Google Authenticator

[gregory]

I was just checking something in my profile, and had to re-enter my password. Fair enough. And then I hit this:

 

I'm all for security, but I hope there is another way to do this. My only smart phone is extremely basic and almost certainly doesn't have the space for the authenticator app - never mind that I don't install anything google related if I can avoid it. The two apps I have on there are painfully slow, and not reliable. More to the point - that phone has no signal in my home. So- is there another way to verify myself if the forum suddenly sees a need ? Even if I were to buy a fancy new smart phone (which I don't want to and shouldn't have to just to use a forum) I still couldn't use the authenticator. Even my bank uses my email or my landline.

[DanielJUK]

I think with this one we are limited by what Invision offers for 2factor security. Will try to look into it more

[gregory]

Great. So the day it happens I looks like I shall be locked out. (I have to say this does not happen on my other invision forum.)

[DanielJUK]

It's been there like 5 years and always optional 🙂

 

Edited to add - if you ever got locked out, we would get you in somehow or by some means 😁.

[gregory]

It has never shown up before when I went into my profile. Oh well.

[PathWalker]

Oh my - I don't even HAVE a smart 'phone

[DanielJUK]

Reading through the security and privacy page, the wording is not very clear (we can't change that)

Adding Google Authenticator is only if you want to use 2 Factor Authentication (2FA) for your account. It's an additional security layer that most sites now provide.

If you don't have it on, we can still send a password reset or sort it out if you get locked out.

The wording is sort of true, it does verify your identity as an additional measure but you really need a smartphone to generate codes for it. It's not compulsory, each account has an email we can send a reset to.

It's also confusing language, because the forum doesn't need to verify your identity if there is a problem logging in. It's just an additional feature, use if you want, or don't if you don't 🙂 

[gregory]

7 hours ago, PathWalker said:

Oh my - I don't even HAVE a smart 'phone

 

So I am not alone !

 

7 hours ago, DanielJUK said:

Reading through the security and privacy page, the wording is not very clear (we can't change that)

Adding Google Authenticator is only if you want to use 2 Factor Authentication (2FA) for your account. It's an additional security layer that most sites now provide.

If you don't have it on, we can still send a password reset or sort it out if you get locked out.

The wording is sort of true, it does verify your identity as an additional measure but you really need a smartphone to generate codes for it. It's not compulsory, each account has an email we can send a reset to.

It's also confusing language, because the forum doesn't need to verify your identity if there is a problem logging in. It's just an additional feature, use if you want, or don't if you don't 🙂 

 

 But this is the only place that has suggested that to do so requires a nasty google add on and a smart phone. That is something I will never install. My bank uses a card reader or my email so do most places; any that don't send a code to my brick phone - even the NHS, whose 2FA is a NIGHTMARE. But that just shows that it doesn't take a smartphone to generate a code. The CODES can be set at the "demander's" end.

 

ETA and crumbs - it snoops big time:

 

https://uk.pcmag.com/security/154426/google-authenticator

Edited July 11 by gregory

[Little Fang]

We had to install a new type of security. I think I just fixed it so it shouldn't do that; it shouldn't have done that in the first place, AFAIK.  I may be wrong there.

Now the "human" check should be invisible and non-interactive. Try again?

 

[gregory]

It still says that:

 

If Daniel's right, it only applies to those who want 2FA. If he isn't - then ifthe site decides to check, those of us wih no smartphones (or who refuse to install the authenticator) will have to contact a mod to get in, I guess. But I note that the other invision site I am on DOES now do that as well. I believe the appropriate word is "rats". I shall go and ask what the tech whiz who runs it has to say....!

 

But MAYBE if one doesn't install the google thing, it will try and use something else ? I can hope.

Edited July 11 by gregory

[gregory]

Just for admin FYI stuff: from a tech whiz running another forum:

 

A few things that might help:

 

1. Even though it says "Google Authenticator," it'll work with most authenticator apps, not just that specific one.

2. Authenticator apps don't need internet access, just an accurate internal clock, so if you have an offline-only device that's fine as long as you can get an app installed.

3. I'm less familiar with desktop apps, but they do exist. One example I know of is that the Bitwarden password manager (available as a browser extension but needs an account) can store authenticators.

 

However, none of this is required unless the forum sets it to be required (which is done on a per-group basis). Here, for example, only moderators need 2FA.

[DanielJUK]

I was dealing with another member's problems and noticed you can now add security questions in this area. So you don't need a phone / app at all.

Remember, this is an optional 2FA security measure. With the questions and answers, you provide answers to the questions, please ensure you remember / make a note of what you entered as we can't see them.

It's just an additional check when you are logging in to make sure it is you.