I'm going to STAY LOGGED IN for now' @MrPushwood I also am not savy enough to figure out everything to do with this as it popped up on my Desktop Computer . I'm still confused about which App to download . I tried one but had to UNISTALL it as it wanted money and had lots of cookies & other requests'
This may be a good enough place to dump my recent experience with 2FA. I enabled it for the site a few months ago, but didn't have the chance to use it until a few weeks back. Turns out that the codes it gives me aren't right, so it locked me out of my account and I had to log in with email confirmation. I'm not anti 2FA, and I'm also not ignorant about how to use it (I have many other accounts with 2FA and they work fine), but for some reason I set it up wrong for this site, I guess? I don't remember whether setting it up is done with a QR code, but if so, I assume it shouldn't be possible that it ends up broken.
So yeah. Something went wrong and now my 2FA is always wrong, and in order to disable 2FA I'm asked for my 2FA token (LOL), so basically I'm stuck forever. I don't really care, since I can just log in via email, but this is a thing that happened. Hopefully I'm not scaring anyone though; I'm sure this is a very rare thing and maybe it was my fault in some way, but I have no idea how.
So yeah. Something went wrong and now my 2FA is always wrong, and in order to disable 2FA I'm asked for my 2FA token (LOL), so basically I'm stuck forever. I don't really care, since I can just log in via email, but this is a thing that happened. Hopefully I'm not scaring anyone though; I'm sure this is a very rare thing and maybe it was my fault in some way, but I have no idea how.
@JuicyChickenNO1 I think you can do a password reset to turn off 2fa. So you are not stuck forever.
Just implement hardware security keys and nobody has to use a stupid app.
@TBest said in #13:
> @JuicyChickenNO1 I think you can do a password reset to turn off 2fa. So you are not stuck forever.
And thats why you need 2fa on your email as well else they password reset all your accounts and then get access
> @JuicyChickenNO1 I think you can do a password reset to turn off 2fa. So you are not stuck forever.
And thats why you need 2fa on your email as well else they password reset all your accounts and then get access
I'm still logged in & not shutting my computer down just SLEEP when I want to sleep' ... I just' stay logged on & on & on
@ThunderClap said in #16:
> I'm still logged in & not shutting my computer down just SLEEP when I want to sleep' ... I just' stay logged on & on & on
well people can still login if you in if they get your password and staying signed in means people could steal your session token and take control of your account no password needed.
The reason for this 2fa thing is the same for team leaders who is also asked to use it because if you have read the form so many teams gets "hacked" and lichess wants them to use 2fa to try and curve the hacked team problem
now for an 2fa app that does not have many cookies or other stuff
this might be better for you github.com/Authenticator-Extension/Authenticator
> I'm still logged in & not shutting my computer down just SLEEP when I want to sleep' ... I just' stay logged on & on & on
well people can still login if you in if they get your password and staying signed in means people could steal your session token and take control of your account no password needed.
The reason for this 2fa thing is the same for team leaders who is also asked to use it because if you have read the form so many teams gets "hacked" and lichess wants them to use 2fa to try and curve the hacked team problem
now for an 2fa app that does not have many cookies or other stuff
this might be better for you github.com/Authenticator-Extension/Authenticator
@ThunderClap said in #11:
> I'm still confused about which App to download .
I use Authy (Desktop) support.authy.com/hc/en-us/articles/115001943608-Welcome-to-Authy-
> I'm still confused about which App to download .
I use Authy (Desktop) support.authy.com/hc/en-us/articles/115001943608-Welcome-to-Authy-
@ThunderClap said in #11:
> I'm still confused about which App to download . I tried one but had to UNISTALL it as it wanted money and had lots of cookies & other requests'
We've listed few authenticators here: github.com/offa/android-foss#-password--authentication
- www.f-droid.org/packages/com.beemdevelopment.aegis/
- www.f-droid.org/packages/com.kunzisoft.keepass.libre/
I'd suggest everyone to use these as they're FOSS, no premium. They don't have "network access" permission at all so don't worry about ads/trackers. Also recommended to use a password manager for safety over your accounts.
> I'm still confused about which App to download . I tried one but had to UNISTALL it as it wanted money and had lots of cookies & other requests'
We've listed few authenticators here: github.com/offa/android-foss#-password--authentication
- www.f-droid.org/packages/com.beemdevelopment.aegis/
- www.f-droid.org/packages/com.kunzisoft.keepass.libre/
I'd suggest everyone to use these as they're FOSS, no premium. They don't have "network access" permission at all so don't worry about ads/trackers. Also recommended to use a password manager for safety over your accounts.
@Toadofsky said in #18:
> I use Authy (Desktop) support.authy.com/hc/en-us/articles/115001943608-Welcome-to-Authy-
Personally I prefer to use FOSS wherever possible, for desktop I use KeePassXC, the database (.kdbx) are synchronized using Syncthing :)
> I use Authy (Desktop) support.authy.com/hc/en-us/articles/115001943608-Welcome-to-Authy-
Personally I prefer to use FOSS wherever possible, for desktop I use KeePassXC, the database (.kdbx) are synchronized using Syncthing :)
This topic has been archived and can no longer be replied to.