QRZ Security Update: 2FA and Verified Users

Discussion in 'Amateur Radio News' started by AA7BQ, Jun 12, 2019.

ad: L-HROutlet
ad: l-rl
ad: abrind-2
ad: Subscribe
ad: QSOToday-1
ad: L-MFJ
ad: Left-3
ad: Left-2
  1. NI9Y

    NI9Y Ham Member QRZ Page

  2. KB2FMH

    KB2FMH Platinum Subscriber Platinum Subscriber QRZ Page

    Got it working. Thanks.
  3. NA4RA

    NA4RA XML Subscriber QRZ Page

    Great job Fred and QRZ outstanding staff!! Thank you and 73.
    EB1BSV likes this.
  4. KF5YOT

    KF5YOT Ham Member QRZ Page

    JMHO, I believe this aught to be taken a step farther and have every user display their good working email address in their profile page.
    John KF5YOT
    K3EY and W1TRY like this.
  5. W8QZ

    W8QZ Ham Member QRZ Page

    The 2FA thing is a good move. I've personally experienced both a scam seller (not on this site, though), as well as an account hack / takeover. Keep up the improvements, Fred!
    EB1BSV likes this.
  6. N4LCH

    N4LCH Ham Member QRZ Page

    It seems you have to have a cell phone to use this feature reliably. Unfortunately I don't have a smart phone and I do very little business via a cell phone. I've used the phone (land line) verification method and it is indeed unreliable. As you say the verification code can arrive too late. I've also used a keychain verifier that worked very well but I realize that is out of the question here. Is there another app that can run on my computer to do the second step or can the 2nd step be done via email?

    You run a great service and it keeps getting better. Keep it up we're with you.
    Last edited by a moderator: Jun 12, 2019
  7. K0DD

    K0DD Premium Subscriber QRZ Page

    If you're going to be on the internet YOU are sooner or later GOING to be a victim of some sort of attack. The more time you SPEND going to NEW or Adventuring around the Net the HIGHER your chances of something happening. Only one person Has your phone hopefully and if you get the text its EZ to enter on whatever computer you're using. Probably the most secure I can think of. Automate and once again you're exposed.

    I'm happy that Zed is making an effort, taking the time and resources to step up security the best they can to GIVE US the best chance possible. After spending a "sizable" portion of my business career in IT Consulting, Including web and email hosting... I have a pretty good idea what and where these attacks are all about.

    About two years ago I was sitting at my computer enjoying a morning coffee and BOING in comes an email thanking me for a payment to a SCHOOL BOOK RENTAL joint. WHAT? The amount was only $12.95... BUT it was their quick test that somebody isn't paying attention and BWAMMO a serious bad person was about to Clean out my account. It was my PayPal Business debit Mastercard... The only reason I even noticed THAT transaction was all PayPal transactions send emails... At the time PayPal WAS MY ONLY BANKER and I was doing a good volume with them.

    There was only ONE Place that debit card would come out of my purse and that was at the local Pizza joint and my husband was notorious for hitting the driveup window and handing over card to whoever was at the window. WELL these people had my card in hand to copy everything off of it. The management at this particular restaurant was flying fast and loose at the time and employees were all a bit marginal.

    WELL a call to the company HQ which is only 25 miles from here, big semi-local chain owning all stores in about every town around, anyway Corporate VP took over the store The very next day and pretty much cleaned house. They have all new peeps working there, and Craig now walks in and deals at the counter JIC.

    Now get this, about three days AFTER all these Executions with extreme prejudice at the Pizza Palace... I get an email from a rather large Texas Plastics company. Months earlier I had some custom FR4 boards cut by this outfit for a Broadcast Transmitter rebuild that had taken a Direct Hit and had blown apart the Power Supply stack. Well this email starts by saying we really apologize but we have had an online data breech of our TRANSACTION server... That bad guy had ALL of their online transactions, customer files and PAYMENT INFO for about 150,000 customers... Wonnerful! Talk about Hiked Skirts.

    SO which company with a swinging door financial policy was the guilty party for the attempt at my Bank Account? Like OOPs.

    A few weeks ago one of the normalesk Zed Swapmeet types posted an MFJ Tuner for sale... The seller did not respond ONLINE to a very insistent customer wanting to buy it for a couple days. So then finally a bunch of people posted If he doesn't take it I'm also interested in it. etc etc etc... Well sure why not. I'm about #3 in line now... and I wouldn't mind the thing. So I posted too. giggling the whole time.

    WELL took about a day and I get this email stating I'm So in So and I also have one of these MFJ tuners and I have pictures HERE to this link... Fortunately at the time I was just waking up and was laying in bed watching the weather all pre coffee when I turned on the wifi connection on my fone. LIKE who is this guy? well I was saved as I use 15 character random passwords generated by an online generator. I printed 80 up and randomly select a password. The only one memorized is my Bank Account... The one for the Router is about 30 characters..... and when I clicked on the link in this email my fone didn't have a password for THAT login page...

    I thought that is rather odd. Have I been logged in 30 days already? As I don't have it memorized I couldn't log in. But I tried to click around the site. It Didn't work right anyway, couldn't navigate anywhere... I come down to the Toy Room and email this clown and ASK who and the Heck are you anyway? Well this is one of the scammers apparently everybody is talking about. Could have gotten a password even one I don't remember...

    HAVE a great day everybody... Don't be asleep when entering passwords, and be careful WHO has your credit and debit card info... Using random payment systems and YOU are going to get Nailed when you least expect it. I pay for about everything with PayPal myself. I've been on there since they opened. I no longer have the Debit Mastercard as the goofs in the Philippines couldn't handle the name change. The Card kept coming with Erika von Timme (maiden name) and couldn't get it changed to Ostlund... 4 attempts and even my Paypal account was changed right away... wonnerful.

    Six, Two and Even over and OUT!

    Erika DD
    G3SEA, K0GOV, W7GST and 1 other person like this.
  8. KK0DJ

    KK0DJ XML Subscriber QRZ Page

    Thank you Fred for adding this additional security feature. :) 73
    EB1BSV likes this.
  9. W7GST

    W7GST Ham Member QRZ Page

    Greetings James. I use Windows 10 and IE on my computer and I got it done with no problem. And believe me, I'm NO computer wise by far, hi hi. By the way, Great bio page you have there.
    Good luck, Larry W7GST 73
  10. WN2C

    WN2C Ham Member QRZ Page

    I have been 2fa pretty much from the beginning but the problem I have is not being able to get a text at work to enter the second code.
    Oh well I guess I shouldn't be on the Zed at work anyway?!

Share This Page