Nominet 2FA Two Factor Authentication...

[Systreg]

@Pedigree, with the Authy app being removed from Chrome on Dec 22nd, have you deleted it and installed the desktop version?

I haven't done mine yet, and am wondering, when changing to the desktop version, does it also move the current token from the Authy app to the desktop version, anyone know?

I'm hoping it's just a case of downloading the desktop version and it's good to go to be able to login to Nominet, without all the tokens needing to be reset.

 

[jasman]

Say a criminal pickpockets someone's phone and manages to get into it somehow. Whilst trawling through the apps he finds the 2fa app with a profile called "Godaddy". He visits godaddy.com in the browser and finds the site has remembered the password. Or if not, he goes into the owner's email app, notes down the email address and does a password reset at godaddy. Then he's in and it's goodbye domains. But if the 2fa profile wasn't called Godaddy, if it was called Facebook or something it wouldn't be so easy.

 

[DJ]

@Pedigree, with the Authy app being removed from Chrome on Dec 22nd, have you deleted it and installed the desktop version?

I haven't done mine yet, and am wondering, when changing to the desktop version, does it also move the current token from the Authy app to the desktop version, anyone know?

I'm hoping it's just a case of downloading the desktop version and it's good to go to be able to login to Nominet, without all the tokens needing to be reset.

I'm using this one: https://authenticator.cc/

 

[Ben Thomas]

1password is the best, been using it for years now with no hassle, no breaches, no nothing. One login, supports 2FA and other stuff. Great.

 

[Systreg]

I downloaded the Authy desktop version, but it didn't save my Nominet token from the previous Authy for Chrome version I had.

Nominet have reset my account today so I can login again, and they said:

Once logged in you will be prompted to set 2FA back up on your new devices should you wish to do so. Please note, you can set this up on up to 5 devices.

I only had the Authy 2FA on my laptop before, but like the idea of now being able to use Authy 2FA to login on my phone if I'm out and about, but have not got a clue how to do that, can someone advise, please?

I have Authy on my laptop, so I assume that when I next login to Nominet, it'll give me a new token to manually add to the Authy app?

What about my phone, though, guessing I'd need to download the Android Authy app, but is there an option to login to the same account on Android as the app on my desktop, where the stored Nominet token can he used on phone and laptop?

Any advice appreciated, thanks.

 

[Ben Thomas]

I have Authy on my laptop, so I assume that when I next login to Nominet, it'll give me a new token to manually add to the Authy app?

No, the code refreshes every 30 seconds in Authy. You then have 30 seconds to use the code with Nominet. This is the same with all 2FA codes except ones received via text.

What about my phone, though, guessing I'd need to download the Android Authy app, but is there an option to login to the same account on Android as the app on my desktop, where the stored Nominet token can he used on phone and laptop?

Any advice appreciated, thanks.

I, too, used Authy when I first ventured into 2FA. I found it difficult to use and if I remember correctly, you need to be careful you don’t lock yourself out of your account. You’ll need to add another device using the device already connected to Authy before you can use the phone app. Unless they’ve changed it since I last used it about 5 years ago.

 

[Systreg]

I have Authy on my laptop, so I assume that when I next login to Nominet, it'll give me a new token to manually add to the Authy app?

No, the code refreshes every 30 seconds in Authy. You then have 30 seconds to use the code with Nominet. This is the same with all 2FA codes except ones received via text.

Yes, I know the code that Authy gives to enter Nominet lasts 30 seconds, I asked does Nominet give me a token to add to the Authy app, because there's a button on the Authy app to add token.

It's 5 years since I first installed Authy and I can't remember how it set tokens at set up.

 

[Ben Thomas]

Yes, well the first time you set up 2FA you will likely be provided with a QR code that you can scan (screen recording permissions likely necessary) or you can usually request a long code which you can input into your chosen tool and it’ll turn it into a 6 digit code. You then use that code to set it up within Nominet. Each time you log in; the code will be different. But you will never have to set it up again.

 

[Systreg]

Thanks Ben, so another question, I've never used a QR code before, do I take a photo of it or is there some specific app that I'd need for that?

Didn't have to use a QR code for Authy 5 years ago, I know that much.

What a load of fecking about to login to a website, every single site I've used for 21 years is enter email and password, boom, job done, but this 2FA crap

 

[Ben Thomas]

It’s better to use 2FA, it’s surprisingly easy to bypass most password logins alone. Especially if your password isn’t all that great. Security hygiene has come a long way!


Once you’re used to adding the codes in and setting the initial code up it’s will become easier.

But I’d look at 1Password for long term as it’s much easier. Think Authy but much friendlier UX.

On 1Password there an icon that looks like a QR code that I click and it basically opens a screen recording facility built into 1Password that captures the QR code on screen. Unfortunately, with Authy, you need the mobile application installed, logged in and authorised to be able to set up and scan via QR codes.

I would try and use the long setup token, too much faffing about to add the app.

 

[rob]

On 2FA I would remove it from any Twitter accounts for now - got booted out of one of my verified ones as the 2FA sms wasn't sending from twitters end, someone had the bright idea of turning off the microservices there apparently... !

 

[Ben Thomas]

On 2FA I would remove it from any Twitter accounts for now - got booted out of one of my verified ones as the 2FA sms wasn't sending from twitters end, someone had the bright idea of turning off the microservices there apparently... !

Slightly off-topic, but I noticed Google Recaptca was down the other day and that had a similar effect. Literally couldn’t get into any services that required captcha verification from Google, it was crazy.

 

[Systreg]

Thanks for the input, Ben, not sure I can be arsed downloading another authenticator, also looks like to much messing about for me to try and add my phone to Authy, so I'll just stick with using Authy on my laptop.

 

[Ben Thomas]

No worries mate. Yeah, it's a bit of a ball ache really. The text codes are worse. I can't tell you how many accounts I've been locked out of because I changed my number and forgot I needed the old one, lol.