On busy days I can log in as much as 7-8 instances just to set up all the automation and data capture etc and it can become a bit time consuming but I'd rather do that 25 times a day for years if it saves me from just 1 hackPDC wrote: ↑Mon Jan 20, 2020 2:02 pmOnce you have done it a few times it just becomes part of the log in process you go through each day on auto and it really is no hassle.Derek27 wrote: ↑Mon Jan 20, 2020 1:39 pmThanks for the feedback. I've always been put off 2-step because I log in on 3-4 devices but having said that I am logged in all-day so it shouldn't be too much inconvenience - I'll look into it.
I use LastPass as my password manager. Can't really manage without one now.
If someone got into your account and took your money I would imangine that would cause an untold amount of hassle and annoyance and leave you wishing why on earth didn't you put 2FA on.
Betfair security
I used to use that method, same password with two or three additional characters to identify the site. It's not really secure having the same 'base' password and another issue is no base password will satisfy the criteria of all sites, so I'd often have to chuck in a hyphen or change the base password and then forget it!weemac wrote: ↑Mon Jan 20, 2020 2:04 pmMy solution is to have the same 'base' word with various Caps, symbols etc for all sites. Then I simply include a number 1 somewhere in it for my bank password, 2 for Amazon, 3 for paypal, and so on. (These are just examples!! ) That means I can carry a piece of paper in my wallet with "bank 1, amazon 2, paypal 3, etc. written down, so they're useless to anyone but me, and are easy to change if necessary.
But 2FA is still a must for financially sensitive sites.
- ShaunWhite
- Posts: 9731
- Joined: Sat Sep 03, 2016 3:42 am
All my login IDs, passwords and backup codes are in the folder with my Will. Ditto a brief operational guide so people know what apps to stop or which VPS company to keep paying if it's still making a profit. That should be better than 3 grand from 'Without-this-policy-your-kids-will-bury-you-in-a-binbag.com'
I didn't know about this so i've just gone through the process, thanks for pointing it out!PDC wrote: ↑Mon Jan 20, 2020 12:40 pmIt is really important you keep those backup codes somewhere. My Google Authentication app went out of sync for some reason. It is a known issue with the app. No matter what you do you will not be able to get it back in sync and without the back up codes you are locked out.
Thankfully I had the back up codes saved and was able to get back into my account. Turn off 2 step and then set up up all over again.
Betfair probably would have been able to get me back into my account eventually I guess but I wouldn't like to think how many hoops you would have to jump through, quite rightly before they got you back in. Perhaps they wouldn't be able to.
So again, if you haven't got those back up codes saved somewhere do it now as the app could go wrong at anytime and this applies to all sites you use 2FA!
No worries, I was very worried when it happened to me as nothing seemed wrong on the surface. I was using my password and Google 2FA app as I had hundreds of times before. But no matter how carefully I typed it all in it kept saying the password I was entering was wrong.
Eventually my account got locked due to to many failed attempts.
I started to think someone had hacked my account and changed the password as I was 100% sure I was entering the password right and the codes were showing as normal on the app.
I got Betfair to unlock the account but still it wouldn't work and again I was locked out.
It took a long time to get Betfair to unlock it as not surprisingly it was starting to look rather suspicious.
Eventually I just happened to search for 2FA code not working and discovered this bug and that I should use the back up codes which would still be valid. Then to turn off 2FA, uninstall the app and reinstall it and get a new batch of back up codes.
There was nothing to indicate on the surface of it that the 2FA was out of sync and I had only been in my account a few hours before.
Had I not had the codes backed up I don't know how I could have got in as I don't know if Betfair have an override of the 2FA, perhaps they don't?
I've wondered how it all works when you upgrade your phone but never got past wondering. I'm that sort of person that goes by "i'll cross that bridge when I come to it" I really need to break that habbit & this thread just goes to highlight to me once again why.
Also what happens if your phone is stolen is something to think about as you would now not have access to the app.
This is a good video from a very good YouTube channel that gives some background info to 2FA and how it works, worth a 5 minute watch:
https://www.youtube.com/watch?v=D6fRdCF9jyQ
Thanks again, I'll give it a watch now!PDC wrote: ↑Mon Jan 20, 2020 5:27 pmAlso what happens if your phone is stolen is something to think about as you would now not have access to the app.
This is a good video from a very good YouTube channel that gives some background info to 2FA and how it works, worth a 5 minute watch:
https://www.youtube.com/watch?v=D6fRdCF9jyQ
- Kafkaesque
- Posts: 886
- Joined: Fri Oct 06, 2017 10:20 am
I've seen a few articles, in reputable sources, over the past year or two saying that you shouldn't put blind trust in Google Authenticator. The main point of emphasis being that security on smartphones are shabby at best. I'm no data or security expert - like at all - so just passing on what I've seen written by some in the know.
Personally I've gone to a seperate phone with the Google Authenticator being its sole purpose. Overkill perhaps, but better safe than sorry.
Personally I've gone to a seperate phone with the Google Authenticator being its sole purpose. Overkill perhaps, but better safe than sorry.
I have done exactly the same for the reasons you state.Kafkaesque wrote: ↑Mon Jan 20, 2020 6:37 pmI've seen a few articles, in reputable sources, over the past year or two saying that you shouldn't put blind trust in Google Authenticator. The main point of emphasis being that security on smartphones are shabby at best. I'm no data or security expert - like at all - so just passing on what I've seen written by some in the know.
Personally I've gone to a seperate phone with the Google Authenticator being its sole purpose. Overkill perhaps, but better safe than sorry.
As shown in the video link I posted, there is no need for internet access for 2FA once set up so I also don't have the phone connected to the internet or a cell carrier.
-
- Posts: 3140
- Joined: Sun Jan 31, 2010 8:06 pm
I haven't even got round to writing a will yet, I'm gonna leave them all to fight it out I'm OK with being buried in a bin bag.ShaunWhite wrote: ↑Mon Jan 20, 2020 3:36 pmAll my login IDs, passwords and backup codes are in the folder with my Will. Ditto a brief operational guide so people know what apps to stop or which VPS company to keep paying if it's still making a profit. That should be better than 3 grand from 'Without-this-policy-your-kids-will-bury-you-in-a-binbag.com'