QRZ Security Update: 2FA and Verified Users

Discussion in 'Amateur Radio News' started by AA7BQ, Jun 12, 2019.

Page 5 of 20

ad: L-HROutlet

ad: l-rl

ad: L-MFJ

ad: Left-2

ad: Left-3

ad: Subscribe

ad: abrind-2

K6FW Platinum Subscriber Platinum Subscriber QRZ Page

I am confused! I downloaded the recommended app AUTHY to my cell phone. I then started to enable 2FA on QRZ.com and the only choice was GOOGLE authenticator? Do I need both apps? When do I use AUTHY?

K6FW, Jun 12, 2019

#41
KO5V XML Subscriber QRZ Page

AA7BQ said: ↑

We don't send SMS Text Messages overseas because of the cost. We currently send out about 15,000 texts per month at a cost of about one half a cent each. Texts sent to Germany, on the other hand, cost 9.5 cents each which for us is prohibitive.

There is some play in the 30-second timeout. By my observation, more failures are due to mistakes transposing the number (fat fingering) than to the timeout. The 30-second value was chosen by industry recommendation.
Click to expand...

Fred,

I certainly can't say I've never fat-fingered the code, but I can blame my cell carrier for how long it takes the texts to come through - sometimes it's a lot more than 30 seconds from when I request the code until it arrives. I just keep trying until it works

Thanks for running a first-class site. 73, Jim

KO5V, Jun 12, 2019

#42
AA7BQ QRZ Founder Administrator QRZ Page

N4LCH said: ↑

Fred,
It seems you have to have a cell phone to use this feature reliably. Unfortunately, I don't have a smartphone and I do very little business via a cell phone. I've used the phone (landline) verification method and it is indeed unreliable. As you say the verification code can arrive too late. I've also used a keychain verifier that worked very well but I realize that is out of the question here. Is there another app that can run on my computer to do the second step or can the 2nd step be done via email?

You run a great service and it keeps getting better. Keep it up we're with you.
Click to expand...

Using email to deliver codes would break things. An email has far less security than a text message and has way too many security holes. Not only that but the fundamental paradigm of Two-Factor Authentication says that you need something that we both share (your password) PLUS something that only YOU have (your code). If we send you the code then the paradigm is broken. Sending it by text is considered secure because it will only be delivered to a single phone number, one which we vetted when you setup your account.

Check the video of how to setup the app on your computer:

https://forums.qrz.com/index.php?th...-factor-authentication-w-o-cell-phone.661624/

AA7BQ, Jun 12, 2019

#43
AA7BQ QRZ Founder Administrator QRZ Page

K6FW said: ↑

I am confused! I downloaded the recommended app AUTHY to my cell phone. I then started to enable 2FA on QRZ.com and the only choice was GOOGLE authenticator? Do I need both apps? When do I use AUTHY?
Click to expand...

Google Authenticator is a placeholder name. Just ignore the word Google and proceed with Authy

73 -fred

AA7BQ, Jun 12, 2019

#44
NL7W Premium Subscriber QRZ Page

As most of us have smart phones next to our computing devices accessing QRZ.com (perhaps they're even one in the same), there's no legitimate reason not to turn on and use 2FA these days.
It's commonsensical.

NL7W, Jun 12, 2019

#45

KV6O likes this.
KB2FMH Platinum Subscriber Platinum Subscriber QRZ Page

W7GST said: ↑

Greetings James. I use Windows 10 and IE on my computer and I got it done with no problem. And believe me, I'm NO computer wise by far, hi hi. By the way, Great bio page you have there.
Good luck, Larry W7GST 73
Click to expand...

Thanks. I got it working now with Chrome after loading the p12 file via Firefox.

KB2FMH, Jun 13, 2019

#46

NL7W and W7GST like this.
W4PG Super Moderator Lifetime Member 279 Volunteer Moderator Platinum Subscriber Life Member QRZ Page

AA7BQ said: ↑

We don't send SMS Text Messages overseas because of the cost. We currently send out about 15,000 texts per month at a cost of about one half a cent each. Texts sent to Germany, on the other hand, cost 9.5 cents each which for us is prohibitive.

There is some play in the 30-second timeout. By my observation, more failures are due to mistakes transposing the number (fat fingering) than to the timeout. The 30-second value was chosen by industry recommendation.
Click to expand...

My bank (Bank of America) uses 10 minutes. Now I think that is a bit generous but 30 seconds is not long enough. Why not 2 minutes, say? Is there any downside to that? From a hackers standpoint, what's the difference? I really don't know.

I have never had any issue getting SMS texts so maybe I've been lucky. I have several different locations I log in from so using my phone makes it very easy. I have a couple of credit cards that will text me with transaction information while I'm still standing at the check-out counter. I looked at the Authy app and it reminded me of the first time I read the LoTW instructions. LOL!

................Bob

W4PG, Jun 13, 2019

#47

W7GST likes this.
K6CLS Ham Member QRZ Page

W4RAV said: ↑

These extra processes for the legit user seems proper, but all it really offers is the illusion of security.
Click to expand...

this is not for the security of QRZ users, it is for QRZ.COM to claim no responsibility on fraudulent transactions!

Slightly improving any person's security is a slight benefit.

K6CLS, Jun 13, 2019

#48

K9GLS likes this.
WD4HXG Ham Member QRZ Page

Kudos for increasing/improving credentialing.

WD4HXG, Jun 13, 2019

#49
NG0G XML Subscriber QRZ Page

As retired IT am I all for it. Now however I live out in the country. This is great for antenna's but not cell coverage. Having a smart phone is a waste of money here. My $13 flip phone lets my wife call me when I am in town or on the road but does not do texting. de NG0G

NG0G, Jun 13, 2019

#50

(You must log in or sign up to reply here.)

Page 5 of 20

Share This Page