QRZ Security Update: 2FA and Verified Users

Discussion in 'Amateur Radio News' started by AA7BQ, Jun 12, 2019 at 1:37 AM.

ad: L-HROutlet
ad: l-rl
ad: Left-3
ad: L-MFJ
ad: Left-2
ad: MessiPaoloni-1
ad: Subscribe
ad: DLSpec-1
  1. K6FW

    K6FW Platinum Subscriber Platinum Subscriber QRZ Page

    I am confused! I downloaded the recommended app AUTHY to my cell phone. I then started to enable 2FA on QRZ.com and the only choice was GOOGLE authenticator? Do I need both apps? When do I use AUTHY?
     
  2. KO5V

    KO5V XML Subscriber QRZ Page

    Fred,

    I certainly can't say I've never fat-fingered the code, but I can blame my cell carrier for how long it takes the texts to come through - sometimes it's a lot more than 30 seconds from when I request the code until it arrives. I just keep trying until it works

    Thanks for running a first-class site. 73, Jim
     
  3. AA7BQ

    AA7BQ QRZ Founder Administrator Platinum Subscriber QRZ Page

    Using email to deliver codes would break things. An email has far less security than a text message and has way too many security holes. Not only that but the fundamental paradigm of Two-Factor Authentication says that you need something that we both share (your password) PLUS something that only YOU have (your code). If we send you the code then the paradigm is broken. Sending it by text is considered secure because it will only be delivered to a single phone number, one which we vetted when you setup your account.

    Check the video of how to setup the app on your computer:

    https://forums.qrz.com/index.php?th...-factor-authentication-w-o-cell-phone.661624/
     
  4. AA7BQ

    AA7BQ QRZ Founder Administrator Platinum Subscriber QRZ Page

    Google Authenticator is a placeholder name. Just ignore the word Google and proceed with Authy :)

    73 -fred
     
  5. NL7W

    NL7W Premium Subscriber QRZ Page

    As most of us have smart phones next to our computing devices accessing QRZ.com (perhaps they're even one in the same), there's no legitimate reason not to turn on and use 2FA these days.
    It's commonsensical.
     
    KV6O likes this.
  6. KB2FMH

    KB2FMH Platinum Subscriber Platinum Subscriber QRZ Page

    Thanks. I got it working now with Chrome after loading the p12 file via Firefox.
     
    NL7W and W7GST like this.
  7. W4PG

    W4PG Super Moderator Volunteer Moderator Platinum Subscriber QRZ Page

    My bank (Bank of America) uses 10 minutes. Now I think that is a bit generous but 30 seconds is not long enough. Why not 2 minutes, say? Is there any downside to that? From a hackers standpoint, what's the difference? I really don't know.

    I have never had any issue getting SMS texts so maybe I've been lucky. I have several different locations I log in from so using my phone makes it very easy. I have a couple of credit cards that will text me with transaction information while I'm still standing at the check-out counter. I looked at the Authy app and it reminded me of the first time I read the LoTW instructions. LOL!

    ................Bob
     
    W7GST likes this.
  8. K6CLS

    K6CLS Ham Member QRZ Page

    this is not for the security of QRZ users, it is for QRZ.COM to claim no responsibility on fraudulent transactions!

    Slightly improving any person's security is a slight benefit.
     
    K9GLS likes this.
  9. WD4HXG

    WD4HXG Ham Member QRZ Page

    Kudos for increasing/improving credentialing.
     
  10. NG0G

    NG0G XML Subscriber QRZ Page

    As retired IT am I all for it. Now however I live out in the country. This is great for antenna's but not cell coverage. Having a smart phone is a waste of money here. My $13 flip phone lets my wife call me when I am in town or on the road but does not do texting. de NG0G
     

Share This Page

ad: KF7PMW-1