I don't have a smart phone and my flip phone doesn't get texts. I went to Google Authenticator and typed in QRZ.com. Thought I was to type in the 123456 number as I had no other number to type in. Maybe that was my whole problem. No text, no numer. Somehow i got a number and typed it in QRZ. Never worked. Got a headache real quick after almost an hour of trying. Wife used tablet and took picture of the QR code and was able to work it from there. I saw that not only was it QRZ.com but it added my call sign at the end of it. Could it be I needed that initially when using Google Authenticator? I'll never know. And maybe I just got the directions wrong. Got it going thanks to my wifes tablet. Thank you QRZ for the extra security. I'll get a a smart phone one of these days, but new technology really makes it hard for us with flip phones. Oh well, my problem. 73 Pat
My only complaint with this is it seems I have had to enter the authenticator code more often than 30 days...which is another part I don't like. I have other sites that have used an authenticator code but after it is setup on a particular computer and browser I don't have to enter it again. Here on QRZ, on more than one computer, I've already had to reenter the authenticator code as it seems to forget that I 1) am already logged in and 2) have already authenticated this browser. This does not happen with other sites so I know it is not a browser setting that is erasing cookies or something. Hopefully this minor issue is cleared up soon.
Excellent! Thanks to Fred and everyone else involved in implementing this. Ya'll have made significant progress in reducing Scam Ads and this new protocol, once implemented as a requirement for all sellers, will get rid of most of the rest. Good job everyone!
None of my devices are ever "remembered for 30 days". What a nuisance. But if you don't jump through these hoops, you can't use logging software like N3FJP. I don't have my cell phone with me all the time. Why do none of my devices get "remembered for 30 days"???????????? Dave W7UUU
Just had to re-enter the code again after just a few days. And it isn't my browser settings - I stay logged in to numerous other sites with no issues. It's something in the settings on this site, I'm sure; and by that I mean on the back side, not anything we users can control.
Security always comes at the cost of convenience. In order for a machine to be remembered for 30 days, it has to save certain information and the machine's attributes must remain unchanged. For example, your browser must retain the cookies sent by the QRZ server. Then, the machine's IP address must remain the same. It isn't unusual for people's IP address to change depending on their internet service provider. Some wireless networks, for example, can change IP addresses on the fly, even within a single session. The bottom line is that in order to be certain that the returning user is the same authenticated user, certain conditions must be met. Your session, for whatever reason, isn't meeting those conditions. The #1 most likely reason is that the cookies are being cleared. We realize that it's a difficult problem to solve when it may come to your ISP, but rest assured that the system works very well. As I type this, I'm using a laptop which was just awakened from a night long sleep, and I did not have to re-login. Note that I said "sleep" and not "turned off". I never "turn off" my computers, ever. Many machines / operating systems do not store cookies after a reboot or power cycle. Since I enabled 2FA on my account, I've only had to perform the Authenticator login whenever I've picked up another device, or, used a different browser on the same device.
Good info. However, the fact that I stay logged in to numerous others sites - including some that utilized 2FA - tells me it isn't a problem on my system. Otherwise the others wouldn't remain logged on for weeks and weeks and weeks (or months and months, as the case may be; some that use 2FA only ask me for the second factor to authenticate when I am on a computer I've never signed on from before).
I never stay logged into anything or site. Not good security. My computer is off when I'm not using it, but partially thats cost of electricity.
This is a good example of what may be "apparent" is far from being clear. Case in point: I'm using the system, just like you are, with 2FA on my account. I'm not having the problem that you report. I do not have to re-login, even after I reboot my computer. I don't have any "special" privileges that affect this. The browser that you use is important, and not all browsers are equal. I'm using mostly Chrome and Firefox. I never, ever, use IE or Microsoft Edge. It's just my personal preference, and it works very well for me. My point here is that you might consider trying something different (we don't know which browser you use). There are also many different anti-malware, anti-virus, and anti-phishing solutions out there. Not all of them work 100% of the time. There are a lot of false positives and the problem just keeps getting bigger. Every computer and every user is different, and almost nothing can be taken for granted when it comes to the capabilities of the remote system (your computer) that we are expected to support. Generally speaking, it's never the fault of your hardware. It's the software. Every computer has a unique set of programs loaded, a unique set of patches applied, a unique browser and cache history, and a unique user. When you put all of those things together, the total number and combinations of things that could be wrong is staggering. If our goal was to serve the least common denominator with ultra-simple graphics, no javascript, and no advanced web technologies, our site would start to resemble Craigslist, and we would have to kiss our Logbook goodbye. I'm sorry that I can't pinpoint the problem from your perspective. I hope that you understand that irreproducible problems are among the most difficult to resolve. There are two pieces of good news here: 1) your account is secure, and 2) if it becomes irritating, you can opt-out.
Chrome and Firefox here, too. I don't use IE or Edge, likely for the same reasons you don't if I was guessing. lol
Nice Job QRZ. Thanks for taking my suggestion to heart. It should put swaplist folks minds at ease. Now if you really wanted to get into things, you could issue oauth tokens and attempt to create a standard that other ham websites could use. Like how a lot of folks use their facebook token at other sites rather than creating another individual account for that site. You'd need to get on the soapbox publish an API or something to let other sites know about it though.
