, if people try to learn something with their own intelligence, even if it is late, they are still able to learn. Nice to see your post that even with a small member post like me someone has been able to learn the 2FA system and add it to their profile. In fact, we have to give more thanks to those who put this system in place to keep our accounts safe.
legendary
Activity: 2730
Merit: 7065
@AirtelBuzz
A minor correction that you can change in your OP if you like. You wrote that after clicking on "Account Related Settings", you will see your username and the gmail account connected to your Bitcointalk account. Gmail is only one out of many e-mail providers. You can use any e-mail service you want. Perhaps change "gmail" to "e-mail."

After clicking on account related settings, you will see a page like this. There you can see your account username and the Gmail used in your account which you provided while opening the account.
full member
Activity: 207
Merit: 143
Maybe I'm Bumped too old a post but after this post I asked I'm new I don't know how to do it. Now I've become a little more experienced in spending time on the forums and have tried to activate the 2FA security system on my account. Thank you for making this post so nice and eloquent. This post will definitely help the newbies to enable 2FA to secure their account.

sr. member
Activity: 1862
Merit: 437
Catalog Websites
Strongly recommend using google authenticator I've use it for years and doesn't really encounter problems with it
Google Authenticator is a close source 2FA and I don't recommend it.

Use open source 2FA like Aegis, Tofu

https://getaegis.app/
https://github.com/beemdevelopment/Aegis

https://www.tofuauth.com/

You are right, I would recommend using an authenticator, but not necessarily google authenticator since it wasn't open source 2FA, I've edited my post here  Smiley

Well, so far I haven't encountered issues with my authenticator with the new update, my biggest problem last time was the code was not saved to a certain account so it wasn't going to save on the situation when I lost my phone back in 2020 I think, but so far it was solved already, There was also a way to recover your account in case you have problems, you could bypass authenticator on a certain platform or account as long as you saved the codes on the authentications when you activate the authentication most of the platform is going to give you code that is going to allow you it turns off that authentication code in your account in case your phone was broken or stolen. I will take a look at this open-source authenticator that you are recommending. Thanks!
member
Activity: 97
Merit: 43
Strongly recommend using google authenticator I've use it for years and doesn't really encounter problems with it
Google Authenticator is a close source 2FA and I don't recommend it.

Use open source 2FA like Aegis, Tofu

https://getaegis.app/
https://github.com/beemdevelopment/Aegis

https://www.tofuauth.com/
sr. member
Activity: 1862
Merit: 437
Catalog Websites
Edited:
I recommend using a authenticator I've been using it for years and don't really encounter problems with it, there are a few back then if you lose your phone.
I using google authenticator so far as I can remember codes cannot be recover back then as the codes are not save to your Gmail accounts so its difficult to recover unless you save the code on the account you put that authenticator. But there new recent system was great all data was already going to be save on the Google account so your not gonna have anyproblem anymore, if you lose your phone as long as you know your email account you could easily recover all of them instantly. It can easily save you from hacks incase someone get your password, a added layer of security was never going to go wrong, there are some cases of getting hack even though having authenticator, but in my opinion it only happened when the hacker get a access to a trusted device to which authenticator is bypass thinking that it was you since your password is save on it something like that.

Google wasn't open source but it work in my experience do its job as a authenticator, if you want a more secure one there are some open source one out there.
full member
Activity: 448
Merit: 130
OP, did a pretty good job of explaining this 2FA thing. We already know that two-factor authentication adds an extra layer of security to account. It usually accepts a unique code on mobile devices that needs to be entered in addition to the regular password when logging in. This helps prevent unauthorized access to the account even if the password is compromised. I use an app to store my important documents and use 2FA in the app, but I lost the 2FA private key and couldn't recover it later. So you should be very careful while using it so that even if your device is lost or damaged you can recover it again through the private key.
full member
Activity: 476
Merit: 141
Since the introduction of 2FA, more security has been increased. In the past, email was more effective than ever. I like this technique, which is why I'm so glad I turned on 2FA. OP made it easier for newbies to know how to set up. So thank you very much for helping newbies.
sr. member
Activity: 952
Merit: 275
I just found out that 2FA is now active on the forum, good move honestly, now we will have less compliant about people losing their accounts to unknown person.

Begginers who are not used to 2FA already should be careful, if you don't back up your 2FA codes you will lost access to your account, I don't think there will ever be a way to get your account back.

You can use google auth if you don't have any problem backing up your codes using your email account, I have tried it and it works, but I found Authy to be better than Google auth.
hero member
Activity: 1400
Merit: 770
Platforms typically mention google authenticator but this doesn't mean only google auth works. I believe, I've also listed why aegis is a lot better than google auth but I just wanna say that they're not:

1. relatively unknown - if you look up on online communites such reddit, it actually been recommeded a lot particularly on privacy and security focused communities, and even on bitcointalk by prominent members. also see their github: https://github.com/beemdevelopment/Aegis

2. nor a company - just some fellas doing god's work at no cost

I wish this existed since hearing about a lot of accounts being stolen. Of course I feel happy because there is multi-level security.

There are indeed several 2fa application options, but I have only heard of two familiar ones, Google Authenticator and Auty. I am a user of one of them. I've been using it for 9 years for my trading account. Right now I feel comfortable and quite safe. As for Aegis, I heard about it not long ago but I don't believe it yet. There is a feeling of hesitation to switch. But thank you, this makes me try to continue researching Aegis.
full member
Activity: 638
Merit: 208
Belgian based crypto-enthusiast
This a good one to end the year with Cool For me, this is the best news on BT this year.

Though, as some already have said, I would recommend Aegis or Authenticator Pro (both on Android) as your 2FA app.
legendary
Activity: 1890
Merit: 1537
This was one of the best features released this year, and indeed, they should activate this feature in the forum and in the accounts of the platforms they constantly use. This feature will help forum members increase the security level of their accounts, making it difficult for scammers to change their passwords or email addresses when an active OTP is present in their accounts. It is crucial for Newbies to download the official Google Authenticator app from Google Play, as mentioned by OP, or from the Apple Store without downloading any fake apps or from outside these trusted stores. Increasing protection in their email is important, using a genuine email rather than a fake one generated by a website. It is advisable to link the two-factor authentication app with the email so that in case of a lost phone, they can recover OTP codes and retain the Shared secret (Base32) code in a secure place.

Thanks to you, OP, for sharing this tutorial, and I hope many who don't know how to activate this important feature will implement it.
hero member
Activity: 2786
Merit: 902
yesssir! 🫡
adding a 2 factor verification method needs a lot of time and coding. they've already did a lot of work implementing google 2FA and it is not been so long. I don't think Forum Admins would like to add another one or change  current Google 2 Factor into Aegis

The forum does not need to change anything since any totp app works. Aegis and Google authenticator are both totp app hence both should work.

I prefer Google 2FA, every website and application I know use google 2fa. it sounds more authentic than a relatively unkown company. BTW I had never heard of Aegis before. it looks like it has been around for quite a few years. but still, I didn't see any website or apps using their 2fa.

Platforms typically mention google authenticator but this doesn't mean only google auth works. I believe, I've also listed why aegis is a lot better than google auth but I just wanna say that they're not:

1. relatively unknown - if you look up on online communites such reddit, it actually been recommeded a lot particularly on privacy and security focused communities, and even on bitcointalk by prominent members. also see their github: https://github.com/beemdevelopment/Aegis

2. nor a company - just some fellas doing god's work at no cost
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
If staking a Bitcoin address and a Bitcoin signed message is reminded in a notification for all new registered members in Bitcoin Talk, it will be useful for many new users.

I think it is more useful if it is not only an one-time notification after registration but also a pinned message for all users.

It is useful if 2FA, staking a Bitcoin address, a signed message is written in welcome message.

I think the way to have the best impact would be to make an infoid item about it.
The newcomers will most probably not know how to sign a message and such "requirement", even if not enforced, might scare them. On the other hand, seeing every few days about it could convince even existing users they may want to make an effort and learn how to secure their account.




Both are valid points, indeed.
legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
I think that having a bitcoin address staked in the proper place in the forum (and obviously, keeping its seed/private key really safe) is the correct move. All the rest, including this 2FA, is just some nice additions.
If staking a Bitcoin address and a Bitcoin signed message is reminded in a notification for all new registered members in Bitcoin Talk, it will be useful for many new users.

I think it is more useful if it is not only an one-time notification after registration but also a pinned message for all users.

It is useful if 2FA, staking a Bitcoin address, a signed message is written in welcome message.
legendary
Activity: 2254
Merit: 2406
Playgram - The Telegram Casino
Still I can bet that most use 2FA software on the same device as the websites/apps needing 2FA for authentication (hence still pretty much one single point of failure, hence doing it wrong).
Ideally it should be done on different devices but having them on the same device does not defeat the purpose of it. For example it can protect against a leak of your password, cause the attacker will still need your 2FA code to get into your account.
Not all breaches results in total security break on the device, so it has its perks.

I think that having a bitcoin address staked in the proper place in the forum (and obviously, keeping its seed/private key really safe) is the correct move. All the rest, including this 2FA, is just some nice additions.
Staking your address helps to recover your account after a hack, it does not protect you from one or the consequences.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
2FA security system is used almost everywhere now so everyone should know it

Still I can bet that most use 2FA software on the same device as the websites/apps needing 2FA for authentication (hence still pretty much one single point of failure, hence doing it wrong).
2FA is nice, but without certain precautions it's not so useful.
I think that having a bitcoin address staked in the proper place in the forum (and obviously, keeping its seed/private key really safe) is the correct move. All the rest, including this 2FA, is just some nice additions.
sr. member
Activity: 1400
Merit: 420
I'm a new member here and can't figure out how to use it on my account.
OP has made good efforts in explaining this 2FA feature. I doubted if anyone would still be confused about it, although I was also confused about it, but on the main post of theymos some members cleared up my doubts related to QR and the unique code we are given with.

I will say, follow the steps that OP has shown, then come back here and tell us if you are stuck somewhere, and we might be able to help you.
2FA security system is used almost everywhere now so everyone should know it and I think everyone knows it though op explained it very nicely which will be very useful for newbies. But for me it's not a big deal. Anyway thanks to the op for clarifying the issue here very quickly after the feature was introduced on the forum. This post is very helpful for those who are not familiar with 2FA.
hero member
Activity: 2506
Merit: 645
Eloncoin.org - Mars, here we come!
But rather than google authenticator, I suggest opting for aegis instead!

Couple of reasons are:

1. It's open source - google auth isn't
2. Offers encryption - google auth doesn't provide
3. Smoother and safer backup scheme - IIRC, google auth only provides QR code image (and you can't take a screenshot of this in-app) which you can use to export entries plus cloud backups. In aegis, you can automate encrypted backup files which you can then copy to other drive/s as a 2nd or 3rd backup.
4. Has a good history of being maintained regularly - google auth has actually been abandoned for so long and it was only recently that they started making some changes.

Get it at https://getaegis.app/
adding a 2 factor verification method needs a lot of time and coding. they've already did a lot of work implementing google 2FA and it is not been so long. I don't think Forum Admins would like to add another one or change  current Google 2 Factor into Aegis
I prefer Google 2FA, every website and application I know use google 2fa. it sounds more authentic than a relatively unkown company. BTW I had never heard of Aegis before. it looks like it has been around for quite a few years. but still, I didn't see any website or apps using their 2fa.
sr. member
Activity: 854
Merit: 424
Playbet.io - Crypto Casino and Sportsbook
Aegis was introduced by mk4 4 years ago in 2019.

Some more 2FA tools and password managers for better password creation and management.
https://www.privacytools.io/secure-password-manager

Adding 2FA for Bitcointalk accounts is great but users must know they should do other things to secure their accounts and for account recovery later.


Signing a Bitcoin message from a staked Bitcoin address.
Signing a message from a PGP key.

Stake your PGP key.
Stake your Bitcoin address.
Pages:
Jump to: