| EEVblog > News/Suggestions/Help |
| WARNING: Compromised Accounts |
| << < (4/5) > >> |
| EEVblog:
--- Quote from: CatalinaWOW on February 21, 2024, 06:18:40 am ---Do you send notifications to those who have been compromised? --- End quote --- FYI gnif has written a custom script that tries to detect compromised accounts and automatically locks them with a notice to the user to email me direct to get their account back. I get a few emails a month from existing users that have had thier computer hacked or password compromised in some other way and it's been auto-detected. For those unsure how this happens, rest assured the passwords are NOT being stolen from this forum, but they have had their data stolen from some other site or hack on their own computer, and people often reuse passwords on different sites. They can often find out using: https://haveibeenpwned.com/ |
| Halcyon:
I banned two manually today as well. Seems like another wave coming through. |
| voltsandjolts:
For anyone who isn't sure how this 2FA works, here is my understanding: When you sign-up for 2FA, a random seed code is generated by this forum and shared to your chosen authenticator app, via a QR code scan or manual entry. Thereafter, when you want to login, the authenticator app will generate a one-time-code based on that seed and the current time, using the math described in RFC 6238. The forum verifies the one-time-code using your seed and the current time. You can use any authenticator app that supports RFC 6238. I already used the microsoft authenticator app for work stuff and found it works fine with 2FA on this forum. There are other options, such as Google Authenticator or Authy. When you setup 2FA, you're given a 'backup code' that you can use to gain access if, say, you lose your phone. If that fails, contact the sys admins through email. I was unsure at first, but now recommend it, it's super easy! |
| EEVblog:
--- Quote from: voltsandjolts on December 17, 2024, 10:06:47 am ---For anyone who isn't sure how this 2FA works, here is my understanding: When you sign-up for 2FA, a random seed code is generated by this forum and shared to your chosen authenticator app, via a QR code scan or manual entry. Thereafter, when you want to login, the authenticator app will generate a one-time-code based on that seed and the current time, using the math described in RFC 6238. The forum verifies the one-time-code using your seed and the current time. --- End quote --- It should be noted that the forum can remember your login for 30 days before you have to use the authenticator app again. I use Google Authenticator for the forum. |
| MLXXXp:
--- Quote from: voltsandjolts on December 17, 2024, 10:06:47 am ---There are other options, such as Google Authenticator or Authy. --- End quote --- When on a PC, I use KeePassXC. I still wish that FIDO hardware security keys were supported. :( |
| Navigation |
| Message Index |
| Next page |
| Previous page |