You may not be aware that QRZ has a policy of locking hacked accounts and then not allowing access by the callsign holder until that individual goes through a Verified like identification process and has completed 2FA enrollment. Your other thought on making rules changes sounds great but the reality is those folks who are being scammed generally don't read the rules, don't understand them, and will violate any they may be aware of if they think they can get a steal of a deal. Greed and ignorance always prevails.
For those who still do not believe this stuff happens, we just had, in the last 10 minutes, yet another account hacked by someone in Nigeria, posting an FT-891A up for sale. The IP address of the for-sale ad traced to Nigeria. The "seller's" account was closed to prevent further ads being posted. Had this "seller" used 2FA, the fellow in Nigeria - even after figuring out the password - would not have been able to log in because he would not have access to the "second factor" (the cell phone or app or other code delivery method) and thus could not enter the 6-digit code. I would strongly recommend that everyone think about your password - is it STRONG? If it's just plain words like "appletomato" or "peaceismyfriend" it WILL get hacked. There are zillions of "dark web" hacking tools that will work through millions upon millions of combinations very very quickly. Think about using ALL of the following: punctuation, capital letters, lower case, and numbers - and if there is a "word" embedded don't use a word that would be in a dictionary. Make up a word! "&Blorky1689%" would take eons to crack compared to "appletomato" The 2FA may seem a PITA but it could possibly prevent a thousand dollar scam - but if you choose not to use it, at least create a much stronger password. Dave W7UUU
There are 2FA app alternatives to Google you can find mentioned online. You do not need to use their app.
I too am one of those without a smart phone. Out of town where I live, cell phone coverage is spotty at best, and doesn't even work at all here in the basement where I have my radio shack and computer desk. Being able to do the "Identity Verified" step with the computer is about the only way I would be able to accomplish that. Phillip WB8TCB
Based on everything I know at this point, using the computer to "get the code" will most certainly be an option. For now, is your password STRONG? See my post above. ANOTHER Nigerian attack in the last hour - hacked a users password Dave W7UUU
QRZ won’t have to “support” any specific app. All of the Google authenticator like apps already support the technology that the site is using. I use an app from a password manager application.
I think the point someone made earlier that there are other authenticators than Google. That's all I meant. Dave W7UUU
