HOW TO: Two-step verification (2FA) Setup & Help (1 Viewer)

Status
Not open for further replies.

Tommy

Royal Flush
Admin
Moderator
Supporter
Joined
Mar 23, 2013
Messages
17,920
Reaction score
39,655
Location
Delaware
CCA#
R-8577
UPDATE 8/10/23: You can now have the 2FA remember your device for 90 days instead of 30 days. Cutting the number of times that you have to re-verify your devices to just 4 times per year.

UPDATE 3/22/22: You can now have the 2FA remember your device for 60 days instead of 30 days. Cutting the number of times that you have to re-verify your devices in half per year.


2fa.jpg


Due to the ongoing fraud occurring in the Classifieds from the unauthorized use of member accounts, two-step verification (also called two-factor authentication or 2FA for short) is now required on all accounts.

The number of failed logins in a 15 min period is unusually high, and the IPs associated with those failed logins are the same IPs used to post fake ads in the classifieds. This is a brute force attack on accounts using weak passwords and not having 2FA enabled. Accounts get locked out after four failed login attempts in a set time period to combat this kind of attack. This is built into the forum software and has no adjustments, unfortunately.

I recommend changing your password AFTER enabling 2FA.

Once you set up 2FA, you will be shown one-time use backup codes. Be sure to save them. Depending on which method you choose, these codes can be used if you lose access to the authenticator app on your phone or your registered email address.

When you log in with 2FA for the first time, you will be given the option to check a box to remember your device for 30 days. This is so you don't have to re-verify every time you log in only on that device. If you use multiple devices (phone, tablet, computer), you have to verify those devices when you log on with them. If you clear your browser's cookies on a device, you will have to re-verify that device the next time you log in. Otherwise, it's 30 days.




Recommended 2FA Apps (available for both Android and iPhone)

apps_rec.png


Microsoft Authenticator
Android:
https://play.google.com/store/apps/details?id=com.azure.authenticator
iPhone: https://apps.apple.com/us/app/microsoft-authenticator/id983156458

Google Authenticator
Android:
https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2
iPhone: https://apps.apple.com/us/app/google-authenticator/id388497605




STEP 1
Login like you usually do. You will see this message. Click the link to set up 2FA. You should have already downloaded one of the 2FA apps mentioned above.


2021-12-24_15-03-18.jpg


STEP 2
You will be prompted to re-enter your password.


step2.jpg


STEP 3
Choose which 2FA method you want to enable; Verification code via app or Email confirmation. I highly recommend using the app method as email can be unreliable at times.


step3.jpg


STEP 4
Using the 2FA app of your choice, choose the "add account" option. You will then be given the opportunity to scan the QR code displayed on the PCF page using your phone's camera or type in the secret code under the QR code. If you are using PCF on your phone and setting up 2FA, you won't be able to scan the QR code, so entering the secret code is the alternative.


step4.jpg


***STEP 5***
After setting up 2FA, you'll be shown some one-time use backup codes. Remember to save these codes so you don't get locked out of your account if you lose access to the authenticator app on your phone or the email address on your PCF account. Copy and paste them into a text document is the easiest way to save them. Save the text document in a safe place. (i.e., One Drive, Google Drive, etc.)

If you are using an authentication app on your phone, and get a new phone, be sure to use the backup or transfer accounts feature in the 2FA app before wiping your old phone.
If you need to use a one-time use backup code to get back into your account, that means you need to setup 2FA again with your new phone or with an updated email address on your account.


step5.jpg


After completing the 2FA setup, you are still logged in and can use the site like you usually do. Once you log out or your session cookie expires, this will be the first time you be using a 2FA code to log in.

STEP 6
Log in like you usually do and now you will see the screen below. Go to the 2FA app on your phone, find your PCF account in the list, and see the code you need to enter. The code on your phone typically changes every 30 seconds, so it's better to wait until you get a new code to give you more time to enter it.

After you enter the code, you can choose to remember the device you have been using for 30 days. If you keep the box checked, you won't have to enter another 2FA code for 30 days on that device. If you use multiple devices (ex: laptop, tablet, desktop), you'll be prompted to enter a 2FA code again to very those devices too. Just repeat STEP 6 for each device you use to connect to PCF.

Click the Confirm button before the 2FA code expires.


step6.jpg





2FA BACKUP CODES

If you have 2FA already enabled and didn't save your one-time use backup codes, you can view them again and/or generate new ones by going here.

2fa_change.jpg


2021-12-24_08-11-15.png





Even with 2FA required, it does not guarantee that there will never be another scam. Please protect yourself by using a payment method like PayPal Goods and Services.

Use your discretion when using payment methods that don't offer buyer protection like PayPal Friends and Family, Zelle, Venmo, Google Pay or GPay, CashApp, Crypto, among others. Unless you can be 100% sure that you are dealing with the person you know by some other way like a text message or phone call, you are putting yourself at risk.

Another thing that the scammer did was offer the same chips to other interested members that posted in the sale thread via PMs saying that the first person didn't pay. Perhaps send a group PM to make sure that is not occurring before you send payment.

I can't disclose everything publicly for security reasons but I want everyone to know that I am doing everything I can on my end to help stop this from happening.
 
Last edited:
The configuration changes for 60 days have been implemented. You will get the new 60 day option the next you are prompted to re-verify your device.

pcf_2fa_60days.png
 
How do I re-generate a new QR code to add authenticator? I upgraded my iPhone and it no longer shows the PCF account.

What app are you using? The MS one lets you back up your accounts then restore them on the new device.

In any case....

2022-09-26_16-55-04.jpg

2022-09-26_16-55-30.jpg

2022-09-26_16-54-06.jpg




When you're done that, you may want to do this step next.

2022-09-26_16-59-24.jpg
 
Remember to save the new one-time use backup codes in you lose access to your email address OR if you get a new phone and forgot to transfer your Authenticator App and accounts to the new phone!!!
 
Last edited:
FYI for those who are getting new phones. If you use a 2FA app, make sure you backup your accounts on the old phone and recover them in the 2FA app on the new phone BEFORE you reset your old phone.

I just moved all my 2FA accounts in Microsoft Authenticator to my new phone in less than a minute. I can tell you how to do it in MS Authenticator.

First, make sure you have chosen to back up your accounts in the MS 2FA app on your old phone. Open the MS 2FA app, click on the 3 dots at the top right, go to settings, make sure cloud backup is toggle on.

On your new phone, open the MS Authenticator app, but do not add any accounts. You must choose the recovery account option. Enter your MS email and password to start the recovery. If you have 2FA setup on your MS account, you will get an 2FA push alert on your old phone and the option to pick the correct number that is shown on your new phone. After that the recovery will start and all your accounts will show in the list.

Once that is done, you want to make cloud backup is toggle on for the new phone in the MS Authenticator app.



HOW TO TRANSFER YOUR 2FA ACCOUNTS IF YOU USE GOOGLE AUTHENTICATOR APP
  1. On your new phone, install the Google Authenticator app.
  2. In the Google Authenticator app, tap Get Started and sign in.
  3. Tap Menu Transfer accounts. Import accounts.
  4. On your old phone, create a QR code: In the Authenticator app, tap Menu Transfer accounts. Export accounts. ...
  5. On your new phone, tap Scan QR code.
 
Last edited:
Just a reminder to save your one-time use back up codes in case you get locked out of your account. Many people get new phones and don't remember to transfer their accounts to the 2FA app on their new phone before wiping the old phone.

If you didn't save your one-time use codes or want to generate a new set of them, go here:

2023-03-02_10-11-07.jpg


You should copy and paste them into a text document and save it somewhere. (Preferably not locally on your phone) One Drive or Google Drive is an option. Personally, I print them out and keep it in a secure place.

Once you get back into your account using a one-time use back code, you should reset the Verification code via app using the Manage button. Once you set it up again, you will get a new set of one time-use backup codes and the old ones will no longer work.
 
Just a reminder to save your one-time use back up codes in case you get locked out of your account. Many people get new phones and don't remember to transfer their accounts to the 2FA app on their new phone before wiping the old phone.

If you didn't save your one-time use codes or want to generate a new set of them, go here:

View attachment 1090977

You should copy and paste them into a text document and save it somewhere. (Preferably not locally on your phone) One Drive or Google Drive is an option. Personally, I print them out and keep it in a secure place.

Once you get back into your account using a one-time use back code, you should reset the Verification code via app using the Manage button. Once you set it up again, you will get a new set of one time-use backup codes and the old ones will no longer work.

https://www.pokerchipforum.com/thre...w-required-on-all-accounts.83833/post-2115301

Bumping this post as a reminder. Also, you can setup more than one 2FA method. Because of overzealous spam filters, 2FA codes via email is not as reliable as using a 2FA app on your phone but can be useful if you get locked out of your account and didn't save the one-time use back-up codes.
 
If you are still using email to get your 2FA code instead of a reliable app like Microsoft Authenticator or Google Authenticator, and you are not getting the email, another reason can be is that you are over your quota. Clean out your email inbox!

I received an email from a member who states they are not getting the 2FA email. They are over their quota, and I can't even email them back to tell them that is the reason.

2023-08-09_11-49-23.png


I highly recommend using an app on your phone. Remember to save the one-time use back up codes in case you get a new phone and forget to transfer (or setup) your app's 2FA accounts to your new device.
 
Status
Not open for further replies.
Back
Top Bottom