ad: UR5CDX-1

QRZ Security Update: 2FA and Verified Users

Discussion in 'Amateur Radio News' started by AA7BQ, Jun 12, 2019.

ad: L-HROutlet
ad: l-rl
ad: Left-3
ad: Left-2
ad: abrind-2
ad: Radclub22-2
ad: L-MFJ
  1. KB2FMH

    KB2FMH Platinum Subscriber Platinum Subscriber QRZ Page

    Thanks. I got it working now with Chrome after loading the p12 file via Firefox.
     
    NL7W and N4GST like this.
  2. W4PG

    W4PG QRZ Lifetime Member #279 Platinum Subscriber Life Member QRZ Page

    My bank (Bank of America) uses 10 minutes. Now I think that is a bit generous but 30 seconds is not long enough. Why not 2 minutes, say? Is there any downside to that? From a hackers standpoint, what's the difference? I really don't know.

    I have never had any issue getting SMS texts so maybe I've been lucky. I have several different locations I log in from so using my phone makes it very easy. I have a couple of credit cards that will text me with transaction information while I'm still standing at the check-out counter. I looked at the Authy app and it reminded me of the first time I read the LoTW instructions. LOL!

    ................Bob
     
    N4GST likes this.
  3. K6CLS

    K6CLS Ham Member QRZ Page

    this is not for the security of QRZ users, it is for QRZ.COM to claim no responsibility on fraudulent transactions!

    Slightly improving any person's security is a slight benefit.
     
    K9GLS likes this.
  4. WD4HXG

    WD4HXG Ham Member QRZ Page

    Kudos for increasing/improving credentialing.
     
  5. NG0G

    NG0G XML Subscriber QRZ Page

    As retired IT am I all for it. Now however I live out in the country. This is great for antenna's but not cell coverage. Having a smart phone is a waste of money here. My $13 flip phone lets my wife call me when I am in town or on the road but does not do texting. de NG0G
     
  6. K9GLS

    K9GLS Guest

    CYA at this point. What happens when "Authy" gets hacked again? Best solution IMO is to stop the swapmeet all together.
     
    NY7Q likes this.
  7. W8JPJ

    W8JPJ Platinum Subscriber Platinum Subscriber QRZ Page

    Just like additional security at airports, while somewhat an inconvenience, very acceptable considering the times. Thank you QRZ! I am indeed a 2FA user. Question though, if I am already a verified user, why am I having trouble going thru the verification process using the LOTW callsign certificate method? I have tried a few times now to no avail.
     
  8. NY7Q

    NY7Q Ham Member QRZ Page

    I never use swapnets any longer. I don't use a smart phone. one of my cc was hacked two weeks ago at Walmart and my bank took care of it in 10 minutes and I have my new card. I love using cc but find it is easier to get cash at the bank and go shopping with the green in hand. I once shopped for used equipment, but find it safer to just go to HRO in person with cash and buy new. I worked for 65 years for this privilege.
     
    VK6APZ/SK2022 and G3SEA like this.
  9. W4PG

    W4PG QRZ Lifetime Member #279 Platinum Subscriber Life Member QRZ Page

    Having 2FA running is NOT the same as "verified." When you are verified, you will see the green banner over your call here on the forums. You HAVE to have 2FA running in order to become verified, but you don't need to become verified for just 2FA. If you never plan on buying/selling in the swap meet, you don't really need to become verified.
     
  10. KB1DJA

    KB1DJA Ham Member QRZ Page

    Thank you all for your diligence. You cannot be too careful these days. Sad but true.
     
  11. W8JPJ

    W8JPJ Platinum Subscriber Platinum Subscriber QRZ Page

    Thanks, I guess I read the article wrong.
     
  12. K8ERV

    K8ERV QRZ Member QRZ Page

    I only use my cell phone to tell my wife to get out of WalMart and quit spending my radio money.
    So far this has not worked very well.

    TOM K8ERV Montrose Colo
     
    WJ4U and G3SEA like this.
  13. K9GLS

    K9GLS Guest

    The way
    Thank you for that verification of the verification. I thought 2FA was separate from "verified" and that was good enough for me since I don't use LOTW and if I did I certainly wouldn't pass that certificate around like many seem to have. And I sure as hell wouldn't give my drivers license up to a site that has security issues (which is every site not just QRZ). Yes I understand the statement in the post " a government-issued photo ID. A QRZ HQ Staff member will review your submittal and approve your Verified status. Then, we discard the ID information for safety. " How do you discard that information? Recycle bin? You do realize that information is never "discarded" but I digress. Also might want to note the intital post says you won't be able to sell in the swapmeet if you aren't verified. It doesn't mention you won't be able to buy/sell in the swapmeet. Anyway... I'm very happy with 2FA even though it's been proven 2FA can be easily hacked as of 2014. A false sense of security is worse than no sense of security at all. Carry on.
     
  14. KE0EYJ

    KE0EYJ Ham Member QRZ Page

    I found 2FA very easy, and am thankful it has been implemented.
     
    NL7W likes this.
  15. AC2NZ

    AC2NZ Ham Member QRZ Page

    With no cell phone and an ancient dial-up connection, it looks as though I will no longer be able to offer anything for sale on this site. Too bad, but nobody cares - they only care about the illusion of security. Even though none of it will keep the crooks from scamming.
     
    NY7Q, G3SEA and K9GLS like this.

Share This Page

ad: elecraft