I'll stick to eBay and PayPal...because it's safe and infallible! OKAY! STRAIGHT UP! WHO JUST SPIT THEIR COFFEE ACROSS THE ROOM?!? Great job QRZ!
Years ago someone hacked into my online bank account. I have no idea how they did that. But, I got an email about how my password had just been changed, something I had not done! Sure enough, I tried to log in and couldn't. I called the bank immediately and they locked the account. Who-ever the hacker was had changed the phone number contact but I couldn't find anything else. A few minutes later someone tried to buy some $1500 dollars of stuff at a Walmart, but the bank blocked the transaction. I looked the number up and it was registered to some guy in Miami. I didn't think the hacker would have been stupid enough to list his OWN number, but I'll never know. THAT is when I set up 2FA on my bank account and now on every other online account I have that offers it. There is just NO reason not to this day and age.
I'm making a 2nd post because, I've literally given up on selling on "that online auction site." BECAUSE...I'm BEYOND sick and tired of the aforementioned NEVER willing to deal with the EXACTLY what the premier ham radio is WILLING to do. I'm not going to tie up QRZ and bore you to death with examples of what "that online auction site" is capable of. AND, since "that online auction site" is never afraid to stuff their "policies" up the SELLERS nose with RARELY a course of resolution simply because.....THEY CAN. 73 all...
I am interested in 2FA. Can I use SMS from Germany? Any experience that the code than is expired. Is the code only 30 seconds valid? That is very short, two minutes would be better.
1). FYI, it often takes up a minute or two for my verification codes to show up on my iPhone (network is Verizon Wireless). So sometimes it takes several tries to log in. 30 seconds lifetime for these codes seems rather short. 2). Was unable to get Verified User set up to work using either Safari, or Google Chrome, on my iMac with OSX 10.14.5. It could not get the certificate. 3). But it worked the first time using Firefox, and was Approved moments later.
30 seconds does seem quite short (although I don’t have problems here luckily). What is the reason for such a short time as opposed to a minute or two?
I verified using my LOTW certificate, and (unusually for me) it worked the first time. Now I understand why it sometimes takes me several tries to log in when using the received code - I didn't know about the 3o second expiration. I automatically blamed it on something I was doing incorrectly...I feel better now. Jim
We don't send SMS Text Messages overseas because of the cost. We currently send out about 15,000 texts per month at a cost of about one half a cent each. Texts sent to Germany, on the other hand, cost 9.5 cents each which for us is prohibitive. There is some play in the 30-second timeout. By my observation, more failures are due to mistakes transposing the number (fat fingering) than to the timeout. The 30-second value was chosen by industry recommendation.
I would love to have this type of security on all my accounts.... You did a great job Fred of lining out the finer points of how it works and got in some great lines on Civic Duty. I setup the 2FA once I saw it was offered. I use my QRZ account in on various devices at different times and I feel better knowing that it takes more than just a password to get into my log. It works great on my phone (Android) , IPAD, Laptop, and PC. I like the idea of the Website insuring that it is me logging onto the system. Great article Fred!!!!
I am confused! I downloaded the recommended app AUTHY to my cell phone. I then started to enable 2FA on QRZ.com and the only choice was GOOGLE authenticator? Do I need both apps? When do I use AUTHY?
Fred, I certainly can't say I've never fat-fingered the code, but I can blame my cell carrier for how long it takes the texts to come through - sometimes it's a lot more than 30 seconds from when I request the code until it arrives. I just keep trying until it works Thanks for running a first-class site. 73, Jim
Using email to deliver codes would break things. An email has far less security than a text message and has way too many security holes. Not only that but the fundamental paradigm of Two-Factor Authentication says that you need something that we both share (your password) PLUS something that only YOU have (your code). If we send you the code then the paradigm is broken. Sending it by text is considered secure because it will only be delivered to a single phone number, one which we vetted when you setup your account. Check the video of how to setup the app on your computer: https://forums.qrz.com/index.php?th...-factor-authentication-w-o-cell-phone.661624/
Google Authenticator is a placeholder name. Just ignore the word Google and proceed with Authy 73 -fred
As most of us have smart phones next to our computing devices accessing QRZ.com (perhaps they're even one in the same), there's no legitimate reason not to turn on and use 2FA these days. It's commonsensical.