Video: How to setup Two Factor Authentication w/o Cell Phone

Discussion in 'Ham Radio Gear For Sale' started by AA7BQ, Jun 9, 2019.

ad: L-HROutlet
ad: l-rl
ad: L-MFJ
ad: Subscribe
ad: Left-3
ad: MessiPaoloni-1
ad: Left-2
  1. W7CJD

    W7CJD Ham Member QRZ Page

    I am asking if I setup a WinAuth Verified,

    1. do I have to leave it on my Windows tablet Desktop?
    2. if I disable it, do I have to set up the VERIFIED all over again?

    ..and does the little WinAuth utility reside on my computer as do software? or certificates?

    Do I have to leave it active on one of my Windows tablets?

    My everyday tablet is my iPad Mini 2.
  2. IU3IPZ

    IU3IPZ Ham Member QRZ Page

    Hi, I'm sorry, excellent and explicit video. It is still too complex (for me...yes;) I copied from K6BSU). I'll continue to be an
    "unverified seller".:cool:
  3. KB2SUJ

    KB2SUJ Ham Member QRZ Page

    I was leery at first of going through the process. I was concerned that every time I logged in, I'd have to do the 2FA. Nope, just the once. Now, I am sure if people jump from computer to computer to phone, they might have to redo the copy and pasting of the codes. It is possible from time to time for QRZ to require a refreshing of the 2FA code as well. But truthfully, it is not a big deal. The process is simple, once you understand it.
    To be fair, I am very computer literate and still was apprehensive. I am not keen on installing applications just to satisfy a single site. But I also know how to fully reverse any changes I make to my system.
  4. KB2SUJ

    KB2SUJ Ham Member QRZ Page

    1. As long as you can access the app, if and when you need it again, its' location does not matter.
    2. If you remove the app from your tablet, it does not affect you Verified status. What the app does is it logs the unique ID from the motherboard of your device. It reads it, creates a code and one time, that code is verified. Going forward, each time you login, your motherboard ID is read and that is compared to the coded value stored at QRZ. That way they know that the verified user is who you claim to be. The aspect of supplying a photo ID enables QRZ to know for sure that the person setting up 2FA is who they claim to be.
    3. You do not have to run the WinAuth unless you need to update your 2FA. Then you simply pick the site name you assigned to QRZ (I saved it on my machine as QRZ.Com!), get a new code, copy that coe and paste it into the box on the QRZ site, it will give you a coded number which you paste into your WinAuth app and that should be that. QRZ already has tied your identity to the WinAuth.

    I'm sure Fred will correct me if I am wrong in my understanding of the logic.
  5. AA7BQ

    AA7BQ QRZ Founder Administrator Platinum Subscriber QRZ Page

    Not sure about the motherboard hardware ID thing, but it is certain that it uses a cryptographic random number generator that is possibly seeded by an external value. There are lots of ways to get a random starting number, and the motherboard ID would be as good as any.

    If you remove the app from your device then you will be locked out of QRZ unless you have backup codes. Then, you'll have to ask support to remove 2FA from your account, which will de-verify you. If you use backup codes then you'll be fine.

    73, -fred
    KB2SUJ likes this.
  6. KB2SUJ

    KB2SUJ Ham Member QRZ Page

    I know Microsoft uses the unique value in BIOS (Mother Board ID) as part of their 2FA to register the operating system and link to the UserID/Passwords for that box..

    Good to know about the backup code bit FYI, I had installed the application, did initial setup (name, phone number) then uninstalled it. A few days later, I reinstalled it and it had my name and phone number data in it. It must of written to the registry or stored in in a file that did not get removed on uninstall.

    I was just looking at the application, I have enabled backup "Authenticator Encrypted Backups 'Enabled' (in red) however my QRZ one says 'Not Backed Up' (in red). I did not easily see how to make that happen.

    So... where do I locate the backup code and can it be enabled for QRZ in the application?
  7. KB2SUJ

    KB2SUJ Ham Member QRZ Page

  8. W7CJD

    W7CJD Ham Member QRZ Page

    Thank you.

    One more question: I could get VERIFIED with my Windows tablet (I have for downloads because I do not like iCloud) then, use my iPad Mini 2 (for everyday internet)?

    2FA has to be Windows.

    The "codes" would not be in my iPad Mini 2.
  9. KD7MW

    KD7MW XML Subscriber QRZ Page

    I'm not sure if this is the "right" way, but here's what worked for me. I have a Windows PC and an Ipad mini. Once I had established 2FA on the PC, I could no longer find the "seed" code on my Account listing on the QRZ Web site.

    On the PC, in WinAuth.exe, there is a gear icon that brings up a menu. One of the choices is "Export." This writes your account(s) information into a text file that's in a Zip file. You can then go into the Zip file, open the text file and copy the code to the clipboard. It's the long string of upper case letters and numbers after "Secret=" and before "&digits=6". Email this to yourself. Install the Authy app on your iPad. Copy the code out of the email, create your QRZ account in the Authy app, choose "Manual entry,"then paste the code into the proper line in the Authy app. Once you have everything working, delete the emails from both your Inbox and Sent folders, and empty your trash.

    As I said, this worked for me. If there's a better way, somebody please say so.

    A couple of other tips that might be useful to others:

    1. WinAuth.exe is the program file. It isn't installed like most Windows programs. So don't waste time looking for it in the Program Files folders. You'll probably find it in your Downloads folder in its original Zip file, or wherever you copied it to when you were setting up your account.

    2. The instructions for sending the TQSL certificate to QRZ in Firefox are for an older version. Things don't look quite the same, and "Preferences" is now "Options." I was not able to send the certificate in Firefox. It told me it had failed before it asked me where the certificate was. I think, having read umpteen pages of comments here, that the culprit was my pop-up blocker, which needed to be disabled. I also have several privacy add-ons in Firefox (Privacy Badger and an ad blocker, and I didn't want to tease out the problem by disabling all that. I'm running Win7, so I had good old IE 11 available. In IE 11, the TQSL certificate transfer worked easily.

    Hope this is helpful.
    Last edited: Jul 3, 2019
    AA7BQ and AJ4GQ like this.
  10. K8XG

    K8XG XML Subscriber QRZ Page

    Hi folks, I need to change the phone number for 2FA, but the page only allows me to disable it.
    Is disable and re-enable with a new number a proper process or will it lock me out?

Share This Page

ad: w5yi