Nominet 2FA Two Factor Authentication...

Admin · Jul 11, 2016

I'm afraid it's another gripe... everytime (daily) that I go to login to Nominet I am asked to setup two factor authentication 2FA or I can click 'Ask me later'. There is NO OPTION for 'No and dont ask again'. I dont want 2FA and it seems I am going to have to click ask me later.... forever. Anything I'm missing?

Adam H · Jul 11, 2016

Oh nice, didnt realise they had 2FA ( as it didnt ask me when login ). Activated now though

**note im talking about https://secure.nominet.org.uk/ , not sure if members/registrars have a different login and 2FA is more persistent there ?

Admin · Jul 11, 2016

As a registrar, if you set up for 2FA do you need to have your mobile at hand for the code everytime you login to the site or have they implemented it as a backup?

Adam H · Jul 11, 2016

admin said:
As a registrar, if you set up for 2FA do you need to have your mobile at hand for the code everytime you login to the site or have they implemented it as a backup?

Normally once 2FA is enabled you use your normal login details and then you are prompted to enter the code, so yes you would either need your mobile or other device with you at all times or carry around backup codes to use.

Backup codes and the ability to add more devices is a feature, I personally have 2 mobiles with all 2FA codes on, an IPAD and then backup codes on a flash drive just incase. So its extremely rare id be somewhere where i wouldnt have codes, even when my phone broke last week, i had my ipad and secondary phone to fall back on. I have 2FA enabled pretty much everywhere including server root logins.

Adam H · Jul 11, 2016

Before today I used a standard login which ive had for years, but like mentioned above im not a registrar/member so maybe thats a different login. Ive never been nagged for anything else other than my normal logins though.

I use Google authenticator for 2FA so will be using that now I know Nominet have 2FA

Admin · Jul 11, 2016

invincible said:
I presume you have the pass phrase enabled instead? It seems likely that only those with neither the pass phrase nor 2FA enabled are being nagged about 2FA after logging in with their username and password.

The solution seems likely to be to setup a pass phrase instead, but I've not tested.

"I already have a Passphrase - do I need 2FA as well?
The existing Passphrase system already provides an additional layer of security when logging into Online Services. 2FA is a more secure system because it requires the use of an additional device The Passphrase system will still exist if you would like to keep using it but if you opt to set up 2FA, the 2FA system and login will replace your existing Passphrase log in."

For those wanting to use 2FA, which uses Google Authenticator, perform a Google search for "Google Authenticator without mobile phone". It's possible to use GAuth with chrome and a desktop browser to generate the one time code.

If only. Sadly not, I just set a passphrase in addition to my password. I tried logging in and i had to provide both and then I still got the nag to setup 2FA..... jeez.

Adam H · Jul 11, 2016

invincible said:
Okay @Adam H. More info about 2FA available from this link: http://registrars.nominet.uk/namesp...ent-guidance/change-settings/account-security

I'm aware of what 2FA is and how to use it but thanks. I was merely saying that I had neither passphrase or 2FA enabled and still didnt get nagged hence not knowing it was available to use with Nominet.

Adam H · Jul 11, 2016

invincible said:
From looking through the guide it seems to be registrars only in phase one and everybody else in a subsequent phase.

That would explain it

ian · Jul 11, 2016

Wasn't it stated in an email communication last week that 2FA would now be prompted each time until accepted; and that Nominet expect all members to be using by the end of ? (it was a month this year I seem to recall).

I used the Pass Phrase previously, but got sick of it asking so signed up. Would have preferred them to use the 'text me' method like pretty much all others do (even Google), but an App it is!

Adam H · Jul 11, 2016

ian-d said:
I used the Pass Phrase previously, but got sick of it asking so signed up. Would have preferred them to use the 'text me' method like pretty much all others do (even Google), but an App it is!

I used to say the same thing ( preferred the SMS code over adding another app to my device) but since installing Google Auth on multiple devices its really grown on me, Pretty sure the only place that I get SMS from now is Google and Namecheap. SMS used to bug me when I would out of signal, at least with Google Auth you have an additional fall back.

Admin · Jul 11, 2016

Exactly and if it was truely optional I should be able to stop it asking me. I login daily and don't have my phone with me for reasons I cannot change. You shouldn't have to have a mobile phone with you to use an online service.

Admin · Jul 11, 2016

I've contacted Nominet support and will share the resolution if there is one.

grantw · Jul 11, 2016

"
We are making some changes to the access of online systems in order to improve security.
Two factor authentication (2FA)* of users’ accounts was a feature added to online services in October 2014. It is currently optional for users to add the feature to their account. The feature has been successfully adopted by many users and feedback has been encouraging.

As cyber threats on the internet continue to rise and weak passwords remain the main vulnerability that hackers use**, we plan to phase in the adoption of 2FA for online services for all registrar accounts over the next six months. Registrant accounts will not be affected.

On 22 June registrars without the 2FA feature enabled will be given a choice at login whether to implement the feature at that time or to defer to a later date. Nominet aims to have all registrars using the feature before the end of 2016. A comprehensive user guide is available.

* Two factor authentication is a two-step verification process and provides an extra layer of security to users accessing online systems. It improves account security as an intruder would have to gain access to the device where it is installed, as well as knowing the password/passphrase. This reduces the risk of DNS hijacking or confidential information being compromised."

grantw · Jul 11, 2016

The above is from the Planned system maintenance email, 15/6

ian · Jul 11, 2016

That is where I saw it. Basically 2FA replaced the Pass option.

Murray · Jul 11, 2016

I just watched a video about Youtube accounts getting hacked because of using authentication through their phones

danielcoates · Jul 12, 2016

I don't like the Google Authenticator 2FA, I used it on Digital Ocean then lost my phone, it was a complete pain to remove it, I prefer the current pass phrase system, or an SMS system.

Admin · Jul 12, 2016

Sad to report the reply from Nominet... 2FA will be mandatory, the nag won't stop and cannot be stopped, WALOB!

dazc · Jul 12, 2016

admin said:
Sad to report the reply from Nominet... 2FA will be mandatory, the nag won't stop and cannot be stopped, WALOB!

If having a phone to hand is going to be a problem there is a 2fa app called authy that has a desktop option too.
https://www.authy.com/app/desktop/

Admin · Jul 12, 2016

dazc said:
If having a phone to hand is going to be a problem there is a 2fa app called authy that has a desktop option too.
https://www.authy.com/app/desktop/

Not supported! Only Google Authenticator is.

Nominet 2FA Two Factor Authentication...

Admin

Administrator

Adam H

Admin

Administrator

Adam H

Adam H

Admin

Administrator

Adam H

Adam H

ian

Adam H

Admin

Administrator

Admin

Administrator

grantw

grantw

ian

Murray

danielcoates

Admin

Administrator

dazc

Admin

Administrator

Similar threads

The Rule #1

Members online

Featured Services

Sedo - it.com Premiums

Premium Members

Latest Comments

Spread the Word!

New Threads

Domain Forum Friends

Our Mods' Businesses