I see no reason to provide .onion access to GLBSE as most accounts that have been compromised the attacker has used Tor to do so.
I did not know that. Fair enough. Thanks for sharing the info
Topic: Two-factor authentication and GLBSE (Read 4090 times)
I did not know that. Fair enough. Thanks for sharing the info
well.
and what about the .onion access point to glbse?
or releasing 1.0 javascript black/blue version with keys only for authentication?
I see no reason to provide .onion access to GLBSE as most accounts that have been compromised the attacker has used Tor to do so.
As for releasing GLBSE 1.0 code, I suppose, all it will do is show how bad a code I am I think.
well.
and what about the .onion access point to glbse?
or releasing 1.0 javascript black/blue version with keys only for authentication?
nice advice, but using glbsee with tor seems a good thing to me.
Nefario have you thought about using a Tor hidden service?
Nefario have you thought about using a Tor hidden service?
Really I'm only kidding, often the issue is the time since GAuth used on GLBSE is time based.
Anyway, I've ordered a Yubikey so will adding this as a two-factor auth method as well.
nice advice, but using glbsee with tor seems a good thing to me.
Nefario have you thought about using a Tor hidden service?
Nefario have you thought about using a Tor hidden service?
well , I have enabled 2-factor auth and when it is used from firefox with tor, it didnt let me log in.
if i turn off tor, everything works again. ( using foxyproxy standart)
any hint?
Thank you.
if i turn off tor, everything works again. ( using foxyproxy standart)
any hint?
Thank you.
Don't use tor.
well , I have enabled 2-factor auth and when it is used from firefox with tor, it didnt let me log in.
if i turn off tor, everything works again. ( using foxyproxy standart)
any hint?
Thank you.
if i turn off tor, everything works again. ( using foxyproxy standart)
any hint?
Thank you.
I got this old bug where 2 step is enabled without ever enabling it. :-(
And I noticed it yesterday so I will probably have to wait till Monday to withdraw some of my funds. (even though my ticket says it has been assigned)
And I noticed it yesterday so I will probably have to wait till Monday to withdraw some of my funds. (even though my ticket says it has been assigned)
2 factor auth has now been made easier, the time on most peoples phones is set by the carriers network, turns out most networks like to be about a minute fast. I've updated 2fa to take this into account and should allow users with slightly fast phones to get in.
Nefario
Nefario
Nevermind, I found the "trick": you have to be slow before hitting the "Login" button.
If you type too fast captcha and auth code and hit the logjn button, it somehow assume the auth code is wrong. Weird...
If you type too fast captcha and auth code and hit the logjn button, it somehow assume the auth code is wrong. Weird...
Thats a feature not a bug
Same thing here: said "incorrect code", and ther's absolutely no way around. This was on a test account.
Now it seems my phone clock was out of sync of over half a second, corrected, it works. Now I'll try to enable it on the "real" account; let's hope for no bad surprise...
Now it seems my phone clock was out of sync of over half a second, corrected, it works. Now I'll try to enable it on the "real" account; let's hope for no bad surprise...
So, I'm actually trying to enable two factor on my account, and I don't understand what I'm supposed to do. I click on the "enable" button for two-factor authentication. It takes me to a page with a QR code, the manual text code, and 4 check boxes for various aspects of the site. under that is a field to enter an auth code if you already have two-factor enabled. I scan in the qr code to authenticator, i selected what I wanted to protect with two-factor, then I hit submit, because I don't already have two-factor enabled. I get an error that says "wrong auth code" and get the page back with a new QR code. So now I have to delete the one I added, add the new one, select things, then this time I add the current auth code for that account and submit. Same error message.
What am I doing wrong?
What am I doing wrong?
Exact same thing happens to me. I've tried the 6-digit code from my Google Authenticator app, and I've tried that 16-digit string under the QR code multiple times. Every time it just says "Auth code is not correct, please try again"
So, I'm actually trying to enable two factor on my account, and I don't understand what I'm supposed to do. I click on the "enable" button for two-factor authentication. It takes me to a page with a QR code, the manual text code, and 4 check boxes for various aspects of the site. under that is a field to enter an auth code if you already have two-factor enabled. I scan in the qr code to authenticator, i selected what I wanted to protect with two-factor, then I hit submit, because I don't already have two-factor enabled. I get an error that says "wrong auth code" and get the page back with a new QR code. So now I have to delete the one I added, add the new one, select things, then this time I add the current auth code for that account and submit. Same error message.
What am I doing wrong?
What am I doing wrong?
Also check the time on your phone. If its off by a few seconds then 2factor/Google Authenticator may not work.
Nevermind, I found the "trick": you have to be slow before hitting the "Login" button.
If you type too fast captcha and auth code and hit the logjn button, it somehow assume the auth code is wrong. Weird...
If you type too fast captcha and auth code and hit the logjn button, it somehow assume the auth code is wrong. Weird...
Am I the only one to have trouble connecting with 2-factor auth?
I always get the same error "Auth code incorrect", while solving capcha.
yesterday I did a this issue once, but after a second try I managed to login. Today I can't login at all.
I always get the same error "Auth code incorrect", while solving capcha.
yesterday I did a this issue once, but after a second try I managed to login. Today I can't login at all.
2factor auth is now available for logins.
For those who don't have a smartphone (or are too lazy to use theirs) here is a simple ruby script that does the same.
http://pastie.org/3923747
Install ruby
then
save the text to a file (in this case lets say 2fact.rb)
execute
Should spit out the correct code.
You probably want to do this in Linux (I don't really know how to do it in windows), and you need to have your systems time very accurate.
For those who don't have a smartphone (or are too lazy to use theirs) here is a simple ruby script that does the same.
http://pastie.org/3923747
Install ruby
then
Code:
gem install rotp
execute
Code:
./2fact.rb
Should spit out the correct code.
You probably want to do this in Linux (I don't really know how to do it in windows), and you need to have your systems time very accurate.
GLBSE should write on the button: Two Factor Auth is at the moment - on or off
And than they should explain thier customers what happens when they enable the two-factor authentication.
And than they should explain thier customers what happens when they enable the two-factor authentication.
It would be nice to have 2 factor auth even for just logging in.
Really?Pulling out my phone and typing 6 digits is well worth the security.
Sure, I'll add this to the next update.
It would be nice to have 2 factor auth even for just logging in.
Really?Pulling out my phone and typing 6 digits is well worth the security.
Jump to: