Stray Signals

QRZ Security Update: 2FA and Verified Users

In this thread, I’m going to talk about QRZ’s implementation of Two Factor Authentication (2FA), who needs it, and how it’s used. We’ll also have a few words about our Verified User program as well.

Authy_QRZ.jpg

Two-Factor Authentication (2FA)

A lot has changed since QRZ went online in 1993. Back then, people still used floppy discs and few had CDROM capability on their machines. Smartphones were a distant and hopeful dream. Few people used virus protection software and Google hadn’t been invented yet. A lot has changed since those times.

Today, it’s been said that a new unprotected computer will become infected on the internet within 15 minutes of coming out of the box. We don’t know that for a fact, but it does seem plausible, especially if you simply click on anything that is presented to you. It happens every day. We’re all familiar with viruses now, and we’ve all heard the stories about banks, hospitals, and other large organizations falling victim to hackers.

Two Factor Authentication or 2FA is a means by which your login password is protected by a constantly changing one-time code. The codes are six digits long, like 012345. When 2FA is in use, you must have your regular password to log in, PLUS the current secret numeric code for your account. That’s why it’s called “two factor”. Since only you have the one-time secret code, a crook cannot log in to your account, even if they have your password.

The secret code is obtained using one of two methods. The best and recommended method is to install a program (called an Authenticator) on your computer or smartphone that will give you the correct code when you need it. There are a number of compatible programs to choose from. Some require a cell phone to set up while others do not. Many users report that the cell phone solution is best, especially when you seek to login from different locations. Windows users: search the web for “Windows 10 Authenticator”. For cell phones, we really like the app known as Authy. There are several other apps/programs available.

The second method for obtaining codes is via Text Messaging, also known as SMS. With text messaging, the code is sent directly to your phone as you log in. While the Text Messaging method generally works well, it is the second choice because the timing of their delivery isn’t guaranteed. We’ve seen text messages to some phones take a couple of minutes to arrive. This won’t work with 2FA because the secret code expires within 30 seconds of having been issued. So, if your phone service is well served by 4G or LTE service, then it may work satisfactorily for you. Again, there are no guarantees so we will continue to recommend the APP approach.

Now here’s something to think about: While QRZ does not require to use 2FA (except for Verified users), you definitely should be using it. Some might even consider it your civic duty to do so. What? Civic Duty? How’s that, you ask? Well, it’s quite simple, actually. If your account gets compromised by a scammer, you may never know it and some other ham, somewhere in the world, will be scammed by a crook who pretends to be you. Your reputation will be trashed and some poor ham will have lost their money. So

Read the full article at https://forums.qrz.com/index.php?threads/qrz-security-update-2fa-and-verified-users.661895/. STRAY SIGNALS does not claim ownership of the article. The original author is responsible for the content of this post

Comments are closed.

tạp chí gia đình tạp chí mẹ và bé tư vấn xây nhà