One Of The Downsides of Getting Verified on QRZ.com

Discussion in 'Stolen Radios, Scams and Rip-Offs' started by WA3LKN, Jun 13, 2019.

ad: L-HROutlet
ad: l-rl
ad: K5AB-Elect-1
ad: L-MFJ
ad: Subscribe
ad: MessiPaoloni-1
ad: Left-2
  1. WA3LKN

    WA3LKN Ham Member QRZ Page

    I think the 'verified' program for QRZ.com is a great idea, not only for making it hard for the Nigerian scamsters and others from accessing QRZ.com, but it's also good risk management for QRZ.com as a business.

    I don't have cell phone texting capability intentionally and on purpose, so to get verified on QRZ.com, their IT folks kindly referred me to "Winauth for Google" which, after fits and starts I was able to use. The two factor authentication occurs via a little program you download to your PC every time you want to use it that gives you a 6 digit code you enter into the QRZ log-in once a month. The Winauth program has to be linked to a google account as I understand it.

    So far so good.

    I used a g-mail address I'd had for years, just sitting there with no activity.

    Now that it's linked to 2 factor authentication, I've had dozens of spams that I never had before.

    Since I don't use g-mail for anything else, it's no big deal, but it shows you how your information is getting used.
     
    KK4NSF and K3XR like this.
  2. N4UP

    N4UP Premium Subscriber QRZ Page

    Sometimes great ideas work out well, and sometimes we have to make adjustments. Using Google for authentication was not an option for me, but I had a cell phone with texting, just didn't have a cell signal to work with at home. Had to buy and install a cell phone booster with outdoor yagi, and even then I only have a signal in part of the house, not in the radio room, and sometimes no where. And seems like QRZ has a short time limit before the code expires, no doubt not a problem for most people. But for me I have to get the code at one end of the house then run to the radio room before the code expires. But at least I am not being spammed any more than normal ( isn't is sad that we think of getting spam as "normal" ).
     
  3. KV6O

    KV6O Ham Member QRZ Page

    There are other options besides Authenticator, and you don't need cell service (unless you're trying for txt's on a cell phone). You can even use Google Voice and receive txts that way if you must, no cell phone or service needed, only a web browser. But using a 2FA app is probably easiest.
     
  4. WA3LKN

    WA3LKN Ham Member QRZ Page

    I still think 2 FA is a great idea but there is another potential downside:

    I used the PC-based Winauth application that the QRZ.com folks recommend to generate the second factor, and it was great for the first month. When I went to re-enter the second factor authentication code after the first month Winauth didn't like my password, which I had recorded when I set it up.

    To the best of my knowledge there's no way to recover a lost password for Winauth. Intentionally and on purpose by the developer. Period. If you google 'lost Winauth password' there are some folks talking about rummaging around in your computer's bios and registry. Not at my level.

    No big deal except when I occasionally sell ham gear, QRZ.com swap meet forum isn't an option.
     
    N3AB likes this.
  5. KJ4VTH

    KJ4VTH Ham Member QRZ Page

    OK. Not my experience at all but to each their own.
     
  6. WA3LKN

    WA3LKN Ham Member QRZ Page

    Not your experience?

    I don't know what you're referring to.

    So there's a simple and easy way for non-IT folks like me to recover Winauth passwords?
     
  7. KJ4VTH

    KJ4VTH Ham Member QRZ Page

  8. WA3LKN

    WA3LKN Ham Member QRZ Page

    If you actually read that, it talks about generating backup winauth files that I don't think most mortals actually do. And after the fact, it's not possible. Read it again.

    When I asked the QRZ.com helpdesk folks and actually generated a 'ticket' the response was...well...crickets.

    https://github.com/winauth/winauth/issues/160

    "No there is no password recovery, as your password is what is used to encrypt
    and protect your authenticator. .."
     
    Last edited: Jul 21, 2019
  9. AA7BQ

    AA7BQ QRZ Founder Administrator Platinum Subscriber QRZ Page

    The way to fix this is to login, disable 2FA, and then set it up again. If you can't login then you have to file a support ticket and we have to verify you with ID in order to re-open the account to non-2FA state. Otherwise, anybody could say "I need 2FA lifted on my account", which would be an open door to hackers.

    Also, some folks don't understand that when you use an authenticator program that isn't cloud based (like Authy), then your setup is tied to the machine it was setup on. You can't, for example, load WinAuth on a machine, set it up, and then load WinAuth on another machine. It doesn't work like that. That's because there is a secret key that is stored locally on whatever computer you set it up on.

    I've been using Authy for over a year and I can honestly say that it has never failed me, not ever, and it is available on multiple devices including my PC, my Phone, and my iPad. It's perfect for what it does. All copies of WinAuth share the secret key via the cloud.

    73, -fred
     
  10. AA7BQ

    AA7BQ QRZ Founder Administrator Platinum Subscriber QRZ Page

    This isn't our fault. QRZ never, ever, gives out details or email addresses to marketers. We never have and never will.
     
    NU4R, N2TLR, KA2FIR and 1 other person like this.

Share This Page

ad: cq2k-1