Security at QRZ Since 1993, QRZ has sought to provide the best technology available to our users. In the early days, before even Windows existed and at a time when dial-up modems were the primary connection to the outside world, QRZ was already serving callsign data online. A lot has happened in the past 24 years as computers, networks and operating systems have all gotten faster, more sophisticated, and more vulnerable at the same time. Similarly, crooks, criminals, and hackers have also become more sophisticated and expert at what they do. Security, once a "nice to have" option, has become an absolute necessity for even the simplest of websites. Today, QRZ is pleased to announce that we're making an extra level of security available to our users. To achieve this, our engineering team has implemented Two Factor Authentication (sometimes called 2FA) as a part of our overall security scheme. With 2FA, users are asked to supply a special one-time secret code, called a token, that is generated by an App on your device, or is sent to you via text messaging. This will happen whenever you change devices, browsers or location, and if nothing changes, is good for 30 days. This enhanced account protection mechanism is available to all users free of charge, including the token generating App known as Google Authenticator. Text Messaging Tokens You've probably seen this method used on banking websites or perhaps eBay or Amazon. You register your cell phone number with QRZ and when you attempt to login, we'll send you a text message containing your temporary six digit token. Since no hacker has physical access to your cell phone, the confirmation is secured. We want to make one thing absolutely clear: We will never call your phone and we will never disclose your number to any third party. Your phone number will remain absolutely private with us. App-based Token Generator An app-based token generator is a program (app) that runs on your phone, computer, or tablet device. Once the app has been loaded and registered with QRZ, it will generate a correct token code that you need to sign in to QRZ. The advantage to this method is that an active cellular connection is not needed. One of the best known apps for this is the free Google Authenticator, which is available for Android, iPhone, Blackberry and desktop systems. All versions work the same to provide valid security tokens. Things to Consider Note that once you are enrolled in 2FA you will be asked to provide a token upon your next login. Once logged in, QRZ uses a "cookie" to remember your device. Then, you will not be asked to provide another security token for that device, so long as you remain logged in on that device. If you use multiple devices, such as a phone, iPad, computer, etc., you will required to provide a security token when you login with each device. Logging into one device does not invalidate another device that is already registered. The security token doesn't replace having to use and remember a password. You will still need your regular QRZ password to login and will only be asked for a Security Token if the device or location you are logging in from is unrecognized. Which Method Should I Use? When it comes to getting your security tokens, you can use either method. If you register your cell phone number with us, you will have the greatest flexibility. When you also have the App on your phone, you will be able to login with or without a cellular connection. When you have the App loaded on your phone, you can use the token it generates to login from any device. For example, if you are using a library or public computer, you will be asked for a token. Then, you just open the app on your phone and type in the code that it gives to complete your login. Text messages work exactly the same way except that you must have cell coverage. Also note that if you are on a plan where you pay for individual texts, your phone company may charge you for the message. What if I Don't Use QRZ's 2FA? The use of Two Factor Authentication when logging into QRZ is completely optional. Existing QRZ members may ignore all of this and simply act as if nothing has changed. As time goes on, however, some features on QRZ may require that you are registered with 2FA and in particular we will be requiring its use in our Online Swap Meet forum. How does this Improve Security? Two factor authentication serves to make it impossible for your account to be hijacked. It requires that two pieces of information are given to complete a login (the token and the password), and one of those pieces of information is a unique, one-time code. With 2FA, your password, even if accidentally shared or disclosed to others, will not compromise your account because your second factor code (token) cannot be stolen. 2FA is one of the best and most accepted standards for login security.