Easy peasy. Install the app (if you want), click the button to turn on authentication, choose the app or text message method, put in the cell number, and if you chose the app, run it, scan the bar code, get the number, type it in quick before it resets. One suggestion is to 'splain the steps before someone starts the process. I wasn't sure if I needed to provide my cell number *before* I turned on the authentication, so I didn't lock myself out.
QRZ does 2-step every single time I log in. Checking "trust this device..." does not help. What an annoyance! I will probably turn it off. [Editor: The app asks for 2-step because your browser isn't saving the cookie that was given the last time you logged in. When you make a successful login, the your browser is handed a cookie that it is supposed to present to QRZ upon subsequent visits. This cookie is your "pass" that makes it unnecessary to use 2-step. If you login using a different computer, you will be asked to perform 2-step again, because the different computer doesn't have the 'cookie' from a previous login. Some browsers toss out a lot of cached items and cookies when they are closed. When this happens, you'll have to use 2-step upon the next visit to the site. Many of us that use QRZ daily NEVER close their browsers. In fact, I never shut down my computer at all, and I seldom close (X) my browser. There simply is no need to do so, and I don't want to de-cache everything that I already waited for. If you're the type that closes your browser and shuts your computer down after each use then you will need to investigate ways to make your browser keep its cookies across reboots. I'm also a 2FA user and I can tell you, I haven't been asked to re-authenticate since I turned 2FA on in my account, on this computer. I have had to re-authenticate when I opened QRZ on my smartphone, because it's browser hadn't logged in and obtained a cookie yet.... -fred]
How will this work with logging programs and XML subscriptions? None of my logging applications would have a place to enter the token at this point [Ed: The XML service does not use 2FA and isn't affected by the new feature. -fred]
How secure is this on Google's end ? They have been hacked in the past. [Ed: Google isn't used in this solution. The Google Authenticator App doesn't use the internet. -fred ]
I don't have a cell phone and probably never will. Will I have to close my QRZ page? [Ed: That's a silly question. We said that the feature was OPTIONAL, and for your own safety. There is an App for the PC that will provide the code(s) like the smartphone App. Just search Google and you'll see many different ways to run the Authenticator, including as a browser plug-in. -fred]
Please remember that 2 Factor Authentication is completely voluntary. If you choose not to use it, you can continue to operate just as you do now. It also affects only logging into QRZ. If you choose to enable it, it will slightly change the way you log in to QRZ, but will have no effect on your XML subscription or use.
You can pretend you never saw this post and do exactly what you've always done and you will have no difficulty. Note also that there are apps that would enable you to use the Google Authenticator on your desktop machine if you are itching to do so. 73 Jaime
Currently only the Google Authenticator option is available outside of the US and Canada. (no SMS option)
At this time two factor authentication does not apply to the XML API so you should have no problems with any logbook software you are using.
Assuming your tablet has a camera it is likely capable of using the Google Authenticator app if you so desire.
We are monitoring this and the 'trust this device' feature will improve over time. Unfortunately a small number of users may find that they are asked for the token on every login - This is usually because your internet connection has an ip address that changes often. This can be common with some LTE Hotspots and cellphones.
Once setup with the authenticator app everything takes place on your phone without any communication with google, There isn't even a need for the device to have an internet connection. If you really want to cut google out of the loop completely you can use the SMS option.
Just a note.. You do not need a camera on your tablet or laptop. Simply right-click the bar-code from the QRZ page and select copy the image url. Then paste this url into the authorization box and you are done. I downloaded (free) WinAuth 3.5.1 for my desktop pc and set it up this way. works great.