That would only help with SMS authentication. I think he was asking about the TOTP Google Authenticator which is a different beast.

God dam Authenticator is still using Holo. iOS version is material of course. Y'know, because it's clearly a lot easier to make a material design app on iOS than it is on Android.

Edit: As of Dec 10, it looks like they fixed this!

Especially with 3rd party ones like google authenticator.

Actually, as I started typing this, I remembered that I already know why. Because it is a rare company that has that level of security in mind at least when it comes to gaming. I only know of one gaming company that has their own info sec team. I work for one and even WE don't. Couple that with some of the crazy turn around times that the devs are held to (either through crazy PMs or crazy Game Directors), and sometimes there isn't even time to consider if someone could break key features in your game with something as simple as Charles Tool/ Charles Proxy!

But I digress. tl;dr: most gaming companies don't put much thought into infosec.

^^^that ^^^I've ^^^seen, ^^^YMMV

How to set up two factor authentication:

1. Go to gmail.
2. Click your picture in the upper right corner.
3. Click account.
4. Click "2-Step Verification" located under "Signing in."
5. Type your password and click "Sign in."
6. Click "start setup" and follow the instructions.
7. After you are done get google authenticator on your phone and follow the setup instructions.
8. Click "switch to app" under the authenticator tab and follow the instructions.

Every time you log in from now on you will be presented with a prompt to enter a code that is generated by the app. Once you enter it once you can trust a machine. This makes it so to get in someone needs your password AND your phone at the same time.

How to set up per app passwords:

Now that you have ~~per app passwords~~ two factor you can use per app passwords to create a uniquely generated password for your android account on your phone, this password can be revoked at any type making the gmail account useless on that device.

1. In the same menu that has the 2-Step settings (you should still be there from the last step, if you left the page go back to step 4 of the first part and click "app passwords") click the "app specific passwords" tab.

2. Click "manage application specific passwords."

3. Here you can select an app and device name (for example google account on Note 4) and click generate, log in with that password and you are now using an app password.

In the same menu you can then revoke the password as needed.

How do I know if my account has been accessed?

From gmail look for "details" allll the way in the lower right corner, it's right next to a string reading "Last account activity: X minutes ago." In this page you will be able to see the IP address and geolocation of anyone that accessed your accounts.

I think the real "hacking" cases where somebody has gained access to GGG servers and obtained valid login data are pretty much zero. The most accounts are most likely compromised by gaining access to your eMail account. If you share that password over multiple accounts, say PoE or other games those can be easily compromised as well, passwords reset and accounts be abused.

Two-Factor-Authentication via a mobile Authenticator app like Google Authenticator would definitely be a good step towards more account security.

I've used a Yubikey for years with Lastpass.

Tons of sites are also using Google Authenticator.

I'd much prefer they used industry standard OTPs for 2-step verification so that I can use my existing rolling token manager.

I'd second BitWarden.

I'd also recommend using 2 factor authentication where possible. Try not to use text messages, especially for anything important. Google Authenticator, or Authy are good.

The app generates a code every minute or so. When you log into say Twitter with your username and password it will then ask you for the code from your Authenticator app. Type in the 6 digit code, click "remember this device" if you don't want to have to do that every time you log in, and away you go.

RFC 6238: Time-based One-time Password Algorithm.

TOTP is great because it's an open standard. Many online services support it. You can use a phone apps including Google Authenticator/Authy/FreeOTP, a hardware token, or even a program for your PC.

The cons are that it requires a hardware purchase or smartphone ownership and average users need to be trained on how to use it. You need to print out the backup codes in case of phone loss/theft/damage. If you have many accounts it can be tedious to scroll through many codes to find the one you need. Even though NIST doesn't recommend it anymore, so many business have just use SMS 2FA because it's universal across their customer base. A widely adopted good enough solution is better than lower deployment of 2FA. Lots of people use 123456 or password1 as their password.

Good time to mention you don't need to use the official SWTOR app, you can also use Google Authenticator which is nice if you like to have all your 2FA eggs in one basket.

Will 2FA become mandatory in third party apps? I'd imagine you would reach out to them if the user sign in flow was to change in any way. Also, I'd love it if you integrated with Google authenticator or another such app.

Since reddit already has a field for email, that should work fine. Or integrate with this: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en

(Discord does 2FA via this)

You probably don't want to actually send passwords to other devices, because they could possibly be intercepted. However, using 2 factor authentication, something similar is common. Check out google authenticator , You can set it up so that whenever you want to log in, you must type your password, as well as a code that the app generates. That code changes every so often, but your original password will stay the same.

Set up Google Authenticator or another TOTP compatible app. This method is superior to SMS delivery because codes are generated offline right on your phone; no cellular signal is necessary. Which is great when you are in a no signal area or out of the country (although Fi fixes the second problem). Print out the backup codes. I personally keep one copy on my person in case my phone is low on battery or stolen and another copy in a safe place if all my pocket stuff is lost or stolen.

I have to ask .... is this secure?? Right now I use Microsoft's and Google's two factor authenticator apps. Google's app is terribly designed I don't know why.

Can someone please explain if Authy is secure enough for me to use it? I know it is just a code it generates but it does scan the QR Code from my account so is it getting some hidden info?

BTW this is the app I use https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en

funny as this is, the hacker is now targeting people who interacted with Scott's account while it was compromiseded. turn on 2FA everyone.

if you have and android device, use this: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2

>Google should invest in giving actual 2FA devices to the youtubers that make them money.

There already is a Google Authenticate App, but most people don't use that and just use SMS messages. I'm fairly certain even if someone had your SIM they couldn't get past the authentication code since the Authenticate App generates the authentication code locally and has nothing to do with what SIM you are using.

Edit, nevermind, I'm using the Authenticate App but I just tried to log into my Gmail on a new browser. When it asks for my Authenticate code, I can just click "Log in another way" and right there is says it can just text me an authenticate code to bypass the app. Well, that's shitty, a chain is only as strong as the weakest link and that's pretty damn weak. Looks like you can disable that option if you remove your phone number from Google's security settings at least.

Activate the 2FA in you Discord account and then scan the QR Code with your [Google Authenticator APP[(https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2) (Android), then everytime you logon in Web/Mobile/Desktop Discord it'll ask you for userid, passwd and token

A couple of things that should help you out.

Firstly the OTP password setup is not mandatory however a very very good idea. Once you have signed if you haven't set it up in the system simply reminds you by taking you to the setup page by default if you have not already set it up.

To set up OTP you need a compliant OTP application on your phone or some other preferably independent device that you keep on your person. Probably the best and most well know application for this is the Google Authenticator app

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en

Its available on both the google play store or the apple app store for free.

Once you install the app you can scan the QR code with the app to sync the OTP password generator with our system. The application then produces a new code every 30 seconds or so. By entering the code it produces you should then be in sync with our system and OTP is now setup.

Next time you login you will need to enter in the current code again.

Contact customer care to make sure there are no text blocks on your account. I'm presuming it may have been accidentally marked as spam/premium message.

ps: how come you don't use the app?

I'm pretty sure they've used the G in a few places, like how the new Chrome logo was used for years before it became official.

EDIT: Google Authenticator uses something similar, but I'm pretty sure it was somewhere else, maybe a website logo.

• fido2 and U2F are the ones you're actually gonna use with websites - mostly just U2F though.
• Yubico OTP is very rarely used, you probably don't need it
• OATH OTP (TOTP/HOTP) allows you to store keys for apps like Google Authenticator on the stick itself
• PGP: You can use the stick as a smart card for PGP signing/encryption.

you can also use Google Authenticator Android / IOS to add 2FA to your email account, that way even if they tried to hack ur email, they can't :)

1. go to ur settings of your email address
2. find this 2FA option
3. download the app on your phone
4. they will give you a ~~squad~~ square with bunch of black lines, use the phone's camera on it
5. click next and use the code on the phone and you're good to go

EDIT : added steps and the IOS link

Set up 2FA on your google and twitter accounts while you're at it. That way everybody can kiss your a** even if they do steal your password.

Maybe a coincidence, but the latest update to the Google Authenticator App mentions that it

> Adds experimental Security Key (FIDO U2F) support to Chrome

Google authenticator apps:

Apple store

Google store

Yeah sure if we want to talk about 2-Factor then I gotta throw a nod to Authy.

Google Authenticator

GoogleAuth is a nice app. I used it for a long time and I was hesitant to try anything else because I figured I was happy. However after some talking I did end up swithing to

Authy

Here's why

1. Google Auth is great but there's a few sites that are authy only tht don't support Google Auth like HumbleBundle. Authy however is completely compatible with every site that uses Google Auth.

2. I lost my phone. With Google Auth I had to dial into reset mechanisms because there's no way to transfer my Auth app credentials to a new phone. There's no way to have it more than one phone. Authy is tied to your phone number (which I'm not the biggest fan of) but that means you can have authy on two phones at once so if you have a work and personal phone or a good phone and a tablet or whatever both work.

3. Authy has a widget. I don't remember if Google Auth has a widget but Authy has a nice widget that lets me dial up my OTP from my home screen.

4. Authy has a chrome extension. You can debate the merits of having a none phone verified OTP but having the option is nice. I use it.

5. UI. A lotof poeple complain about google UI on the auth app and I didn't hate it. I was fine. But Authy is definitely better.

Set up 2-step authentication on your account.

Google Authenticator App - Play Store

I had the same issue when i returned to the game 2 weeks ago. Found out you can use any authenticator which supports the 2 step system. I use the google one:

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=de&referrer=utm_source%3Dgoogle%26utm_medium%3Dorganic%26utm_term%3Dgoogle+authenticator&pcampaignid=APPU_1_C0yLVazjCczwUuOtgvgD

Just enter the serial number from the swtor page into the authenticator and give it a name like SWTOR or what ever you like.

Biowares app is outdated and broken reason the serial doesn'teven fit into there authenticator.

Have fun mate :)

I would add to this, download:

Google Authenticator

Authy

or any other 2FA code generator app.

Do not use SMS for 2FA as it does not actually increase your security.

Also, many apps allow you to log out of all other devices, many even offer the option when you are in the process of changing your password. Be sure to do that.

Edit: Attempting to single space the lines between the links.

I just received my 3XL today and set it up. During the setup there is an option to transfer data from old phone. Did you do that?

For apps that are requesting verification from the old phone - turn the old phone on and connect it to wifi. You will get the verification requests.

The google authenticator can be installed from the play store: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en_US

Are you using google password manager to save your logins? That information is stored in the cloud with your google account, not on the device.

Mocht iemand vanwege deze berichtgeving zijn verificatieproces willen veranderen dan raad ik jullie een authenticator app aan.

Download de Google authenticator app voor je telefoon.

Wij gebruiken dit wanneer we in willen loggen om de aangiftes van onze klanten te doen. Als je voor het eerst ergens inlogt vraagt de site naar de code van de authenticator app. De app verandert elke 30 seconde van code dus het is moeilijk te stelen en te hergebruiken.

Te recomiendo casi encarecidamente usarla con Google, porque alguien apoderándose de tu cuenta de Google tiene acceso a TODO.

La misma app que usa Google te va a servir para Reddit.

A few recommendations that I want to give you:

• enable 2 factor authentication where you can. This means that even if you parents have you password, they need a second key to log in. Google has there own app that you could use. They key is generated on the fly and changes every 30 sec to 1 min. Some sites send you a key via mail/SMS.

• factory reset your laptop or get a new one if you can. If you are a bit handy and your laptop supports it, remove the current drive and install a new one and reinstall the OS of your choice.

• go to the police and if you can, bring them the current hard drive to be analyzed.

• and as sad before, see a therapist, you really need it

Google Authenticator Android app has forked into the proprietary version (available on the Play Store), and the open source version (available at GitHub). Both support HMAC.

The Yubico version (and probably the Amazon version, but I'm not familiar with it), is a branch of the open source version.

The Yubico version (and maybe the proprietary version) supports storing the key on a token (such as a Yubikey), which it communicates with over NFC.

Edit: more info

2fa is not always tied to a mobile number. For google there are a couple options. This app is one

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en

another is a hardware device which costs about 5 dollars.

Alternatively, for a while, put your spouses number as the authenticator number

2fa is not always tied to a mobile number. For google there are a couple options. This app is one

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en

another is a hardware device which costs about 5 dollars.

Alternatively, for a while, put your spouses number as the authenticator number

Install this App: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2

Then follow these directions: https://support.google.com/accounts/answer/1066447?co=GENIE.Platform%3DAndroid&hl=en

They don't even need to make an app, there's plenty already (here's one from Google themselves). They just need to implement the back-end and give us those keys to set up our authenticators.

They don't even have to make the app. There's a standard protocol for generating one-time passwords on a user device. An app like Google Authenticator can be used to generate them.

I had a Moto G myself (with 1GB RAM), and 2-factor-auth apps shouldn't be a problem in general since they aren't demanding at all.

There's the Google Authenticator, which is fairly minimal and straightforward in funtionality.

A well known alternative is Authy, which also offers cloud backup of 2-factor-auth tokens.

Yes, that's why I'd recommend something like Google Authenticator app instead of a text message. That way your phone works like a security token. In my experience most of the services supporting 2FA can use it. There are other apps that use the same algorithms, if you don't trust Google or you can pretty easily code one yourself.

More info: https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm

There is an authenticator app. Its the https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en

Make sure you enable both of these. http://puu.sh/pVQ39/b10b37a8e0.png

Generally 2 Factor Authentication (which is what I believe you are referring to) is a time dependent code provided by software either on a hardware device or an app that changes every 30-90 seconds.

After entering the first form of authentication, typically your password, you are asked for a second number which is produced by the device.

The number is produced using very large numbers and the exact time so that the key cannot be guessed at faster than the key expires. The process for generating the number is very similar to that used for one way encryption.

The QR code is for use with authenticator applications, like Google's 'Authenticator' app on android (and ios, I think) so it can generate codes for you.

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en_GB

Reach out to care, they can check the local towers for issues.

You should consider using Google Authenticator for 2-factor authentication. No need to have any service for it to work.

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2 are you sure that it was not you who added the authenticator?

But nobody here can help you - just the support can. :(

Instead of turning off 2FA (which is horrible advice), consider multiple 2FA methods.

Google (obviously) supports Google Authenticator - use that. Then use its Transfer Accounts function to copy the accounts from one phone to another so you have a backup.

Also generate and save backup backup codes as a last resort. Store these in a secure place on a device you control, for instance a laptop, or USB drive that you keep with your important documents.

the solution to this problem is telling the support to remove the sms auth and use a auth like google auth.

Alr i might try that actually.

I installed this a while back and it had basically nothing that you could use as a backup

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2

Google Authenticator is an app. Instead of registering with SMS you register with Google Authenticator. What you're logging into will show a QR code and you scan that with Google Authenticator. Then the codes show in there instead of via a text.

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2

When I say get lucky I mean that websites/apps often only support SMS. Maybe all the ones you use will support Google auth.

P.S. there are other apps like Google Authenticator.

You shouldn't be using SMS as 2fa is the answer (along with the fact it's not even secure!).

Get a proper auth app, Google Authenticator for example. Whenever you set-up 2fa, create a backup of the backup codes they give you* in a location that's convenient, e.g write them down in a note you keep in your wallet for super important stuff, store it in secure cloud storage/password managers, store them on a secure device (e.g YubiKey or some other similar product).

(*if you aren't given back up codes, that's a severe red flag the 2fa is useless. Looking at you Paypal, who'll literally just disable 2fa over email without question if you ever 'lose your phone'....)

So kinda same process, go into Gemini and go to deposit, then search for Elon and copy that address, then go into crypto.com and go to transfer, transfer crypto to other platform, then EXTERNAL WALLET, and hit the " + " in the right corner and pair your Gemini Wallet, then select the amount you want to transfer, review and transfer, the fee to transfer Elon out of Crypto.com is 35,000,000 Elon, so if your gonna transfer make sure your done buying on there and it's worth it to transfer 🤙🏽, again you might need the authentication code which is from play store, it automatically generates codes every time needed....Aloha 🤙🏽🌴🪙

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2

I fully agree with you. Android is full of shit Google bloatware. But their sheep will happily defend it. They simply don't care.

Just open the Google Authenticator in the Play Store through this link. And the YouTube video for it says "This video is unavailable." There are many more places were Android simply straight out fails where you can see that the Google employees haven't even tested their app A SINGLE DAY. I'm sick and tired of a multibillion dollar company failing to do very basic things. Like the YouTube autoscrolling up bug is THREE YEARS OLD! And it still isn't fixed. When I search something on Google Images only some images load, the other half doesn't, until I scroll far past those images. I have a brand new phone now, and the same issue happened on my old phone. I honestly thought it was the phone. Guess, what it turns out to be Google. Now on my new phone an issue that happens among multiple brands is YouTube continuing to play a video a couple of seconds after you press pause. These are ALL VERY BASICS THINGS. That basically show that Google stopped caring, and are pushing garbage to their customers now.

OP, the security code Meta's asking you for is a six-digit number from an app known as an "authenticator".

It's absolutely brilliant: every thirty seconds it generates a randomized six-digit code that only will show up on your device!

When Facebook asks for the security code, punch-in the six-digit code the authenticator gives you.

Now Facebook knows it's your device trying to sign into your Facebook account.

But do it kinda quickly: remember, it changes every thirty seconds.

There're a few authenticator apps, but I use the one from Google:

[ <strong><em>&quot;Google Authenticator&quot;</em></strong><strong>: ANDROID</strong>

As someone else has already said, change your password on your account and your password for the email of your account. If you want to go the extra mile, I suggest setting up 2FA using Google Authenticator to further protect your account.

I'm assuming they're a boomer so they need that broken down.

OP make sure your password isnt password, sexgod, iamtheone or 12345678. Don't use this as your password but take its advice https://xkcd.com/936/

2FA stands for two factor authentication, meaning to login to your email they either need a code from https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2 or a code you get as a text message. The app may be different depending on email provider.

You have a higher chance a family member or a spouse stealing your gift card with that then some random online.

GA

Authy

install google authenticator on your phone ,

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&

https://apps.apple.com/us/app/google-authenticator/id388497605

two factor authentication

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&amp;hl=en&amp;gl=US

https://apps.apple.com/us/app/google-authenticator/id388497605

If your password gets stolen or computer gets mallware your exchange is secure.

You either

1) have 2 external devices with this app synced to same key with coinbase(phone and tablet)

or

2) one external device + backup key written on paper

Do not use sms or email 2fa

Hajde da probam treći put da kucem odgovor pošto reddit pada kao svako malo.

1. Da. To su opcije.
2. Jeste. Da bi izbegao bespotrebnu konverziju. IWDA, SWDA i EUNL su tri tikera sa 2 berze u 3 valute. Valuta fonda je USD ali sama akcija ETFa može da se pazari u $, EUR i funtama.
3. Nađi način da imaš karticu kojom plaćaš u nekoj valuti a da nisu pare iz monopola kao što je RSD. Ja sam veliki protivnik dinarizacije jer nakon 20+ godina očigledno nije uspela. Ako ja ne mogu da uzmem kredit za nekretninu u dinarima bez da je indeksiran u EUR znači da banke ne veruju državi i valuti.

2FA je dvostepena zaštita. Pošto ukucaš username/pass traži se od tebe da ukucaš dodatnu šifru 6 cifara koja je živa i važeća narednih 30 sec. App ih generiše.
https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&amp;hl=en&amp;gl=US

Did you Transfer your Google Authenticator codes to your new phone?

1. On your new phone, install the Google Authenticator app.
2. In the app, tap Get Started.
3. At the bottom, tap Import existing accounts?
4. On your old phone, create a QR code:
   1. In the Authenticator app, tap More > Transfer accounts &gt; Export accounts.
   2. Select which accounts you want to transfer to your new phone, and then tap Next.
5. On your new phone, tap Scan QR code.
6. After you scan your QR codes, you’ll get a confirmation that your Google Authenticator accounts have been transferred.

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&amp;hl=en_GB

It's this one I use. Thanks for the answer, hopefully this is the one you are referring too and I'm safe.

wherever possible, you should use an app for MFA and not SMS. google authenticator is fantastic.

further reading: https://www.wired.com/2016/06/hey-stop-using-texts-two-factor-authentication/

They deprecated the old dedicated app but you can use any standard authenticator app now, like google authenticator.

you can use Google Authenticator (https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&amp;hl=en) app as security token

Did you sign it out yet and made two factor aithentication?

Google uses their own 2FA , as a back up u can use Google Authenticator app, but you can also use it for many other log ins.

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2

You'll need to download an authenticator app, such as Google Authenticator, which is where you'll use a code that you'll find on tibia.com when you're setting it up.

No.

The QR code that's displayed to you is meant to be used with the app Google Authenticator (Android and iOS). Once you have the app downloaded, there should be a button to scan in a QR code. You scan the code Discord gives you, and after a couple of questions about the account, it should appear in a list. A six-digit code will be displayed, along with a timer telling you how long that code is valid for. You have to type in that six-digit code before it expires.

The text contents of the QR code itself aren't meaningful to you. You shouldn't have to worry about them; it should only be used to scan into Google Authenticator or Authy.

An authenticator app is typically something that provides a time-based one time passcode (TOTP). When you login to a service where you've enabled two-factor authentication, it will request the TOTP from your authenticator app, which is also usually a string of digits. One example is the Google authenticator app: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&amp;hl=en_US

A password manager is essentially a program that allows you to securely store your password in a vault. This makes it easier to create unique passwords for each account you create, preventing password re-use. These programs will generally also feature a password generator that will help you create strong passwords.

You should use both when applicable. Not all services support multi-factor authentication through authenticator apps. A password manager is a great way to reduce risk of password re-use, and using weak passwords.

Esse que você mandou faz uma parte que é o segundo fator: basicamente guarda uma segunda senha de 6 dígitos que mudança cada 30 segundos. Para fazer isso prefiro o google authenticator

O gerenciador de senha faz o OTP (one-time password), e mais um tanto que é gerar e guardar a senha principal de cada serviço.

1password é o que uso, mas tem outros

If several people use the account, then the answer is no. Gmail accounts are intended for individual use, so if there are several logins from various locations, it takes that as an indication that someone else is trying to sign in and wants a verification that it is in fact the owner who is logging in.

If all the band members have a smart phone, then a possible solution/workaround is to set up two-step verification for the account [link to security settings here] using one of the members' phone numbers, and then to switch over to verification via the authenticator app. At this point, you are required to scan a QR code with the authenticator app (e.g. "[Google Authenticator]", also available on iOS).

Now you've come to the "hack" part: every band member should scan the QR code with the app installed on their phones, and then each will be able to enter the verification codes when logging in.

Additional notes:

• When setting up 2SV, it will ask you to write down / save a set of 10 backup codes. Save these somewhere. In case you lose your phone, these codes will be your only way back into the account.
• Also note that because there are no user controls in Gmail accounts, everyone that has access can also take ownership -- change the password, change security settings etc.

Hello, I would expect that the phone number is for emulator purposes only. Can this be skipped? For Google 2FA you do not need a phone number. You may need the Google Play app (or a browser), which I believe is included in the emulator, to install Google's Authenticator (https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2). I hope this helps!

Download the app, add a site by scanning a QR code which said site provides when you want to enable 2FA. Should be done.

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&amp;hl=en

Elysium had an opt-in page for 2FA though I'm not sure if Light's Hope has one up as of yet. So you may have to wait.

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&amp;hl=en

I have about half a dozen sites on this. What he means is instead of BoI going with best practice and allowing you to use a popular 2FA app they'll build their own one.

I would advise setting up google authenticate, it generates these authentication codes for you so no risk of possible issues like your post.

Infact, my Coinbase account made me set it up some point last week... so I would definitely advise dong so! Link if you're on android: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&amp;hl=en_GB

Install the Google Authenticator app from here

Just tap the three dots in the top-right corner then choose set-up account

The app in question, correct?

Google authenticator generates a Time-Based One-time Password. This password is valid for 30 seconds, based on the clock times of the system. It is unique to each system that is signed up for.

An everyday parallel is your car key fob. It is unique for your car and will cycle through a number of codes.

Technical stuff. RFC 6238 formally describes the algorithm. The algorithm does allow a lookback, for out-of sync devices. Network Time Protocol tends to keep clocks close enough.

If you're worried about devices other than your phone getting the token, get the Google Authenticator app and use that instead of text 2FA. A code will show up instantly on your Android device within the app to use on your account.

Edit: Authy works really well with other websites and 2FA as well.

Why do we have to input our mobile numbers to PSN now? That's potentially another security risk there. Can't Sony just allow third-party authentication apps like a lot of other services do?

Apps such as: Google Authenticator would do the job fine.

This is why Sony should've instituted the 2-step authentication system AGES ago (seriously, how hard would it have been for them to work with Google to just set up a SEN/PSN profile for their in-house authenticator app?)

My guess is: load balancing.

You can try to browse to the official Google Authenticator website on your phone and trigger the installation manually.

Here's what I have on my account:

Security Key

Google Authenticator

Voice or Text Message. I use Hangouts so I can get this on PC, Tablet, Laptop, Desktop

and of course the backup codes.

So, if I lose access to all these things I am up shit creek. Luckily I don't usually have that issue though.

The app was updated in April, make sure you don't have the very old app, ~~the dev lost access to it on the market and had to change the identifier on the play store.~~ (Edit: Sorry, I was misremembering a bit, it wasn't necessarily a password issue: http://www.androidpolice.com/2012/03/22/psa-googles-authenticator-updated-to-v2-except-its-a-brand-new-app-and-you-need-to-install-it-to-get-future-updates-old-one-is-dead/ )

This is the correct one https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2 (notice the 2)

Instead of using 2 step authentication with txt message, consider using Google Authenticator. This would eliminate the possibility of the person seeing the pin sent via txt message.

Link to Android and IOS.

Why not integrate it with the Google Authenticator service?

I am getting 1-minute codes for my outlook, gmail, facebook, teamviewer, a website I am running (yes, it is native in Joomla)

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2 https://www.microsoft.com/store/apps/authenticator/9wzdncrfj3rj

Don't know iPhone's app, but they all work together

ELI5 : How is this any different than Google Authenticator App ? I mean the app can :
Generate new OTP every 60seconds on the go, without network connection.
Supports every site that offers 2 Factor Authentication. You just have to scan a bardcode and then you can have an OTP whenever you want
Isn't Freecharge's 'new' tech doing the same ?
And can we trust Indian startups with our OTP security tokens ? From what I've seen here, Indian Startups don't give a shit about security.

Yup, it's the same 2 step authentication like Blizzard does, but standardized.

They all give you a QR code or the secret key that you can scan/enter into any 2FA app. Most companies recommend the Google Authenticor for Android. Some apps like Facebook also have a mini 2FA client integrated into their app for people that don't use a dedicated 2FA app, but as it's a standard you can use any 2FA app.

I realize that I'm side-stepping the texting issue but can't you install and set up the Google Authenticator on your phone in order to get the numeric code needed to access your gmail account at work?

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2

Google's 2-factor authentication app. You should use it, as it dramatically increases the security of any account protected by it.

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&amp;hl=en

HOWEVER the authenticators are not. EA uses Google Authenticator ~~while SWTOR uses the SWTOR Security Key app.~~

EDIT: just use the google auth

I highly recommend everyone use 2-step verification. In conjunction with that, I also recommend getting the Google Authenticator app for your phone (Android link is here -- iOS link is here). This comes in handy because instead of waiting for a text with your verification code, you can just get it from the app. This is especially great when you happen to be in an area where you can't get a signal on your phone and not receive text messages. Not only does it come on multiple phone OSes, you can use it for many different accounts and services that have 2-step verification such as a Microsoft account, Gmail account, Apple ID, Lastpass account, Paypal account, Twitter account, Dropbox account, etc.

I fail to see how asking for any kind of proof that it's you in a non-fakeable way (a CD key) is asinine. You could have probably specified any physical CD key you have. Recovering my Guild Wars account from an ecto farmer required me to specify my original GW Prophecies key, and that's 10 years old now too. But that's perfectly acceptable. I had to prove who I was. Unless you can carve some kind of "this is me" mark on your account, you're stuck. Which is kind of why I wish Steam would get around to using an authenticator of some sort, like Google Authenticator or a Yubikey.

I'd suggest ditching the official app, and using Google Authenticator. It works the same way, and is more reliable and useable. BioWare has confirmed that it's fine to use, and you will get the 100 CC stipend per month for having a security key attached.

(Glad you got it working, btw. :)

There are ways around this. You could have the registered device generate a password so that only one device has the actual code.

Something like this: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&amp;hl=en

Yes, it will take many years. Gmail had 500 million active accounts in June 2014 (adding 1 million/week), yet authy has only 1 million users, and Google authenticator on Play has 5 million downloads.

Bitcoin needs to be easier to use than GA 2fa

When getting a new phone up and running I usually begin with:

• Android Wear - So the $200 toy on my wrist actually does things

• Google Authenticator - So I can login to Google stuff away from home.

• Bank Application - Whatever your bank may be, and so I know how much this shiny new phone hurt my wallet.

• Pushbullet To easily send links and files to my phone and links from my computer to friends.

• Android Device Manager In case I should lose my phone. Its never happened so I don't actually know how good it is at solving that problem.

• Google Keep (If not already present) - So I remember not to forget (but still will forget)

• Google Maps (If not already present) - So I can get home.

• (Google) Messenger - So my texts look pretty.

• Nova Launcher - If my new phone is a Nexus i will pretend I dont need nova for about a month and develop self inflicted stockholm syndrome about stock Android. Then in about a month come to my senses and install it. If it's any other brand I will likely install it before I even leave the store.

• Pocket Casts - So I am entertained on my way home.

• Google Opinion Rewards - So I can get 0.12 cents for telling Google where I was and that I drove my car to get there

• Google Wallet - So I can always think about using Tap To Pay and never do becaue im worried it wont work and ill look the fool.

From there I will install apps as I miss them or by a list I prepared beforehand.

The problem is that they are reinventing the wheel.

If they were going with standards they would've just used Authenticator for Windows Phone, Google Authenticator for Android and Google Authenticator for iOS.

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&amp;hl=en_GB

Google Authenticator

On another note, I wish Steam would use standard TOTP RFC 6238, that all the other big web companies are using (Google, Facebook, Microsoft, Dropbox).

That way I wouldn't need to use the Steam mobile app and simply use Google Authenticator, FreeOTP, etc.

Plus it's easier to backup in my offline KeePass database.

Depends on what you need.

• if you just need a basic key for your computer, then the blue Yubikey U2F FIDO works fine. It currently costs $18. That's IMHO quite fair. There are cheaper FIDO U2F devices, but the Yubikey is quite sturdy -- something that is important for a device you keep on you all the time.
• if you also want to use your key with an Android phone, then you should look for a device that is NFC enabled. Alternatively, you might be OK with using Google Authenticator or Authenticator Plus on your phone instead. As a software solution, it is not quite as secure, but certainly cheaper. Only you can determine if this is a risk you are willing to take.
• for iPhones, you'll need to get a Bluetooth-enabled token instead. I don't have any first-hand experience with those, and thus can't make a recommendation.
• if you want a U2F token that you always leave in your computer (and assuming you haven't switched to USB-C just yet), then I can't say enough good things about the Yubico Nano. It's pricey, but IMHO well worth it for your everyday computer. No risk of accidentally damaging it or loosing it. For the vast majority of users, leaving the U2F token in the computer is the correct solution.
• you probably want to get at least one or two spare devices that you keep in a secure location somewhere. These would be for account recovery, if something bad happens to your primary device. Feel free to pick one of the cheaper off-brand devices. They only need to work once or twice at most :-)

A couple of sites now support U2F. But I wished, it was a lot more. It's such a great solution. If you read the specification, you'll be impressed with the balance that they strike between security and convenience. It even protects against most types of phishing and MITM attacks! And you only ever need a single token for an arbitrary number of sites and accounts. You can even safely share it between users!

Of course, I really wished that U2F became a default hardware feature for all cell phones, all laptops, and all computer keyboards. It's frustrating to see that we still have to buy third-party tokens.

I think I'd love to see Google start a bank at this point, even if it's a damn spinoff.

Buy directly and securely from your balance with your password and your secure token (e.g. Google Authenticator or compatible). Offline payments are protected with PIN and a non-RFID chip on your card (to protect against future side-channel attacks). At least security will be better than many banks that use passwords already, as well as better than many credit cards.

I'm so tired of credit cards. If something goes wrong with a retailer, it's suddenly on you to have to act after the fact to protect your funds. WTF? That's not real security! Not to mention the tremendous fees CC companies may charge companies for their lack of ex ante security in chargeback fees. It'll still be paid by consumers eventually!

Use a password manager:

Opensource and Free:
Keepass
Bitwarden

Paid service:
Lastpass
1pass

Have a different password for everything

Backup your passwords with Syncthing or Google Drive.

You can then create a shortcut to your database on your phone and open up with Keepassdroid for example and access your logins on your device.

You can also access your passwords easier through kee extension as it will auto populate it for you.

Use 2FA

Authy

Google Authenticator

When using gmail add + to your email such as so when you get spam you'll see which website it was.

For web browser use Firefox and Noscript and a proper adblocker such as uBlock origins.

Protect yourself with Windows Defender + Malwarebyte or RogueKiller

>put security feature on account

>get upset when Google doesn't immediately allow you to reset the password bypassing the security feature

This is to prevent account theft. Register a second phone, print backup codes, use another mechanism like Authenticator codes in Authy or Google Authenticator for iOS or for Android.

Would you be more upset being locked out of your email, or someone gaining control of your Amazon account and buying tons of shit, or pulling embarrassing pictures from your iCloud, or posting embarrassing things on your Facebook?

The intent of the delay is to notify any devices you have that still have access that someone is trying to recover the account. Which, if someone did to you while you were logged in to your own devices, you could reject the attempt as fraudulent.

Google's servers don't come into it.

The algorithm for Google Authenticator (both for Android and iOS) is a standard - RFC 6238. It's also used by Microsoft Authenticator for Windows Phones, and also WinAuth for Windows desktop. It doesn't use any server resources at all. It only uses a random number that is stored in your client and the server (in this case, reddit's server). You can use RFC 6238 compatible code in your project very easily. I've found an open source demo on heroku, and it works with all of the above. There is more explanation at the author's website, but it is very technical.

They do both:

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2

Did you add MTO on Google authenticator?

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2

If you are on android, you can use Google Authenticator or Authenticator Plus possibly Authy. They use a rolling 6 digit code that you use to authenticate with the website. They are generally more secure than using SMS or email. Authenticator Plus and Authy both allow you to back them up in case you change phones.

They are available for iOS as well, but I don't have an iPhone so I'm not sure which ones are best there. I personally use Authenticator Plus and haven't had any issues with it.

In no particular order

• Google Authenticator - then you can enable two-factor authentication on your important accounts to keep them secure (to login you have to enter your password and a one-time-use 6 digit code from the authenticator app).

• Inoreader - RSS reader website and app, really the best way to read the news (or any other regularly published content - blogs, YouTube channels, whatever) without some social algorithm deciding what's relevant for you to see. Doesn't have to be Inoreader, there are other RSS services, but I like them.

• Offline Browser - lets you save a webpage to view offline later. Is also able to scrape further pages based on outgoing links from the page you give it, but that gets a bit combinatorial, so I'd default to "Max link depth: 0 / Max links per page: 0"

• A file manager - I like this one. So that you can actually see (and organise / interact with) the directories on your phone's storage where things get downloaded to, rather than being stuck only seeing things through a specific app.

• Twilight - lets you make your phone dimmer and redder so it won't burn your eyes when using it at night / in the dark, and filtering out blue light in the evenings may prevent it from disturbing your sleep.

• If you use Google Drive / Google Docs, there's an app there for access to those files on the go.

• Other Google services like Google Maps or Translate can be handy

• In general if there are websites you visit regularly, could check whether they have an app; always nice to be able to keep up with things even while you're away from your home computer for whatever reason. Online banking or looking up train times come to mind, if those are relevant to your life. Or the reddit app (or one of the 3rd party ones like 'Reddit Is Fun') since you're here. Or communications type services like Discord, Slack, WhatsApp or Skype - or Steam (since the app is mostly useful for Steam Chat)

Also if you change your mind about entertainment via phone, the Kindle app is decent for reading ebooks (and you don't necessarily have to buy them from Amazon; can set it up to let you email things in, which will then appear through the same library)

Use 2 factor authentication. This requires either a 6 digit code in Authenticator (Android | iOS) or a prompt on a device that's already linked to your Google account in order to gain access to your account.

Porting a number away from Fi requires access to your Google account.

It's not a problem at all.

Although I personally prefer to use the Authenticator app.

if someone is wondering what RFC 4226 is about, this is example implementation:

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&amp;hl=pl

The easiest method for me:
You will need COINBASE / GOOGLE AUTHENTICATOR APP / BITTREX ACCOUNT

1. Buy ETH on Coinbase (cheaper/faster transactions than Bitcoin) assuming you reside in a country where this is possible. Set up 2 step Authentication (should be relatively easy).

2. Create Bittrex account- set up 2 step authentication and any other account validation processes. The website should be able to walk you through this.

3. Go to wallets (in top right-hand corner) and locate ETH. Search for ethereum in account balances. There should be a + and - button to the left side.

4. Click on the + and then copy HEX address.

5. Go back to Coinbase and click on accounts, then under Eth Wallet click send. It will ask you to input the address you want to send to. Paste in the address you copied from Bittrex (i.e the Hex address from the ETH wallet.)

6. ETH will be sent to BITTREX - now wait a few minutes (possibly more). It should appear in your Pending Deposits. Once the transaction is complete it will be in your ETH wallet ready to be used.

7. Locate ETH/XLM pair on Bittrex. On the left will be BUY lumens, on the right will be SELL lumens. An amount of ETH will be available to you on the BUY lumens table.

8. Click MAX next to units - this will tell you the amount of lumens you can buy with the amount of your available ETH (assuming you want to spend all your ETH) and then select the price you want to buy at (BID/ASK/LAST - should be pretty self-explanatory). At the bottom will be your total cost in ETH.

9. Hit BUY and voila! you will have bought your first Lumens! If you want the Lumens intsantly set price to ASK, if you want a competitive price set to LAST. If you want to wait for a specific price set to BID or enter your own price.

Hopefully thats clear!

Uso Google Authenticator

Backing this up.

Always, ALWAYS, use a password manager. They are so incredibly easy to use nowadays that it's idiotic not to. Every single website needs its own strong password so that even if a forum with weak security is hacked, the hacker doesn't get access to your bank account or e-mail.

&#x200B;

Tips for better security

1. Mandatory - Password Manager. Doesn't matter too much which one of the big ones you use (Keepass, LastPass, 1Password, etc), as long as you use one that has been verified as secure (open source is typically better if it is more well known due to more people checking it for vulnerabilities). Only issue I would add in is that any of the password managers that use a fingerprint (Myki for example) can be accessed by law enforcement in the US as fingerprints are not considered protected by the 5th amendment.
2. Strongly Recommended/Mandatory for Financial Institutes - 2FA. This can range from a simple phone number (not preferred, but better than nothing) to a full-on proper authentication app. Google Authenticator, Authy, LastPass, etc). I personally recommend Authy, but any of them will do. For normal accounts, 2FA might be a bit overkill, but it's almost never a bad thing to have (especially if you can set it up for any new IP address attempting to access your account). For accounts connected to your finances? Put on 2FA. All e-mails should have 2FA as well due to how getting a person's e-mail account allows a hacker to access nearly any website with the forgot my password setting.
3. Recommended - Encryption. Anything on your computer that can be useful to a hacker (PDFs of previous tax returns, address books, photos of sensitive documents [passport, driver's license, social security card, etc]) should be put into an encrypted file. Either encrypting the entire drive (bit overkill for system resources for only a few files), or using a program to encrypt the file. I recommend veracrypt for multiplatform support and because it is free and open source

EDIT: Reddit somehow freaked out and disabled adding more stuff.

&#x200B;

For paid programs, I also recommend getting a strong VPN program to help protect your internet browsing and privacy. It's not just for hiding from the government. It also makes it extremely difficult to impossible for more casual "coffee shop" hacks to get through. Tunnel all of your web traffic through a VPN when on public wifi. The last thing you want is some snooper to have free access to all of the e-mails you are sending and receiving while on public wifi.

&#x200B;

For points 1-3 though, everything I outlined is completely free and it only takes a bit of your time to setup. Half an hour now can save you days worth of frustration later. Just as an example, I was recently hit by the Synology hacking attempts. Somebody was attempting to brute force my synology with login attempts every few seconds (I had a bad firewall rule in place and it happened overnight). But, because I disabled the admin account, and because my main account had a password that was something like 20+ characters long with a randomized username and password (and 2FA), it was essentially impossible for them to hack my stuff. I could have potentially lost multiple TBs worth of stuff (some of it business related as well). But, only a minute of my time to generate a random password and the bit of time setting up 2FA as well as a password manager saved me hundreds of hours of potential frustration trying to fix the drives if they were hijacked.

&#x200B;

Use a password manager. There is literally no reason not to nowadays.

Ok, 0.005 BTC is a good start to understand the technicalities. But you would lose out about 20% of it if you just want to transfer money from an exchange like koinex or coinome to other Mainstream BTC exchanges like Binance.

Currently, IMO, the best place for buying BTCs, going by the prices is Coinome, since the entry barrier is low (If the registration restarts). You just need to provide your aadhar card and voila! within a matter of seconds, you can start trading. And there is no deposit fee in coinome either, unlike the rest. So the major fees you need to consider are:

• INR Deposit and withdrawal fee (So, sometimes if you dont want to buy anything, it'll just cost you money to just deposit and withdraw)

• Trading fee and taxes on trading (they vary upon buying/selling or maker/taker model usually). But standard GST of 18% on these fees on Indian exchanges. Other exchanges which just deal with coin-coin exchange charge between 0.1 - 0.25%. Any coin-coin exchange charging above 0.25% is plain looting and stay away from them.

• Transfer fees - So, to transfer fees for BTC is too high (around 0.001 - 0.0001 BTC - some cases it's more) and it facilitates only around 7 tps. So, the transactions are too expensive and too slow. Even with such high transaction fees, it takes about 5-9 hours for your transfer. (BTC is takes 4 confirmations from other nodes to accept a deposit in your other BTC wallet.

Some points to watch out for:

• There are Private keys and Public keys for your wallets, NEVER EVER SHARE YOUR PRIVATE KEYS. Private keys are like ownership identifiers. But, you can share your Public keys or wallet addresses for accepting payments.

• Only signup for those sites which have Google 2Factor Authentication (aka 2FA) which will keep your account safer. There are more nitty-gritties in 2FA also, like keep your key safe, etc, which will usually be written on the sites.

• Never keep too much of your coins and money in a single exchange - You might never know when there might be security breach or when the exchange would close INR payments these days.

Bitcoin currently has too many pain points, major ones being transaction time and fees. But it is the most widely accepted crypto. But as of late, lot of new Altcoins(Coins other than bitcoin) are also being accepted i.e. Litecoin(LTC), Ethereum (ETH) and Bitcoin Cash(BCH)

Altcoin markets are more lucrative than the BTC market, since they have huge potential and their current prices are much lower than BTC, the fees are also lower, the transactions are also faster. So rather buy attractive altcoins and trade altcoins with other promising ones. Binance is my current favourite for altcoins. But it doesnt have all of them.

But most importantly, don't put all your eggs in one basket and always put in the money, which you can afford to lose

There is no good reason to not set up 2FA

• The one time password via mail will stop and you can log in without any delay
• 100 cc/month
• It's easy to set up: Android, iPhone, Windows, or even html5

See Google Authenticator for an extensive list of implementations.

I use Google Authenticator

Google Authenticator導入予定のお知らせ

iOS版とAndroid版の両方があるのでスマホユーザーならSecure OTPからの乗り換えもたぶん問題ないはず

まああれだけSecure OTPが問題起こしまくってる以上ほかのシステムを入れるのも当然か…

OP's linked article is pretty good, but I've been seeing a lot of misinformation about this so I'll post my blurb here too. Thanks, OP, for not posting one of the shit articles!

Primary Sources

• The original 4chan post. Almost certainly a 404 by now, but I have a backup of the post here.
• Twitch's statement on Twitter
• Twitch's followup on their blog

Articles

• VGC's awful article. The first article published. Uses random Twitter users like primary sources and didn't expend any effort verifying the breach, but at least they were the first poster, right? This has been edited a couple of times and is getting gradually better, but it's still not good and they don't show edit history.
• CNN's article Short and sweet with no baseless speculation. This is what the original article should have looked like.
• The Verge's article. They've done some independent verification of the leak.
• BBC's article. Focuses more on the streamer income part of the breach.

Correcting Misinformation

• There are unfounded claims of "encrypted passwords" originating from this twitter post and quoted by the original videogameschronicle article. The twitter user has since admitted his mistake, but of course we've reached the stage where news outlets are just quoting other news outlets and now we have blatantly wrong headlines floating around.
• Twitch is currently using salted bcrypt hashes for their authentication. Source? I downloaded the leak and read Twitch's auth code myself.
• The database of hashed passwords do not appear to be in this leak (unless they're hidden somewhere weird and no one has noticed yet). The 4chan post refers to the leak as "part one", implying that there may be more to come, but this could easily just be posturing.

What You Should Do

• On the chance Twitch's login database was in fact breached, you should change your password on Twitch and any other websites where you were reusing the same password.
• Consider using 2FA. If you do use 2FA, prefer an actual TOPT authenticator app such as Google Authenticator over SMS or email based 2FA.
• Avoid reusing the same password across multiple websites. Many password managers exist to help you with this.

Takeaway

There's a lot more awful journalism out there than good journalism, and mainstream news is already remarkably bad at writing about technical topics, such as data breaches. Read articles carefully, and watch out for language like "The leak appears to contain X" or "Twitter users claim Y" as this is ass-covering language that lets bad journalists get away with bad reporting.

> c'est chiant la clé électronique

Oui et non. L'OTP généré par Google Authenticator ou simili https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2 c'est simple, standard et ça marche. Niveau sécurité, c'est mieux que rien mais ça ne vaut pas une vraie clef U2F genre yubikey https://www.yubico.com/pour-les-particuliers/?lang=fr ou https://www.nitrokey.com/

Tu penses à quelle clef en particulier ?

Likely your account details have been leaked elsewhere

check all your accounts here

https://haveibeenpwned.com/

> completely solve the problem

Have a decent password at least for your main - and avoid repeat.

For future. Always use 2FA using

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&amp;gl=US

or 2FA with https://en.wikipedia.org/wiki/Universal_2nd_Factor

Enable 2FA (two factor authentication) on your Nintendo account as well. If you have a smartphone, it pairs with the Google Authenticator app and you'll have to enter the code from the app to be able to log in.

Nintendo's 2FA setup instructions are here.

• Android version of Google Authenticator
• iPhone version of Google Authenticator

This is great advice.

To add on a bit and explain further, password managers work by saving all your passwords under one account protected by your master password. So, you only need to memorize one secure password. The other great thing about them is they have an option to automatically generate a secure password for a website and save it. For example, my email password is 20ish characters long and a combination of random upper and lowercase letters, numbers and special characters. Most popular suggestions are LastPass and Bitwarden. I highly suggest looking into them and trying one. Let's be honest here, you have at least 2 or three accounts that share the same password. I guarantee it.

Now combine that with 2FA or two factor authentication. How that works is when logging in to a website, it asks you for a generated 6-digit code(which expires every minute i believe) in addition to your password. Sounds like a pain in the ass? Good. Imagine the extra security then. Other 2FA methods are getting the code through SMS or clicking a link in your email. Most popular and widely used is Google Authenticator. You can get the app on Apple Store or the Play Store.

I personally use LastPass with Google Authenticator, all my passwords are generated by the password manager, and lots of important accounts are protected by 2FA.

Google Authenticator and FreeOTP both have allowBackup set to true.

I just tested to see if I could backup via adb backup with FreeOTP.

Authy and Microsoft Authenticator have it set to false.

Authy does have some backup options, see blog.

Microsoft will have it soon^^TM , blog

Então, o 2FA que cito nesse trecho é o baseado em SMS, no qual o código de verificação é enviado por SMS para seu número. Esse método não é recomendado justamente porque é fácil transferir o seu número para outro celular e, assim, ter acesso ao código de verificação num eventual golpe. Entretanto, acredito que ainda seja melhor que nada.

Esse que você mandou me parece ser o 2FA baseado em app. Nesse tipo você recebe o código dentro do app e é mais seguro (que o SMS based) justamente porque não dá pro cara transferir o app pro celular dele. Não entendo muito bem do assunto, mas acho que têm dois tipos de 2FA app based - os que têm backup na nuvem, de modo que se você reinstalar noutro aparelho você consegue "recuperar" aqueles serviços que você cadastrou (o que é mais prático mas menos seguro), e os que não têm esse tipo de backup e, portanto, sempre que você for reinstalar no celular (porque trocou de aparelho ou formatou mesmo) tem que configurar todos os serviços de novo.

Pois bem, esse app que você postou especificamente eu não conheço (não que eu conheça muitos, também). Pelo nome me parece inclusive que ele tenta se passar pelo Google Authenticator, serviço de 2FA da própria Google. Dá uma olhada nisso.

Tem um outro tipo de 2FA que é baseado no seu smartphone, mesmo. Ele basicamente "transforma" seu aparelho num token físico pra 2FA, mais ou menos como os Yubikey. Acho que ao tentar se logar no serviço onde o 2FA tá ativado você recebe uma notificação no estilo "clique aqui" no smartphone e pronto, mas não conheço muito bem (pelo que li seria mais seguro que os por app).

Alguns apps de 2FA que sempre vejo recomendados por aí são o Google Authenticator, da própria Google, o Authy, que é o que uso (ele tem a função de cloud backup, mas tenho planos de cancelar essa função em nome de uma maior segurança [afinal com que frequência nós precisamos reconfigurar isso? Basicamente quando trocamos de smartphone, o que mesmo pra quem troca bastante ainda se resume a no máximo umas duas vezes por ano] e talvez até mesmo partir pra algum opensource), e o do LastPass, que é bem conhecido na área de gerenciadores de senha.

Entretanto, repito, essa é uma área na qual tenho um conhecimento super básico e posso até mesmo ter falado alguma besteira. Use essas informações com cautela.

Ah, e só pra garantir - esses métodos de 2FA que falei aqui (nesse comentário) não têm nada a ver com a proteção do SIM card.

Qualquer coisa pode me perguntar que, na medida do possível, tento responder. ;)

Google Authenticator

A reminder to everyone to enable Two-Factor Authentication on their WG account.

You can do this at this page: https://eu.wargaming.net/personal/

A step-by-step guide on how to do it is here: https://eu.wargaming.net/support/en/products/wows/article/10568/

A cellphone-number and SMS as second factor is not the most secure way, but many chose it because it is easy and simple. But it happens that someone for example calls your cellphone provider, provides enough personal data to proof ownership of the number/account, then lets them send a new SIM card to a different adress. Using that new SIM card he can then receive all SMS send to the number, including 2FA codes.

Still the SMS based 2FA can be better than nothing, but it has issues.

Instead using a app on your phone is considered much better. The attacker would require physical access to your phone, and it is hopefully protected by a password.

These are popular 2FA apps that work fine with WG:

• Google Authenticator (Playstore link)

• Authy (Playstore link)

• andOTP (Playstore link)

For iOS devices Authy and others are available too.

In case of a compromised WG account, steps to take to get the account back are detailed here:

• https://eu.wargaming.net/support/en/products/wows/article/10185/

For regions other than EU you can access account management customer support from the top right menu of the WoWs website.

To OP: Sorry this has happened to you. But if someone takes over your phonenumber that is hardly WG's fault. And previous support tickets are kept because support staff often has to look them up. Such as when people want to refund a premium ship for the Xth time.

I always have found security to be an interesting topic. My own security is almost where I want it. I have some information public some private and i feel confident I can control which is which.

Two Factor Authentication

As the article suggest Two Factor Authentication is awesome. My main issue with it when i started was that I was using Google Authenticator. It was nice but something happened and I had to switch phones and suddenly I was faced with a situation where I needed to login to my accounts and my authenticator was on a dead phone. It was a nightmare scenario and it's why I now use Authy which has a phone and browser extension plus you can put it on multiple phones. It's got a very lovely interface and everything.

Password Manager

The second major security feature is a password manager. In the article Lee mentions she "just started to slowly modify [her] password habits" but she doesn't really say how. It sort of implies she chose stronger passwords. Which might be useful for some people. But I think even more useful is a password manager. It allows you to have even stronger passwords while alleviating the mental strain of having to remember all of those passwords. LastPass for the non tech savy and KeePass for the rest of us.

Between 2FA and a manager however you choose to implement them I think they go a long way to providing security to your personhood online. And while we're at it wish me luck at eventually convincing my sister to use a password manager. its' so easy and yet she refuses because I think at a base level she doesn't trust any technology. yet as recently as the past 7 days we had a crisis because she couldn't remember a password and didn't remember the security question that she setup 10 years ago. All of which would have been solved with a manager.

> I can't see it as an app on google play.

uhhh... what?

Google Authenticator - stores OATH TOTP/HOTP tokens, for use by the majority of 2-Factor-Authentication-capable systems.

Bring! - Shopping list with sharing support, so someone at home can add to the list while you're at the grocery store.

Sleep as Android - Sleep tracker/alarm replacement, can use the hwatch for movement tracking during sleep and as an additional factor before turning the alarm off.

Ingress - AR game, precursor to Pokémon GO (Go ENL!).

It is a restriction built in to hinder gold sellers.

First of all it is highly recommended to secure your account with an authenticator such as Google Authenticator or Authy.
You can do it with SMS as well if you wish, personally I find authy works well for me.
To set this up head to https://www.guildwars2.com/en/ => Services => My Account.

Secondly this same restriction is built int guilds and guild storage.

I hope it works out for you!

Links direct to Google Play, but most apps are also available on iOS

• Amazon Appstore - Free paid apps every now and then
• Authenticator - Two-factor authentication
• BPI - Mobile banking
• CamScanner - Converting physical document to soft copy
• Cerberus - Add. Anti-theft protection for Android phones
• Feedly - News aggregator, great for collecting all your favorite sites/blog in 1 place
• Red Cross: First Aid - For emergencies
• Foursquare & Looloo - For looking for great places to eat
• GrabTaxi - Hailing cabs
• Greenify - Hibernate unused apps
• Growlr, Grindr & Hornet - For sexy time
• iFlix - For movies and TV series
• Plex - Organizes all of your video, music, and photo collections and streams them to all of your screens
• Pushbullet - See mobile notifications on Mac/PC & Send files from your computer easily
• SMS Backup &amp; Restore - SMS backup
• Speedtest - Speed test
• Spotify - For music
• (Reddit) Sync - Obviously
• TunnelBear - Instant VPN
• Waze - For traffic and directions

Google Authenticator

Iphone Vers

Google is good https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2

You can also use Google's authentication app instead of the swtor one.
Personally, I switched to it because I've had issues with the swtor dedicated app a few years ago.
https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&amp;hl=en_US&amp;gl=US

https://apps.apple.com/us/app/google-authenticator/id388497605

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2

First and formost, as /u/boomer_roasting_thro said go to law enfocement, the probably won't be able to do much but the record will be helpful. Next go to identitytheft.gov, I am boldly assuming you are in the US sorry. Next freeze your credit, and credit cards, notify your utilities, banks, etc.

> May 17th: I get a text from my phone provider

Sounds like you were SIM swapped, in the future i would recommened in any place you can to use a hardware (like Nitrokey or YubiKey ), or software (like Google Authenticator or Aegis Authenticator ), as your 2FA instead of your phone number, another upside is it'll work when you have internet but not cell service.

> My bank account has now been frozen and my credit card cancelled. My banking username has NOTHING to do with my social media accounts, so how could they've known?

Going to be straight with you, you are operating under the assumption you specifically were target and someone guessed your password, while possible it's unlikely. It is far more likely that your information was leaked from some service and they have been trying combos of your email/username and password from that leak on all kinds of service. Also do you use the same email?

> I don't know who could be doing this or how this attack could've happened. I don't click on unknown links, I don't pick up phone calls, I don't download any new apps, I don't use public WiFis. The only thing I do is have my BlueTooth on at all times when I go out or go to work, due to the track&trace Covid app which requires it but I'm not sure if that's enough for a hacker?

I wouldn't worry about the how, having to clean up from this will be draining enough. If you want a how, the most likely is your information was leaked somewhere. You can check haveibeenpwned to see where, and what info has been leaked.

&#009;

&#009;

&#009;

> # SIM Swapping: qué es el robo de línea de celular que sufrieron Nicolás Kreplak, Myriam Bregman, Sabina Frederic y Mara Brawer Por supuesto, no había sido él el que había escrito ese mensaje. > > En rigor, Kreplak le detalló a LA NACION que según pudo averiguar, alguien pidió un chip a su nombre (la SIM que va dentro del teléfono y que vincula al dispositivo con la línea), y que por ello se desactivó la tarjeta SIM que él tenía en su celular; a partir de ello los atacantes pudieron ingresar a su cuenta de Twitter, que tiene una opción para recuperar usuario y contraseña enviando una clave al celular. > > En un hilo en Twitter, al recuperar su cuenta, explicó: “El miércoles me hackearon mi línea de teléfono y accedieron a las cuentas de redes sociales y correos electrónicos. Twittearon irracionalidades e intentaron descargar toda la información que hoy en día cualquiera tiene en sus mails. Nos movimos rápido y no lo completaron”, señaló el ministro, que tiene como proveedor de telefonía a Movistar. > > Pero lejos de ser el único al que le sucedió, esta misma semana vivieron situaciones similares Sabina Frederic, exministra de Seguridad (actualmente en Cancillería), Myriam Bregman, diputada nacional del Frente de Izquierda, y Mara Brawer, diputada del Frente de Todos. Estas últimas dos comentaron su coincidencia el último martes en la comisión que debatía la nueva ley de alquileres en el Congreso. > > Frederic se enteró el sábado a la tarde cuando se quedó sin datos fuera de su casa. Una vez conectada a una red Wi-Fi, a las 11 de la noche, se dio cuenta que le habían “usurpado” la cuenta de Twitter. Tenía activado el <strong>segundo factor de autenticación</strong>, pero con la opción de usar el envío de un código vía SMS a su línea (que ahora estaba en manos de otra persona). Así fue que los atacantes pudieron ingresar. Frederic comunicó con la empresa de telefonía y ahí detectaron el problema. “Sabina, veo que ayer hiciste un cambio de chip…”, le dijeron. Frederic les respondió que no hizo ningún cambio. “Acto seguido me pide que saque el chip y le tome una foto, entonces me responde que se produjo un robo del chip”, describió. Con el acceso a su línea, también encontraron la manera de blanquear la clave e ingresar a su cuenta de mail. “Cuando fui a la oficina comercial de Movistar, me explicaron que habían tenido otros casos”, le detalló a LA NACION. Finalmente, denunció el hecho ante la división Delitos Tecnológicos de la Policía Federal. > > A la diputada Mara Brawer le llegó una alerta de Movistar al correo electrónico que le avisaba que habían desactivado su actual tarjeta SIM y que habían activado una nueva. “Me daba la opción de revertir la decisión llamando por teléfono, cosa que hice”, señala. Pero al otro día se quedó sin línea. A partir de ese momento, perdió el acceso a su cuenta de Instagram y de Twitter. La primera la recuperó, pero todavía está luchando para conseguir el acceso a la segunda. > > Myriam Bregman, en tanto, explicó en Twitter que la dejaron sin línea por segunda vez en una semana. “Nuevamente me dejaron sin línea telefónica, por segunda vez en una semana. Hay otros intentos de hackeos en nuestras cuentas. Es escandaloso. También lo es que @MovistarArg no haga nada. Una vergüenza. Parece que nuestras denuncias molestan”, manifestó. > > Tanto Kreplak como Frederic, Brawer y Bregman confirmaron que tienen activa la verificación de dos pasos en WhatsApp (exige el ingreso de una clave, además del PIN que envía por SMS), lo que evitó que perdieran su identidad en la app de mensajería, lo que hubiera permitido a los atacantes dialogar con sus contactos, hacerse pasar por ellos (usualmente para pedir dinero). > > Lo que le pasó a los políticos se conoce como SIM Swapping (cambio de SIM, en inglés). Los atacantes compran un chip a nombre de la víctima, acreditando de alguna forma ser los titulares de esa línea. Al activar el nuevo SIM, desactivan el anterior, una acción legítima en el caso de que el celular haya sido extraviado o robado, o la SIM original haya sufrido algún desperfecto. > > Al transferir la línea a la nueva SIM reciben todos los llamados y los SMS; así pueden utilizar esa línea capturada para recibir los mensajes de verificación que se usan para redes sociales, WhatsApp, algunas cuentas de mail o incluso bancos cuando se opera a través de Internet. Con esa verificación vía mensaje de texto y habiéndose apoderado de la línea, tienen todo para demostrar ser los dueños de esa cuenta online. > > Por eso lo ideal es no usar un SMS enviado al celular como método para recuperar contraseñas o como segundo factor de autenticación. En su lugar es preferible usar apps como Google Authenticator, que brindan códigos dentro de la aplicación para acreditar identidad en caso de iniciar sesión, o activar el ingreso de una segunda clave que solo esté en nuestra memoria, como es lo que ofrece WhatsApp. En caso de quedarnos sin línea de celulares, es importante verificar lo antes posible con la operadora si se trata de un problema técnico o si fuimos víctimas de este tipo de ataques (es decir, si alguien pidió un recambio de SIM a nuestro nombre). > > En estos cuatro casos se trata de la misma compañía afectada: fue Movistar la que aceptó el pedido de cambio de SIM de una línea por parte de personas que no eran sus titulares. Al respecto, desde la compañía señalaron que cuentan con “con procesos de validación y autenticación de identidad de todas las personas usuarias de nuestro servicio, que son revisados constantemente con las empresas especialistas de la industria de seguridad de datos”. Pero explicaron que “cuando esta información llega a personas malintencionadas, a través de phishing de datos, una práctica ajena a la compañía, puede darse la usurpación de identidad”. Y argumentaron que “trabajamos a diario con la atención puesta en mantener actualizadas las herramientas de prevención que ayudan a evitar este tipo de estafas”.

Owner | Creator | REALLY OLD Original Source Code

Google Authenticator only has permission to network and camera for QR codes to enroll.

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&amp;hl=en\_US&amp;gl=US

its free

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&amp;hl=en&amp;gl=US

https://apps.apple.com/us/app/google-authenticator/id388497605

Lösningen på alla dina problem.

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2

Den funkar även med andra webbsidor som erbjuder funktionen.

You code is in this app when you try to connect its an One Time Password (OTP) https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2

I just used Google Authenticator.

I'm not talking about Goole logins, but rather this https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2

I've been seeing a lot of misinformation about this so I'll post my blurb here too.

Primary Sources

• The original 4chan post. Almost certainly a 404 by now, but I have a backup of the post here.
• Twitch's statement on Twitter
• Twitch's followup on their blog

Articles

• VGC's awful article. The first article published. Uses random Twitter users like primary sources and didn't expend any effort verifying the breach, but at least they were the first poster, right? This has been edited a couple of times and is getting gradually better, but it's still not good and they don't show edit history.
• CNN's article Short and sweet with no baseless speculation. This is what the original article should have looked like.
• The Verge's article. They've done some independent verification of the leak.
• BBC's article. Focuses more on the streamer income part of the breach.

Correcting Misinformation

• There are unfounded claims of "encrypted passwords" originating from this twitter post and quoted by the original videogameschronicle article. The twitter user has since admitted his mistake, but of course we've reached the stage where news outlets are just quoting other news outlets and now we have blatantly wrong headlines floating around.
• Twitch is currently using salted bcrypt hashes for their authentication. Source? I downloaded the leak and read Twitch's auth code myself.
• The database of hashed passwords do not appear to be in this leak (unless they're hidden somewhere weird and no one has noticed yet). The 4chan post refers to the leak as "part one", implying that there may be more to come, but this could easily just be posturing.

What You Should Do

• On the chance Twitch's login database was in fact breached, you should change your password on Twitch and any other websites where you were reusing the same password.
• Consider using 2FA. If you do use 2FA, prefer an actual TOPT authenticator app such as Google Authenticator over SMS or email based 2FA.
• Avoid reusing the same password across multiple websites. Many password managers exist to help you with this.

Takeaway

There's a lot more awful journalism out there than good journalism, and mainstream news is already remarkably bad at writing about technical topics, such as data breaches. Read articles carefully, and watch out for language like "The leak appears to contain X" or "Twitter users claim Y" as this is ass-covering language that lets bad journalists get away with bad reporting.

The linked VGC article isn't great. It uses random Twitter users like primary sources and didn't expend any effort verifying the breach, but at least they were the first published article, right? The article has been edited a couple of times and is getting gradually better, but it's still not good and they don't show edit history.

Lets see if we can find anything better.

Primary Sources

• The original 4chan post. Almost certainly a 404 by now, but I have a backup of the post here.
• Twitch's statement on Twitter

Articles

• CNN's article Short and sweet with no baseless speculation. This is what the original article should have looked like.
• The Verge's article. They've done some independent verification of the leak.
• BBC's article. Focuses more on the streamer income part of the breach.

Correcting Misinformation

• There are unfounded claims of "encrypted passwords" originating from this twitter post and quoted by the original videogameschronicle article. The twitter user has since admitted his mistake, but of course we've reached the stage where news outlets are just quoting other news outlets and now we have blatantly wrong headlines floating around.
• Twitch is currently using salted bcrypt hashes for their authentication. Source? I downloaded the leak and read Twitch's auth code myself.
• The database of hashed passwords do not appear to be in this leak (unless they're hidden somewhere weird and no one has noticed yet). The 4chan post refers to the leak as "part one", implying that there may be more to come, but this could easily just be posturing.

What You Should Do

• On the chance Twitch's login database was in fact breached, you should change your password on Twitch and any other websites where you were reusing the same password.
• Consider using 2FA. If you do use 2FA, prefer an actual TOPT authenticator app such as Google Authenticator over SMS or email based 2FA.
• Avoid reusing the same password across multiple websites. Many password managers exist to help you with this.

Takeaway

There's a lot more awful journalism out there than good journalism, and mainstream news is already remarkably bad at writing about technical topics, such as data breaches. Read articles carefully, and watch out for language like "The leak appears to contain X" or "Twitter users claim Y" as this is ass-covering language that lets bad journalists get away with bad reporting.

The linked VGC article isn't great. It uses random Twitter users like primary sources and didn't expend any effort verifying the breach, but at least they were the first published article, right? The article has been edited a couple of times and is getting gradually better, but it's still not good and they don't show edit history.

Lets see if we can find anything better.

Primary Sources

• The original 4chan post. Almost certainly a 404 by now, but I have a backup of the post here.
• Twitch's statement on Twitter

Articles

• CNN's article Short and sweet with no baseless speculation. This is what the original article should have looked like.
• The Verge's article. They've done some independent verification of the leak.
• BBC's article. Focuses more on the streamer income part of the breach.

Correcting Misinformation

• There are unfounded claims of "encrypted passwords" originating from this twitter post and quoted by the original videogameschronicle article. The twitter user has since admitted his mistake, but of course we've reached the stage where news outlets are just quoting other news outlets and now we have blatantly wrong headlines floating around.
• Twitch is currently using salted bcrypt hashes for their authentication. Source? I downloaded the leak and read Twitch's auth code myself.
• The database of hashed passwords do not appear to be in this leak (unless they're hidden somewhere weird and no one has noticed yet). The 4chan post refers to the leak as "part one", implying that there may be more to come, but this could easily just be posturing.

What You Should Do

• On the chance Twitch's login database was in fact breached, you should change your password on Twitch and any other websites where you were reusing the same password.
• Consider using 2FA. If you do use 2FA, prefer an actual TOPT authenticator app such as Google Authenticator over SMS or email based 2FA.
• Avoid reusing the same password across multiple websites. Many password managers exist to help you with this.

Takeaway

There's a lot more awful journalism out there than good journalism, and mainstream news is already remarkably bad at writing about technical topics, such as data breaches. Read articles carefully, and watch out for language like "The leak appears to contain X" or "Twitter users claim Y" as this is ass-covering language that lets bad journalists get away with bad reporting.

The linked VGC article isn't great. It uses random Twitter users like primary sources and didn't expend any effort verifying the breach, but at least they were the first published article, right? The article has been edited a couple of times and is getting gradually better, but it's still not good and they don't show edit history.

Lets see if we can find anything better.

Primary Sources

• The original 4chan post. Almost certainly a 404 by now, but I have a backup of the post here.
• Twitch's statement on Twitter

Articles

• CNN's article Short and sweet with no baseless speculation. This is what the original article should have looked like.
• The Verge's article. They've done some independent verification of the leak.
• BBC's article. Focuses more on the streamer income part of the breach.

Correcting Misinformation

• There are unfounded claims of "encrypted passwords" originating from this twitter post and quoted by the original videogameschronicle article. The twitter user has since admitted his mistake, but of course we've reached the stage where news outlets are just quoting other news outlets and now we have blatantly wrong headlines floating around.
• Twitch is currently using salted bcrypt hashes for their authentication. Source? I downloaded the leak and read Twitch's auth code myself.
• The database of hashed passwords do not appear to be in this leak (unless they're hidden somewhere weird and no one has noticed yet). The 4chan post refers to the leak as "part one", implying that there may be more to come, but this could easily just be posturing.

What You Should Do

• On the chance Twitch's login database was in fact breached, you should change your password on Twitch and any other websites where you were reusing the same password.
• Consider using 2FA. If you do use 2FA, prefer an actual TOPT authenticator app such as Google Authenticator over SMS or email based 2FA.
• Avoid reusing the same password across multiple websites. Many password managers exist to help you with this.

Takeaway

There's a lot more awful journalism out there than good journalism, and mainstream news is already remarkably bad at writing about technical topics, such as data breaches. Read articles carefully, and watch out for language like "The leak appears to contain X" or "Twitter users claim Y" as this is ass-covering language that lets bad journalists get away with bad reporting.

Wow, OP has somehow managed to find an article that's even worse than the original article, which was already impressively bad. Lets see if I can do better.

Primary Sources

• The original 4chan post. Almost certainly a 404 by now, but I have a backup of the post here.
• Twitch's statement on Twitter

Articles

• VGC's awful article. The first article published. Uses random Twitter users like primary sources and didn't expend any effort verifying the breach, but at least they were the first poster, right? This has been edited a couple of times and is getting gradually better, but it's still not good and they don't show edit history.
• CNN's article Short and sweet with no baseless speculation. This is what the original article should have looked like.
• The Verge's article. They've done some independent verification of the leak.
• BBC's article. Focuses more on the streamer income part of the breach.

Correcting Misinformation

• There are unfounded claims of "encrypted passwords" originating from this twitter post and quoted by the original videogameschronicle article. The twitter user has since admitted his mistake, but of course we've reached the stage where news outlets are just quoting other news outlets and now we have blatantly wrong headlines like OPs.
• Twitch is currently using salted bcrypt hashes for their authentication. Source? I downloaded the leak and read Twitch's auth code myself.
• The database of hashed passwords do not appear to be in this leak (unless they're hidden somewhere weird and no one has noticed yet). The 4chan post refers to the leak as "part one", implying that there may be more to come, but this could easily just be posturing.

What You Should Do

• On the chance Twitch's login database was in fact breached, you should change your password on Twitch and any other websites where you were reusing the same password.
• Consider using 2FA. If you do use 2FA, prefer an actual TOPT authenticator app such as Google Authenticator over SMS or email based 2FA.
• Avoid reusing the same password across multiple websites. Many password managers exist to help you with this.

Takeaway

There's a lot more awful journalism out there than good journalism, and mainstream news is already remarkably bad at writing about technical topics, such as data breaches. Read articles carefully, and watch out for language like "The leak appears to contain X" or "Twitter users claim Y" as this is ass-covering language that lets bad journalists get away with bad reporting.

Don't get fooled by thinking access to your Google account gives you access to the Google authenticator 2fa.
Afaik the 2fa doesn't get synced with the Google account and it'd be dangerous to sync it. Access to the Google account would give access to 2fa, which basically undermined the concept of 2fa.

The app https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&amp;hl=en_US&amp;gl=US shows a way to move the Google autehnticator to a new device:"Transfer accounts between devices via QR code".
You wouldn't need that, if the 2fa were synced with the account.

This is one way to sort it out: https://www.reddit.com/r/CryptoCurrency/comments/pcflfy/what\_if\_i\_lose\_my\_phone/hairbfo

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2

Sounds like whoever is in charge of data security at said company needs to be fired immediately...

This link has some good steps to follow to miniate the damage of identity theft. Also as u/OutrageousSeesaw said, freezing your credit would be a good idea.

This next part is long but these are general digital privacy and security tips I usually recommend to everyone. TLDR for the below stuff is: opt out of all the data broker sites to get your information to stop circulating around and get a password manager to manage passwords. Also, try not to use duplicate passwords and enable 2 Factor Authentication on every account you can.

On the privacy end:

If you have a bit of time to set aside, you can go through this list of data brokers and opt out of them. (legally they have to let you opt out of their "service"). O*nce the information is removed from the site (which may take a few days), make sure you have google update the search result using their* remove outdated content tool.

With the above I also recommend using Google Dorking to search for your information online. If you search something in quotes ie: "Pizza". The only results that should come up are pages with the word Pizza in the title or in the content. You can do this with your name, address, phone number or any identifying information about yourself to see what sites have them.

Most of the times you can go to the site and see if they have a way to opt out of them displaying your data. Or if its a site like pastebin.com where anyone can copy and paste data, you can report the paste to the site admins citing that your personal information is in there and they will remove it within a few days (this happened to my Spotify account way back ago).

On the security end:

You can check what breaches your email and phone number have been involved in using this site.

I recommend putting 2 Factor Authentication on all of your accounts ASAP. Not every service allows it, but most do, you can check which sites do and don't here. SMS/Email are the standard methods of 2FA but there is a third option where you can use 2FA tokens to log in to services which will sync a secret token between you and the server. Then you can use an app like Authy or Google Authenticator to sync the token to your phone. Some password managers also might support having the token being generated in their app which makes it a nice all in one solution.

On the topic of password managers, I also recommend getting a password manager, randomizing all of your passwords and just using the password manager to log in. Most (if not all) password managers are cross platform and easy to use. Some common ones that are very secure are Lastpass and 1password. If your password was leaked and you reuse a password, this will stop random people from logging in to your stuff and doing unauthorized purchases or dumb stuff to your account.

&#x200B;

I use the privacy and security methods I have described above for myself. It takes a lot of time to get everything situated and working, unfortunately it is not a thing that can happen in one night. If you want some clarification, PM me and I'd be happy to help. Best of luck!

Source: I'm a Computer Science major

I use google authenticator https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&amp;hl=en_US&amp;gl=US

Think authy is another

https://authy.com/

When you set that up in BB settings it'll show you a QR code you scan into your phone app. The auth app then gives you timed expiring codes you use instead of sms codes.

I read another post where a guy lost everything in his account on coinbase because he had sms 2fa setup and an employee at his phone provider company got hold of his account. !

&#x200B;

Stay safe!

😂It's a Time-based One-Time Password that is used for 2FA. If you've ever used Authy or Google Authenticator you would have generated one of these tokens without knowing it.

Yes. It is only used for the second factor to your account and therefore will never see your password. I'd recommend starting with an app from one of the big players (Google Authenticator or Microsoft authenticator).

Additionally, if you do not do this already, use a password manager with a unique randomly generated password for each account. You can use a hosted one such as LastPass (Easiest), or an offline app such as Keepass (more difficult). The latter requires you to do sync, and backup yourself, but I find it easier to trust personally.

Always remember to use TSV. Download Google Authenticator for future use. https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2

The replies to this comment list some of the reasons why an authenticator app can be safer - https://www.reddit.com/r/PS5/comments/jqv9d3/psa_activate_2fa_if_possible/gbpi0iy/

Both Google and Microsoft have created authenticator apps for Android, and I would imagine they should be as safe as it gets. There are others too, but I haven't really looked into them.

> Uhm... you don’t have a dual-SIM phone?
no, i don't. why i should? most phones here in germany have just a single sim slot. it's not common to have more than 1 sim here in germany.

> Or you don’t want to use your primary number why?

i only own a Samsung Galaxy S6 with a micro sim card slot. My old sim card is a normal sim card (rly old) and doesn't fit in there. my old Samsung Galaxy S3 mini where the sim card did fit is broken. so i don't have a option to use my sim card = not being able to receive any sms = not able to use 2FA by sms. but even if i would be able, i wouldn't do it out of privacy reasons + the fact that if oculus decides to ban me for what ever reason (using emulator apps, mods or similiar).. they would blacklist this sim card number and i wouldn't be able to create a new account (oculus makes fb accs mandatory so i would need an fb account & a new sim card number). so just because facebook says "fuck you", i would need a new phone number because they feel like it. i doesn't really support such behaviors. oculus have already implemented a kill switch for the sideloading feature.. if they hit a button on their server, it disables sideloading on your quest. they can do this for every devices / account. and this new mandatory facebook account & verification to use sideloading making this even more shitty. it gets worse and worse and no one seem to care. and if we are finally in the wallet garden like apple devices.. we're screwed.

> You do realize this is a one-time authentication if you choose to use a TOTP app, right?

i talked about auth apps. not apps that spoof a mobile phone number so you have a "fake" number instead of your real number.

example of an app i mean is this: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&amp;hl=en

there is not a single authentifaction. you just need to add your details, and the app generates an auth code every X seconds for you.. even without network connection. many services support this app and you can use it without having any verification or mobile phone number or payment details.

1. Never share password (In case someone use "password" shown in this thread)
2. Never use commonly used password (Usually there will be article related to this topic.
3. Never use the same password for other website (If one website was breached, only that account is effected. Many account take overs are caused by this reason)
4. Use Alphanumerical, symbols and the password's length more than 8 (Worst case is the website disallow certain input and limit password length)
5. Use password manager, don't take note on physical book.
6. Use two authentication factor, use the app method if possible as SIM Card Hijack could affect anyone.
7. Google offers advanced protection that you can enroll.

YES!! Here are the show notes:

&#x200B;

This week, a new Super Tech Support: after Lizzie's Snapchat gets hacked, things start getting really creepy. Alex investigates.

&#x200B;

Michael Bazzell's Podcast

The complete Security and Privacy Podcast

&#x200B;

Steps Michael Bazzell Gave Alex to Protect Himself

How to port your phone number

Password Manager

Google Authenticator

Yubikey

Workbook to freeze your credit and remove yourself from public records websites

Sudo

&#x200B;

Stories about Sim Swapping and OGUsers by Vice/Motherboard

&#x200B;

By Lorenzo Francheschi-Bicchierai

The SIM Hijackers

How to Protect Yourself From SIM Swapping Hacks

‘TELL YOUR DAD TO GIVE US BITCOIN:’ How a Hacker Allegedly Stole Millions by Hijacking Phone Numbers

How Criminals Recruit Telecom Employees to Help Them Hijack SIM Cards

Alleged 19-Year-Old SIM Swapper Used Stolen Bitcoin to Buy Luxury Cars

Cops Arrest Infamous SIM Swapper Who Allegedly Stole $14 Million in Cryptocurrency

&#x200B;

By Joseph Cox

'I Could Ruin Your Business Right Now': Listen to a SIM-Jacking, Account-Stealing Ransom

&#x200B;

The Organization that Lizzie Donated To

Byte Back

Google Authenticator works for me.

No, the Google Authenticator app for Android or iOS generates a code that changes every 30 seconds.

Using a plugin such as https://wordpress.org/plugins/google-authenticator/, you can force users to link the Google Authenticator or any compatible 2FA app to their account, so each time they want to log in, they need to enter a freshly generated code from the app in addition to their username and password.

Linking the 2FA app is done by the user simply scanning a QR code with their phone or tablet. Now unless they're sharing the device with the 2FA app, they can't share their account.

The only caveat is if a user stores the QR code before scanning it. They can then later scan that QR code with as many devices as they like (which could be just for their own convenience, for example to be able to get codes on both their tablet and phone), or share the QR code along with their login details in order to share their account.

On the one hand a code sent over SMS or mail is a stronger technical measure against account sharing, as it requires the user to also share access to their phone or mailbox. On the other hand, most users aren't aware that it's even possible to generate the same Authenticator token on multiple devices, and this method has the benefit of not relying on (paid) third party services. The decision is up to you of course.

You can login to the ea page with your ps account and you can set it up there.

&#x200B;

How to:

https://help.ea.com/en/help/account/linking-your-origin-account-with-your-psn-id-and-gamertag/?franchise=origin&amp;product=origin

&#x200B;

Log-in (because on the origin site i didn't find the login with ps/xbox buttons):

https://help.ea.com/en/

&#x200B;

Security settings:

https://myaccount.ea.com/cp-ui/security/index

&#x200B;

Google authenticator apps:

win:

https://winauth.github.io/winauth/download.html

android:

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2

No idea how to fix, but you should never use sms for 2fa in the future. Always opt for something like this

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&amp;hl=en_US

Use a android emulator if you dont have an android phone.

because you used the phone number. not Google auth app.

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&amp;hl=en_US

The real pro tip is to turn off all methods of 2FA that use your phone number!

For the reasons you've outlined it shouldn't be considered secure. You're putting your second factor of authentication in the hands of people who you don't personally know that have been collectively getting scammed by this method for years now. SIM swapping is a known attack and IMO hasn't been seriously addressed by phone companies in any meaningful way.

Instead using a time-based two factor system (Google Authenticator, Authy, and Microsoft Authenticator are all great options) is far better, just make sure to back up your QR codes somewhere safe (preferably offline and ideally encrypted) so you can restore your 2FA in the event your phone gets run over by a bus!

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&amp;hl=de

https://www.techrepublic.com/article/how-to-setup-two-factor-authentication-in-linux/

usw...

wer zum fick lässt sich den SMS schicken als gäbs Callya noch?!

No, setup your Robinhood to use "Google Authenticator" or "Microsoft Authenticator"

https://robinhood.com/support/articles/360001213783/twofactor-authentication/

First, you’ll need to download your preferred authentication app. Here are a few:

• Google Authenticator: <strong>iPhone</strong>, <strong>Android</strong>
• Duo Mobile: <strong>iPhone</strong>, <strong>Android</strong>
• Authy: <strong>iPhone</strong>, <strong>Android</strong>

You can set up app-based two-factor by following these steps:

1. Log into your Robinhood account on your mobile app.
2. Tap the Account icon in the bottom right corner.
3. Tap Settings.
4. Tap Two-Factor Authentication.
5. Toggle the feature to the On position.
6. Tap the app you’d like to use.
7. Copy the key we provide, and paste it into your authentication app.
8. Confirm the verification code generated by your authentication app by entering it into the Robinhood app when you’re prompted. You’ll also receive a backup code.

If only there was some way to do 2FA without relying on an email provider...

The technology isn't there yet. ^^/s

Don't use email based 2FA like a savage.

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&amp;hl=en_us

If you have no mobile device at all, then perhaps not unless you use some really janky rig.

If you do have a mobile device with no phone number, you can simply use Google Authenticator with your email on a device that supports the app. Here's a guide by discord on how to set up 2FA.

Google Play link

App Store iOS link

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&amp;hl=en_CA

You might also get this message if someone is just attempting to access your account, which can be due to:

• They mean to do another, but put in a number/email that is your by accident
• Someone is attempting to hack into the account, in which case, FB will notice you're not able to access your profile

In either case, the best suggestion is a nice strong password, then you should not have to worry about anything. You might also want to turn on 2 factor authentication. I HIGHLY recommend using something like Google Authentication, and not the SMS (phone) 2 factor as those have been shown to be easily hacked.

• https://www.facebook.com/help/loginapprovals

If you have an Android phone:

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&amp;hl=en_us

If you have Apple:

https://itunes.apple.com/us/app/google-authenticator/id388497605

Google Auth - I perfer this because it supports multiple RSI accounts, Discord, and naturaly Google 2-factor.

RSI Auth

Duo

Ihr könnt mir später danken

Essentiell hilfreich

Link

2factor auth, which you really should be using, especially corporate gsuite.

The following comment by kids_wear_this_shit was openly greylisted.

The original comment can be found(in censored form) at this link:

np.reddit.com/r/ CryptoCurrency/comments/7mxmwr/-/drylo06?context=4

The original comment's content was as follows:

> I'm working on an almost step-by-step guide right now, but it's not complete is and is a really rough draft. I'm going to copy paste it here and not stress out over the formatting. The answers to WHY we go the route we do can be googled. This guide isn't designed to explain anything, just simply tell you where to go to get to your end result. > > An almost step-by-step guide on a way to get into crypto currency as well as how to buy some altcoins: > > Ok, so you’ve decided you want to buy some crypto currency (say Bitcoin or these altcoins you keep hearing about)… Great! The problem is you don’t know how to get started and may feel overwhelmed. You know you’ll do the research later, but just want in NOW – I say STOP. Research first. – Yeah, yeah… You will, but the truth is, you want to buy right now and will figure it out later. Cool. I get it. So here’s a step by step-by-step guide on how to obtain some crypto currency right away. > > This guide is not a WHAT to buy/sell, WHEN to buy/sell, or what TO DO with your crypto currency. This is just one of many guides on HOW to get your foot in the door. > > There are many ways to do this, many exchanges to use, many apps, and many preferred methods. I am not connected to or affiliated with any of these sites, services, or companies. Please feel free to swap in and out whatever you so wish at any stage. > > What I am posting for you here is not financial advice nor is it the only path. Most of this is geared towards individuals in the US, but will be a decent framework for most. > > Already own a crypto currency on Coinbase and want to get into altcoins? Skip to step 4. Have crypto currency elsewhere? Skip to step 5a. > > Things you will need: - A computer (Not 100% necessary, but for this guide I recommend it) - A smart phone - Your credit card (A bank transfer/debit = longer to get funds with less fees | Credit card = almost instant with higher fees. This guide assumes you don’t mind the slightly higher fee to have access to your crypto right away) - Your government ID > > Step 1 (Security prep): Download the following app on your smartphone: Google Authenticator – Android https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&amp;hl=en iOS https://itunes.apple.com/us/app/google-authenticator/id388497605?mt=8 This isn’t 100% necessary but HIGHLY recommended. I believe you can do SMS as well, but I’d say just go with this. > > You may also need a QR code scanner. I know that iOS 11 built one into the camera. Previous version iPhones as well as some Androids may need to download an app. > > Step 2 (Setup): Register at https://www.coinbase.com/join/5a30880e8790e0029f97826f YES, this IS a referral link. NO, you do NOT have to use it. Feel free to just go to directly to the site and sign up yourself. (At the time of writing this, CoinBase says it will give you $10 in Bitcoin for using a referral. Again, YOU DON’T HAVE TO US THIS REFERRAL). https://support.coinbase.com/customer/en/portal/articles/683805-the-coinbase-referral-program > > Once you have created your account be sure to complete the following: - Set up 2-Factor authentication (either via SMS or Google Authenticator) https://support.coinbase.com/customer/en/portal/articles/1447997-how-can-i-make-my-account-more-secure- - Link your bank account or credit card (bank transfers/debit cards will take a long time for you to receive your funds will have less fees. Credit card purchases are almost instant but have a higher fee. For the purpose of this guide I am going to assume you want to use a credit card to have funds right now or will come back once they have been released to you.) https://support.coinbase.com/customer/en/portal/articles/1148716-payment-methods-for-us-customers - Submit for ID verification https://support.coinbase.com/customer/en/portal/articles/1220621-identity-verification > > Step 3 (The purchase!): > > Logged into your Coinbase account, go to the [Buy] tab https://www.coinbase.com/buy > > (This can be done from the Coinbase app) Android https://play.google.com/store/apps/details?id=com.coinbase.android&amp;hl=en iOS https://itunes.apple.com/us/app/coinbase-buy-bitcoin-more/id886427730?mt=8 > > Select the product you wish to purchase – Bitcoin, Litecoin, or Ethereum. (Coinbase is positioned to add more coins in the future.) https://support.coinbase.com/customer/en/portal/articles/2136749-how-do-i-buy-digital-currency- > > Which one? There will be a lot of suggestions out there as to which one and why. Buy one. Buy more than one. That’s your call. However, if you want to get into altcoins, for the purpose of this guide, I might recommend having at least some Ethereum. (This guide is COMPLETELY ignoring what the current asking price is). It will be faster than Bitcoin for purchasing some altcoins. (This is always subject to change.) > > Did you push the “Buy” button? Congratulations you have a crypto currency!!! Exciting right?! Whoa, ok... Stop jumping up and down and don’t go anywhere… We aren’t done. > > Step 4 (The transfer): Go to www.gdax.com Log in with your Coinbase account login. (Coinbase owns Gdax. Google it. Why do we have to do this? I’m not going to get into that right now, just know it’s to avoid some fees). > > Now follow this guide on how to transfer your funds to GDAX - https://support.gdax.com/customer/en/portal/articles/2430129-transferring-funds-between-gdax-and-coinbase > > Step 5 is going to depend on what you want to do from here. Are you going to sit on your current purchase or do you plan on purchasing altcoins? Go to 5a for sitting on it, go to 5b for altcoins > > Step 5a (Securing your investment): The purpose of this guide was to help you obtain crypto currency, not what to do with it after. > > https://support.gdax.com/customer/en/portal/articles/2430150-how-to-deposit-and-withdraw-digital-currencies > > Do not leave your investment on the exchange. The exchange is not a bank. You need a wallet. This is not something I’m putting into this guide at this time. Simply Google it. I highly, highly recommend ordering a cold wallet (you’ll know what that is once you research). I personally own a Ledger Nano S (I am not affiliated with Ledger in ANY way. Buy a Trezor if you want. I don’t care, just look into it.) In the mean time, create a wallet on your computer or phone. DO NOT use a hosted solution. > > Step 5b (Purchasing altoins): > > There are many altcoins to buy, exchanges to get them, bla bla bla. Have a specific one in mind? It’s going to work very similarly to this. > > Register an account on Binance https://www.binance.com/?ref=13857671 YES, this IS a referral link. NO, you do NOT have to use it. Feel free to just go to directly to the site and sign up yourself. > > Once you have created your account be sure to complete the following: - Submit to verify your account - Set up 2-Factor Authentication with your Google Authenticator - Deposit the amount of funds you wish to trade for an altcoin. https://support.binance.com/hc/en-us/articles/115000622212-How-to-Register-and-Deposit-on-Binance Step 6: Buy your alt coins with the funds you deposited! I recommend buying of Binance coins BNB to pay for fees. It cuts them in half. > > Another decent exchange is Kucoin. https://www.kucoin.com/#/?r=1dudd (Yes, referral code, but you know the drill. Go directly to the site if you want.) > > All of this is just a framework and you should google how to do each step. There are TONS of videos and guides. > > Feel free to PM me with questions. I’m also working on adding some more depth so let me know what isn’t clear so I can expand on it. In the future I’ll also have a list of great tools and recourses to use when analyzing. For now, get your feet at and see how it all works. > > GOOD LUCK!!!!

The following comment by kids_wear_this_shit was openly greylisted.

The original comment can be found(in censored form) at this link:

np.reddit.com/r/ CryptoCurrency/comments/7mxmwr/-/drxhbh4?context=4

The original comment's content was as follows:

> Judge for yourself. (Yes, referral code enclosed. Read the disclaimer with it). Here’s what I send: > > > I'm working on an almost step-by-step guide right now, but it's not complete is and is a really rough draft. I'm going to copy paste it here and not stress out over the formatting. The answers to WHY we go the route we do can be googled. This guide isn't designed to explain anything, just simply tell you where to go to get to your end result. > > An almost step-by-step guide on a way to get into crypto currency as well as how to buy some altcoins: > > Ok, so you’ve decided you want to buy some crypto currency (say Bitcoin or these altcoins you keep hearing about)… Great! The problem is you don’t know how to get started and may feel overwhelmed. You know you’ll do the research later, but just want in NOW – I say STOP. Research first. – Yeah, yeah… You will, but the truth is, you want to buy right now and will figure it out later. Cool. I get it. So here’s a step by step-by-step guide on how to obtain some crypto currency right away. > > This guide is not a WHAT to buy/sell, WHEN to buy/sell, or what TO DO with your crypto currency. This is just one of many guides on HOW to get your foot in the door. > > There are many ways to do this, many exchanges to use, many apps, and many preferred methods. I am not connected to or affiliated with any of these sites, services, or companies. Please feel free to swap in and out whatever you so wish at any stage. > > What I am posting for you here is not financial advice nor is it the only path. Most of this is geared towards individuals in the US, but will be a decent framework for most. > > Already own a crypto currency on Coinbase and want to get into altcoins? Skip to step 4. Have crypto currency elsewhere? Skip to step 5a. > > Things you will need: > - A computer (Not 100% necessary, but for this guide I recommend it) > - A smart phone > - Your credit card (A bank transfer/debit = longer to get funds with less fees | Credit card = almost instant with higher fees. This guide assumes you don’t mind the slightly higher fee to have access to your crypto right away) > - Your government ID > > Step 1 (Security prep): > Download the following app on your smartphone: > Google Authenticator – Android https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&amp;hl=en > iOS https://itunes.apple.com/us/app/google-authenticator/id388497605?mt=8 > This isn’t 100% necessary but HIGHLY recommended. I believe you can do SMS as well, but I’d say just go with this. > > You may also need a QR code scanner. I know that iOS 11 built one into the camera. Previous version iPhones as well as some Androids may need to download an app. > > Step 2 (Setup): > Register at https://www.coinbase.com/join/5a30880e8790e0029f97826f > YES, this IS a referral link. NO, you do NOT have to use it. Feel free to just go to directly to the site and sign up yourself. (At the time of writing this, CoinBase says it will give you $10 in Bitcoin for using a referral. Again, YOU DON’T HAVE TO US THIS REFERRAL). https://support.coinbase.com/customer/en/portal/articles/683805-the-coinbase-referral-program > > Once you have created your account be sure to complete the following: > - Set up 2-Factor authentication (either via SMS or Google Authenticator) https://support.coinbase.com/customer/en/portal/articles/1447997-how-can-i-make-my-account-more-secure- > - Link your bank account or credit card (bank transfers/debit cards will take a long time for you to receive your funds will have less fees. Credit card purchases are almost instant but have a higher fee. For the purpose of this guide I am going to assume you want to use a credit card to have funds right now or will come back once they have been released to you.) https://support.coinbase.com/customer/en/portal/articles/1148716-payment-methods-for-us-customers > - Submit for ID verification https://support.coinbase.com/customer/en/portal/articles/1220621-identity-verification > > Step 3 (The purchase!): > > Logged into your Coinbase account, go to the [Buy] tab https://www.coinbase.com/buy > > (This can be done from the Coinbase app) > Android https://play.google.com/store/apps/details?id=com.coinbase.android&amp;hl=en > iOS > https://itunes.apple.com/us/app/coinbase-buy-bitcoin-more/id886427730?mt=8 > > > Select the product you wish to purchase – Bitcoin, Litecoin, or Ethereum. (Coinbase is positioned to add more coins in the future.) https://support.coinbase.com/customer/en/portal/articles/2136749-how-do-i-buy-digital-currency- > > Which one? There will be a lot of suggestions out there as to which one and why. Buy one. Buy more than one. That’s your call. However, if you want to get into altcoins, for the purpose of this guide, I might recommend having at least some Ethereum. (This guide is COMPLETELY ignoring what the current asking price is). It will be faster than Bitcoin for purchasing some altcoins. (This is always subject to change.) > > Did you push the “Buy” button? Congratulations you have a crypto currency!!! Exciting right?! Whoa, ok... Stop jumping up and down and don’t go anywhere… We aren’t done. > > Step 4 (The transfer): > Go to www.gdax.com > Log in with your Coinbase account login. (Coinbase owns Gdax. Google it. Why do we have to do this? I’m not going to get into that right now, just know it’s to avoid some fees). > > Now follow this guide on how to transfer your funds to GDAX - https://support.gdax.com/customer/en/portal/articles/2430129-transferring-funds-between-gdax-and-coinbase > > Step 5 is going to depend on what you want to do from here. Are you going to sit on your current purchase or do you plan on purchasing altcoins? Go to 5a for sitting on it, go to 5b for altcoins > > > Step 5a (Securing your investment): > The purpose of this guide was to help you obtain crypto currency, not what to do with it after. > > https://support.gdax.com/customer/en/portal/articles/2430150-how-to-deposit-and-withdraw-digital-currencies > > Do not leave your investment on the exchange. The exchange is not a bank. You need a wallet. This is not something I’m putting into this guide at this time. Simply Google it. I highly, highly recommend ordering a cold wallet (you’ll know what that is once you research). I personally own a Ledger Nano S (I am not affiliated with Ledger in ANY way. Buy a Trezor if you want. I don’t care, just look into it.) In the mean time, create a wallet on your computer or phone. DO NOT use a hosted solution. > > Step 5b (Purchasing altoins): > > There are many altcoins to buy, exchanges to get them, bla bla bla. Have a specific one in mind? It’s going to work very similarly to this. > > Register an account on Binance https://www.binance.com/?ref=13857671 YES, this IS a referral link. NO, you do NOT have to use it. Feel free to just go to directly to the site and sign up yourself. > > Once you have created your account be sure to complete the following: > - Submit to verify your account > - Set up 2-Factor Authentication with your Google Authenticator > - Deposit the amount of funds you wish to trade for an altcoin. https://support.binance.com/hc/en-us/articles/115000622212-How-to-Register-and-Deposit-on-Binance > Step 6: > Buy your alt coins with the funds you deposited! > All of this is just a framework and you should google how to do each step. There are TONS of videos and guides. > > GOOD LUCK!!!!

The following comment by kids_wear_this_shit was openly greylisted.

The original comment can be found(in censored form) at this link:

np.reddit.com/r/ CryptoCurrency/comments/7lxckw/-/drpttc3?context=4

The original comment's content was as follows:

> Ok. There's really no reason to not use Coinbase. There's some frustration in the community about the way they handled a recent addition of a coin to their exchange, but that shouldn't detour you from using it for now as you are learning. Currently, the FASTEST way is to use your credit card on Coinbase. > > I'm working on an almost step-by-step guide right now, but it's not complete is and is a really rough draft. I'm going to copy paste it here and not stress out over the formatting. The answers to WHY we go the route we do can be googled. This guide isn't designed to explain anything, just simply tell you where to go to get to your end result. > > An almost step-by-step guide on a way to get into crypto currency as well as how to buy some altcoins: > > Ok, so you’ve decided you want to buy some crypto currency (say Bitcoin or these altcoins you keep hearing about)… Great! The problem is you don’t know how to get started and may feel overwhelmed. You know you’ll do the research later, but just want in NOW – I say STOP. Research first. – Yeah, yeah… You will, but the truth is, you want to buy right now and will figure it out later. Cool. I get it. So here’s a step by step-by-step guide on how to obtain some crypto currency right away. > > This guide is not a WHAT to buy/sell, WHEN to buy/sell, or what TO DO with your crypto currency. This is just one of many guides on HOW to get your foot in the door. > > There are many ways to do this, many exchanges to use, many apps, and many preferred methods. I am not connected to or affiliated with any of these sites, services, or companies. Please feel free to swap in and out whatever you so wish at any stage. > > What I am posting for you here is not financial advice nor is it the only path. Most of this is geared towards individuals in the US, but will be a decent framework for most. > > Already own a crypto currency on Coinbase and want to get into altcoins? Skip to step 4. Have crypto currency elsewhere? Skip to step 5a. > > Things you will need: > - A computer (Not 100% necessary, but for this guide I recommend it) > - A smart phone > - Your credit card (A bank transfer/debit = longer to get funds with less fees | Credit card = almost instant with higher fees. This guide assumes you don’t mind the slightly higher fee to have access to your crypto right away) > - Your government ID > > Step 1 (Security prep): > Download the following app on your smartphone: > Google Authenticator – Android https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&amp;hl=en > iOS https://itunes.apple.com/us/app/google-authenticator/id388497605?mt=8 > This isn’t 100% necessary but HIGHLY recommended. I believe you can do SMS as well, but I’d say just go with this. > > You may also need a QR code scanner. I know that iOS 11 built one into the camera. Previous version iPhones as well as some Androids may need to download an app. > > Step 2 (Setup): > Register at https://www.coinbase.com/join/5a30880e8790e0029f97826f > YES, this IS a referral link. NO, you do NOT have to use it. Feel free to just go to directly to the site and sign up yourself. (At the time of writing this, CoinBase says it will give you $10 in Bitcoin for using a referral. Again, YOU DON’T HAVE TO US THIS REFERRAL). https://support.coinbase.com/customer/en/portal/articles/683805-the-coinbase-referral-program > > Once you have created your account be sure to complete the following: > - Set up 2-Factor authentication (either via SMS or Google Authenticator) https://support.coinbase.com/customer/en/portal/articles/1447997-how-can-i-make-my-account-more-secure- > - Link your bank account or credit card (bank transfers/debit cards will take a long time for you to receive your funds will have less fees. Credit card purchases are almost instant but have a higher fee. For the purpose of this guide I am going to assume you want to use a credit card to have funds right now or will come back once they have been released to you.) https://support.coinbase.com/customer/en/portal/articles/1148716-payment-methods-for-us-customers > - Submit for ID verification https://support.coinbase.com/customer/en/portal/articles/1220621-identity-verification > > Step 3 (The purchase!): > > Logged into your Coinbase account, go to the [Buy] tab https://www.coinbase.com/buy > > (This can be done from the Coinbase app) > Android https://play.google.com/store/apps/details?id=com.coinbase.android&amp;hl=en > iOS > https://itunes.apple.com/us/app/coinbase-buy-bitcoin-more/id886427730?mt=8 > > > Select the product you wish to purchase – Bitcoin, Litecoin, or Ethereum. (Coinbase is positioned to add more coins in the future.) https://support.coinbase.com/customer/en/portal/articles/2136749-how-do-i-buy-digital-currency- > > Which one? There will be a lot of suggestions out there as to which one and why. Buy one. Buy more than one. That’s your call. However, if you want to get into altcoins, for the purpose of this guide, I might recommend having at least some Ethereum. (This guide is COMPLETELY ignoring what the current asking price is). It will be faster than Bitcoin for purchasing some altcoins. (This is always subject to change.) > > Did you push the “Buy” button? Congratulations you have a crypto currency!!! Exciting right?! Whoa, ok... Stop jumping up and down and don’t go anywhere… We aren’t done. > > Step 4 (The transfer): > Go to www.gdax.com > Log in with your Coinbase account login. (Coinbase owns Gdax. Google it. Why do we have to do this? I’m not going to get into that right now, just know it’s to avoid some fees). > > Now follow this guide on how to transfer your funds to GDAX - https://support.gdax.com/customer/en/portal/articles/2430129-transferring-funds-between-gdax-and-coinbase > > Step 5 is going to depend on what you want to do from here. Are you going to sit on your current purchase or do you plan on purchasing altcoins? Go to 5a for sitting on it, go to 5b for altcoins > > > Step 5a (Securing your investment): > The purpose of this guide was to help you obtain crypto currency, not what to do with it after. > > https://support.gdax.com/customer/en/portal/articles/2430150-how-to-deposit-and-withdraw-digital-currencies > > Do not leave your investment on the exchange. The exchange is not a bank. You need a wallet. This is not something I’m putting into this guide at this time. Simply Google it. I highly, highly recommend ordering a cold wallet (you’ll know what that is once you research). I personally own a Ledger Nano S (I am not affiliated with Ledger in ANY way. Buy a Trezor if you want. I don’t care, just look into it.) In the mean time, create a wallet on your computer or phone. DO NOT use a hosted solution. > > Step 5b (Purchasing altoins): > > There are many altcoins to buy, exchanges to get them, bla bla bla. Have a specific one in mind? It’s going to work very similarly to this. > > Register an account on Binance https://www.binance.com/?ref=13857671 YES, this IS a referral link. NO, you do NOT have to use it. Feel free to just go to directly to the site and sign up yourself. > > Once you have created your account be sure to complete the following: > - Submit to verify your account > - Set up 2-Factor Authentication with your Google Authenticator > - Deposit the amount of funds you wish to trade for an altcoin. https://support.binance.com/hc/en-us/articles/115000622212-How-to-Register-and-Deposit-on-Binance > Step 6: > Buy your alt coins with the funds you deposited! > All of this is just a framework and you should google how to do each step. There are TONS of videos and guides. > > GOOD LUCK!!!!

The following comment by kids_wear_this_shit was openly greylisted.

The original comment can be found(in censored form) at this link:

np.reddit.com/r/ CryptoCurrency/comments/7m2got/-/drqtpn8?context=4

The original comment's content was as follows:

> I've been working on a guide. It's kind of shitty, but will get you started. Coinbase and Binance are two of the most trusted. There are others as well, but this is a great place to start. Sorry some of this isn't written towards you. It's a work in progress. > > > Here is an incomplete, almost step-by-step guide on a way to get into crypto currency as well as how to buy some altcoins: > > Ok, so you’ve decided you want to buy some crypto currency (say Bitcoin or these altcoins you keep hearing about)… Great! The problem is you don’t know how to get started and may feel overwhelmed. You know you’ll do the research later, but just want in NOW – I say STOP. Research first. – Yeah, yeah… You will, but the truth is, you want to buy right now and will figure it out later. Cool. I get it. So here’s a step by step-by-step guide on how to obtain some crypto currency right away. > > This guide is not a WHAT to buy/sell, WHEN to buy/sell, or what TO DO with your crypto currency. This is just one of many guides on HOW to get your foot in the door. > > There are many ways to do this, many exchanges to use, many apps, and many preferred methods. I am not connected to or affiliated with any of these sites, services, or companies. Please feel free to swap in and out whatever you so wish at any stage. > > What I am posting for you here is not financial advice nor is it the only path. Most of this is geared towards individuals in the US, but will be a decent framework for most. > > Already own a crypto currency on Coinbase and want to get into altcoins? Skip to step 4. Have crypto currency elsewhere? Skip to step 5a. > > Things you will need: > - A computer (Not 100% necessary, but for this guide I recommend it) > - A smart phone > - Your credit card (A bank transfer/debit = longer to get funds with less fees | Credit card = almost instant with higher fees. This guide assumes you don’t mind the slightly higher fee to have access to your crypto right away) > - Your government ID > > Step 1 (Security prep): > Download the following app on your smartphone: > Google Authenticator – Android https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&amp;hl=en > iOS https://itunes.apple.com/us/app/google-authenticator/id388497605?mt=8 > This isn’t 100% necessary but HIGHLY recommended. I believe you can do SMS as well, but I’d say just go with this. > > You may also need a QR code scanner. I know that iOS 11 built one into the camera. Previous version iPhones as well as some Androids may need to download an app. > > Step 2 (Setup): > Register at https://www.coinbase.com/join/5a30880e8790e0029f97826f > YES, this IS a referral link. NO, you do NOT have to use it. Feel free to just go to directly to the site and sign up yourself. (At the time of writing this, CoinBase says it will give you $10 in Bitcoin for using a referral. Again, YOU DON’T HAVE TO US THIS REFERRAL). https://support.coinbase.com/customer/en/portal/articles/683805-the-coinbase-referral-program > > Once you have created your account be sure to complete the following: > - Set up 2-Factor authentication (either via SMS or Google Authenticator) https://support.coinbase.com/customer/en/portal/articles/1447997-how-can-i-make-my-account-more-secure- > - Link your bank account or credit card (bank transfers/debit cards will take a long time for you to receive your funds will have less fees. Credit card purchases are almost instant but have a higher fee. For the purpose of this guide I am going to assume you want to use a credit card to have funds right now or will come back once they have been released to you.) https://support.coinbase.com/customer/en/portal/articles/1148716-payment-methods-for-us-customers > - Submit for ID verification https://support.coinbase.com/customer/en/portal/articles/1220621-identity-verification > > Step 3 (The purchase!): > > Logged into your Coinbase account, go to the [Buy] tab https://www.coinbase.com/buy > > (This can be done from the Coinbase app) > Android https://play.google.com/store/apps/details?id=com.coinbase.android&amp;hl=en > iOS > https://itunes.apple.com/us/app/coinbase-buy-bitcoin-more/id886427730?mt=8 > > > Select the product you wish to purchase – Bitcoin, Litecoin, or Ethereum. (Coinbase is positioned to add more coins in the future.) https://support.coinbase.com/customer/en/portal/articles/2136749-how-do-i-buy-digital-currency- > > Which one? There will be a lot of suggestions out there as to which one and why. Buy one. Buy more than one. That’s your call. However, if you want to get into altcoins, for the purpose of this guide, I might recommend having at least some Ethereum. (This guide is COMPLETELY ignoring what the current asking price is). It will be faster than Bitcoin for purchasing some altcoins. (This is always subject to change.) > > Did you push the “Buy” button? Congratulations you have a crypto currency!!! Exciting right?! Whoa, ok... Stop jumping up and down and don’t go anywhere… We aren’t done. > > Step 4 (The transfer): > Go to www.gdax.com > Log in with your Coinbase account login. (Coinbase owns Gdax. Google it. Why do we have to do this? I’m not going to get into that right now, just know it’s to avoid some fees). > > Now follow this guide on how to transfer your funds to GDAX - https://support.gdax.com/customer/en/portal/articles/2430129-transferring-funds-between-gdax-and-coinbase > > Step 5 is going to depend on what you want to do from here. Are you going to sit on your current purchase or do you plan on purchasing altcoins? Go to 5a for sitting on it, go to 5b for altcoins > > > Step 5a (Securing your investment): > The purpose of this guide was to help you obtain crypto currency, not what to do with it after. > > https://support.gdax.com/customer/en/portal/articles/2430150-how-to-deposit-and-withdraw-digital-currencies > > Do not leave your investment on the exchange. The exchange is not a bank. You need a wallet. This is not something I’m putting into this guide at this time. Simply Google it. I highly, highly recommend ordering a cold wallet (you’ll know what that is once you research). I personally own a Ledger Nano S (I am not affiliated with Ledger in ANY way. Buy a Trezor if you want. I don’t care, just look into it.) In the mean time, create a wallet on your computer or phone. DO NOT use a hosted solution. > > Step 5b (Purchasing altoins): > > There are many altcoins to buy, exchanges to get them, bla bla bla. Have a specific one in mind? It’s going to work very similarly to this. > > Register an account on Binance https://www.binance.com/?ref=13857671 YES, this IS a referral link. NO, you do NOT have to use it. Feel free to just go to directly to the site and sign up yourself. > > Once you have created your account be sure to complete the following: > - Submit to verify your account > - Set up 2-Factor Authentication with your Google Authenticator > - Deposit the amount of funds you wish to trade for an altcoin. https://support.binance.com/hc/en-us/articles/115000622212-How-to-Register-and-Deposit-on-Binance > > Step 6: > > Buy your alt coins with the funds you deposited! > All of this is just a framework and you should google how to do each step. There are TONS of videos and guides. > > GOOD LUCK!!!!

The following comment by kids_wear_this_shit was openly greylisted.

The original comment can be found(in censored form) at this link:

np.reddit.com/r/ CryptoCurrency/comments/7m2hqb/-/drqttl4?context=4

The original comment's content was as follows:

> This guide is a work in progress. Forgive the typos > > > Here is an incomplete, almost step-by-step guide on a way to get into crypto currency as well as how to buy some altcoins: > > Ok, so you’ve decided you want to buy some crypto currency (say Bitcoin or these altcoins you keep hearing about)… Great! The problem is you don’t know how to get started and may feel overwhelmed. You know you’ll do the research later, but just want in NOW – I say STOP. Research first. – Yeah, yeah… You will, but the truth is, you want to buy right now and will figure it out later. Cool. I get it. So here’s a step by step-by-step guide on how to obtain some crypto currency right away. > > This guide is not a WHAT to buy/sell, WHEN to buy/sell, or what TO DO with your crypto currency. This is just one of many guides on HOW to get your foot in the door. > > There are many ways to do this, many exchanges to use, many apps, and many preferred methods. I am not connected to or affiliated with any of these sites, services, or companies. Please feel free to swap in and out whatever you so wish at any stage. > > What I am posting for you here is not financial advice nor is it the only path. Most of this is geared towards individuals in the US, but will be a decent framework for most. > > Already own a crypto currency on Coinbase and want to get into altcoins? Skip to step 4. Have crypto currency elsewhere? Skip to step 5a. > > Things you will need: > - A computer (Not 100% necessary, but for this guide I recommend it) > - A smart phone > - Your credit card (A bank transfer/debit = longer to get funds with less fees | Credit card = almost instant with higher fees. This guide assumes you don’t mind the slightly higher fee to have access to your crypto right away) > - Your government ID > > Step 1 (Security prep): > Download the following app on your smartphone: > Google Authenticator – Android https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&amp;hl=en > iOS https://itunes.apple.com/us/app/google-authenticator/id388497605?mt=8 > This isn’t 100% necessary but HIGHLY recommended. I believe you can do SMS as well, but I’d say just go with this. > > You may also need a QR code scanner. I know that iOS 11 built one into the camera. Previous version iPhones as well as some Androids may need to download an app. > > Step 2 (Setup): > Register at https://www.coinbase.com/join/5a30880e8790e0029f97826f > YES, this IS a referral link. NO, you do NOT have to use it. Feel free to just go to directly to the site and sign up yourself. (At the time of writing this, CoinBase says it will give you $10 in Bitcoin for using a referral. Again, YOU DON’T HAVE TO US THIS REFERRAL). https://support.coinbase.com/customer/en/portal/articles/683805-the-coinbase-referral-program > > Once you have created your account be sure to complete the following: > - Set up 2-Factor authentication (either via SMS or Google Authenticator) https://support.coinbase.com/customer/en/portal/articles/1447997-how-can-i-make-my-account-more-secure- > - Link your bank account or credit card (bank transfers/debit cards will take a long time for you to receive your funds will have less fees. Credit card purchases are almost instant but have a higher fee. For the purpose of this guide I am going to assume you want to use a credit card to have funds right now or will come back once they have been released to you.) https://support.coinbase.com/customer/en/portal/articles/1148716-payment-methods-for-us-customers > - Submit for ID verification https://support.coinbase.com/customer/en/portal/articles/1220621-identity-verification > > Step 3 (The purchase!): > > Logged into your Coinbase account, go to the [Buy] tab https://www.coinbase.com/buy > > (This can be done from the Coinbase app) > Android https://play.google.com/store/apps/details?id=com.coinbase.android&amp;hl=en > iOS > https://itunes.apple.com/us/app/coinbase-buy-bitcoin-more/id886427730?mt=8 > > > Select the product you wish to purchase – Bitcoin, Litecoin, or Ethereum. (Coinbase is positioned to add more coins in the future.) https://support.coinbase.com/customer/en/portal/articles/2136749-how-do-i-buy-digital-currency- > > Which one? There will be a lot of suggestions out there as to which one and why. Buy one. Buy more than one. That’s your call. However, if you want to get into altcoins, for the purpose of this guide, I might recommend having at least some Ethereum. (This guide is COMPLETELY ignoring what the current asking price is). It will be faster than Bitcoin for purchasing some altcoins. (This is always subject to change.) > > Did you push the “Buy” button? Congratulations you have a crypto currency!!! Exciting right?! Whoa, ok... Stop jumping up and down and don’t go anywhere… We aren’t done. > > Step 4 (The transfer): > Go to www.gdax.com > Log in with your Coinbase account login. (Coinbase owns Gdax. Google it. Why do we have to do this? I’m not going to get into that right now, just know it’s to avoid some fees). > > Now follow this guide on how to transfer your funds to GDAX - https://support.gdax.com/customer/en/portal/articles/2430129-transferring-funds-between-gdax-and-coinbase > > Step 5 is going to depend on what you want to do from here. Are you going to sit on your current purchase or do you plan on purchasing altcoins? Go to 5a for sitting on it, go to 5b for altcoins > > > Step 5a (Securing your investment): > The purpose of this guide was to help you obtain crypto currency, not what to do with it after. > > https://support.gdax.com/customer/en/portal/articles/2430150-how-to-deposit-and-withdraw-digital-currencies > > Do not leave your investment on the exchange. The exchange is not a bank. You need a wallet. This is not something I’m putting into this guide at this time. Simply Google it. I highly, highly recommend ordering a cold wallet (you’ll know what that is once you research). I personally own a Ledger Nano S (I am not affiliated with Ledger in ANY way. Buy a Trezor if you want. I don’t care, just look into it.) In the mean time, create a wallet on your computer or phone. DO NOT use a hosted solution. > > Step 5b (Purchasing altoins): > > There are many altcoins to buy, exchanges to get them, bla bla bla. Have a specific one in mind? It’s going to work very similarly to this. > > Register an account on Binance https://www.binance.com/?ref=13857671 YES, this IS a referral link. NO, you do NOT have to use it. Feel free to just go to directly to the site and sign up yourself. > > Once you have created your account be sure to complete the following: > - Submit to verify your account > - Set up 2-Factor Authentication with your Google Authenticator > - Deposit the amount of funds you wish to trade for an altcoin. https://support.binance.com/hc/en-us/articles/115000622212-How-to-Register-and-Deposit-on-Binance > > Step 6: > > Buy your alt coins with the funds you deposited! > All of this is just a framework and you should google how to do each step. There are TONS of videos and guides. > > GOOD LUCK!!!!

The following comment by kids_wear_this_shit was openly removed.

The original comment can be found(in censored form) at this link:

np.reddit.com/r/ CryptoCurrency/comments/7m1xpm/-/drqrwjz?context=4

The original comment's content was as follows:

> Here is an incomplete, almost step-by-step guide on a way to get into crypto currency as well as how to buy some altcoins: > > Ok, so you’ve decided you want to buy some crypto currency (say Bitcoin or these altcoins you keep hearing about)… Great! The problem is you don’t know how to get started and may feel overwhelmed. You know you’ll do the research later, but just want in NOW – I say STOP. Research first. – Yeah, yeah… You will, but the truth is, you want to buy right now and will figure it out later. Cool. I get it. So here’s a step by step-by-step guide on how to obtain some crypto currency right away. > > This guide is not a WHAT to buy/sell, WHEN to buy/sell, or what TO DO with your crypto currency. This is just one of many guides on HOW to get your foot in the door. > > There are many ways to do this, many exchanges to use, many apps, and many preferred methods. I am not connected to or affiliated with any of these sites, services, or companies. Please feel free to swap in and out whatever you so wish at any stage. > > What I am posting for you here is not financial advice nor is it the only path. Most of this is geared towards individuals in the US, but will be a decent framework for most. > > Already own a crypto currency on Coinbase and want to get into altcoins? Skip to step 4. Have crypto currency elsewhere? Skip to step 5a. > > Things you will need: > - A computer (Not 100% necessary, but for this guide I recommend it) > - A smart phone > - Your credit card (A bank transfer/debit = longer to get funds with less fees | Credit card = almost instant with higher fees. This guide assumes you don’t mind the slightly higher fee to have access to your crypto right away) > - Your government ID > > Step 1 (Security prep): > Download the following app on your smartphone: > Google Authenticator – Android https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&amp;hl=en > iOS https://itunes.apple.com/us/app/google-authenticator/id388497605?mt=8 > This isn’t 100% necessary but HIGHLY recommended. I believe you can do SMS as well, but I’d say just go with this. > > You may also need a QR code scanner. I know that iOS 11 built one into the camera. Previous version iPhones as well as some Androids may need to download an app. > > Step 2 (Setup): > Register at https://www.coinbase.com/join/5a30880e8790e0029f97826f > YES, this IS a referral link. NO, you do NOT have to use it. Feel free to just go to directly to the site and sign up yourself. (At the time of writing this, CoinBase says it will give you $10 in Bitcoin for using a referral. Again, YOU DON’T HAVE TO US THIS REFERRAL). https://support.coinbase.com/customer/en/portal/articles/683805-the-coinbase-referral-program > > Once you have created your account be sure to complete the following: > - Set up 2-Factor authentication (either via SMS or Google Authenticator) https://support.coinbase.com/customer/en/portal/articles/1447997-how-can-i-make-my-account-more-secure- > - Link your bank account or credit card (bank transfers/debit cards will take a long time for you to receive your funds will have less fees. Credit card purchases are almost instant but have a higher fee. For the purpose of this guide I am going to assume you want to use a credit card to have funds right now or will come back once they have been released to you.) https://support.coinbase.com/customer/en/portal/articles/1148716-payment-methods-for-us-customers > - Submit for ID verification https://support.coinbase.com/customer/en/portal/articles/1220621-identity-verification > > Step 3 (The purchase!): > > Logged into your Coinbase account, go to the [Buy] tab https://www.coinbase.com/buy > > (This can be done from the Coinbase app) > Android https://play.google.com/store/apps/details?id=com.coinbase.android&amp;hl=en > iOS > https://itunes.apple.com/us/app/coinbase-buy-bitcoin-more/id886427730?mt=8 > > > Select the product you wish to purchase – Bitcoin, Litecoin, or Ethereum. (Coinbase is positioned to add more coins in the future.) https://support.coinbase.com/customer/en/portal/articles/2136749-how-do-i-buy-digital-currency- > > Which one? There will be a lot of suggestions out there as to which one and why. Buy one. Buy more than one. That’s your call. However, if you want to get into altcoins, for the purpose of this guide, I might recommend having at least some Ethereum. (This guide is COMPLETELY ignoring what the current asking price is). It will be faster than Bitcoin for purchasing some altcoins. (This is always subject to change.) > > Did you push the “Buy” button? Congratulations you have a crypto currency!!! Exciting right?! Whoa, ok... Stop jumping up and down and don’t go anywhere… We aren’t done. > > Step 4 (The transfer): > Go to www.gdax.com > Log in with your Coinbase account login. (Coinbase owns Gdax. Google it. Why do we have to do this? I’m not going to get into that right now, just know it’s to avoid some fees). > > Now follow this guide on how to transfer your funds to GDAX - https://support.gdax.com/customer/en/portal/articles/2430129-transferring-funds-between-gdax-and-coinbase > > Step 5 is going to depend on what you want to do from here. Are you going to sit on your current purchase or do you plan on purchasing altcoins? Go to 5a for sitting on it, go to 5b for altcoins > > > Step 5a (Securing your investment): > The purpose of this guide was to help you obtain crypto currency, not what to do with it after. > > https://support.gdax.com/customer/en/portal/articles/2430150-how-to-deposit-and-withdraw-digital-currencies > > Do not leave your investment on the exchange. The exchange is not a bank. You need a wallet. This is not something I’m putting into this guide at this time. Simply Google it. I highly, highly recommend ordering a cold wallet (you’ll know what that is once you research). I personally own a Ledger Nano S (I am not affiliated with Ledger in ANY way. Buy a Trezor if you want. I don’t care, just look into it.) In the mean time, create a wallet on your computer or phone. DO NOT use a hosted solution. > > Step 5b (Purchasing altoins): > > There are many altcoins to buy, exchanges to get them, bla bla bla. Have a specific one in mind? It’s going to work very similarly to this. > > Register an account on Binance https://www.binance.com/?ref=13857671 YES, this IS a referral link. NO, you do NOT have to use it. Feel free to just go to directly to the site and sign up yourself. > > Once you have created your account be sure to complete the following: > - Submit to verify your account > - Set up 2-Factor Authentication with your Google Authenticator > - Deposit the amount of funds you wish to trade for an altcoin. https://support.binance.com/hc/en-us/articles/115000622212-How-to-Register-and-Deposit-on-Binance > > Step 6: > > Buy your alt coins with the funds you deposited! > All of this is just a framework and you should google how to do each step. There are TONS of videos and guides. > > GOOD LUCK!!!!

The following comment by kids_wear_this_shit was openly greylisted.

The original comment can be found(in censored form) at this link:

np.reddit.com/r/ CryptoCurrency/comments/7m2dog/-/drqt2jh?context=4

The original comment's content was as follows:

> Here is an incomplete, almost step-by-step guide on a way to get into crypto currency as well as how to buy some altcoins: > > Ok, so you’ve decided you want to buy some crypto currency (say Bitcoin or these altcoins you keep hearing about)… Great! The problem is you don’t know how to get started and may feel overwhelmed. You know you’ll do the research later, but just want in NOW – I say STOP. Research first. – Yeah, yeah… You will, but the truth is, you want to buy right now and will figure it out later. Cool. I get it. So here’s a step by step-by-step guide on how to obtain some crypto currency right away. > > This guide is not a WHAT to buy/sell, WHEN to buy/sell, or what TO DO with your crypto currency. This is just one of many guides on HOW to get your foot in the door. > > There are many ways to do this, many exchanges to use, many apps, and many preferred methods. I am not connected to or affiliated with any of these sites, services, or companies. Please feel free to swap in and out whatever you so wish at any stage. > > What I am posting for you here is not financial advice nor is it the only path. Most of this is geared towards individuals in the US, but will be a decent framework for most. > > Already own a crypto currency on Coinbase and want to get into altcoins? Skip to step 4. Have crypto currency elsewhere? Skip to step 5a. > > Things you will need: > - A computer (Not 100% necessary, but for this guide I recommend it) > - A smart phone > - Your credit card (A bank transfer/debit = longer to get funds with less fees | Credit card = almost instant with higher fees. This guide assumes you don’t mind the slightly higher fee to have access to your crypto right away) > - Your government ID > > Step 1 (Security prep): > Download the following app on your smartphone: > Google Authenticator – Android https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&amp;hl=en > iOS https://itunes.apple.com/us/app/google-authenticator/id388497605?mt=8 > This isn’t 100% necessary but HIGHLY recommended. I believe you can do SMS as well, but I’d say just go with this. > > You may also need a QR code scanner. I know that iOS 11 built one into the camera. Previous version iPhones as well as some Androids may need to download an app. > > Step 2 (Setup): > Register at https://www.coinbase.com/join/5a30880e8790e0029f97826f > YES, this IS a referral link. NO, you do NOT have to use it. Feel free to just go to directly to the site and sign up yourself. (At the time of writing this, CoinBase says it will give you $10 in Bitcoin for using a referral. Again, YOU DON’T HAVE TO US THIS REFERRAL). https://support.coinbase.com/customer/en/portal/articles/683805-the-coinbase-referral-program > > Once you have created your account be sure to complete the following: > - Set up 2-Factor authentication (either via SMS or Google Authenticator) https://support.coinbase.com/customer/en/portal/articles/1447997-how-can-i-make-my-account-more-secure- > - Link your bank account or credit card (bank transfers/debit cards will take a long time for you to receive your funds will have less fees. Credit card purchases are almost instant but have a higher fee. For the purpose of this guide I am going to assume you want to use a credit card to have funds right now or will come back once they have been released to you.) https://support.coinbase.com/customer/en/portal/articles/1148716-payment-methods-for-us-customers > - Submit for ID verification https://support.coinbase.com/customer/en/portal/articles/1220621-identity-verification > > Step 3 (The purchase!): > > Logged into your Coinbase account, go to the [Buy] tab https://www.coinbase.com/buy > > (This can be done from the Coinbase app) > Android https://play.google.com/store/apps/details?id=com.coinbase.android&amp;hl=en > iOS > https://itunes.apple.com/us/app/coinbase-buy-bitcoin-more/id886427730?mt=8 > > > Select the product you wish to purchase – Bitcoin, Litecoin, or Ethereum. (Coinbase is positioned to add more coins in the future.) https://support.coinbase.com/customer/en/portal/articles/2136749-how-do-i-buy-digital-currency- > > Which one? There will be a lot of suggestions out there as to which one and why. Buy one. Buy more than one. That’s your call. However, if you want to get into altcoins, for the purpose of this guide, I might recommend having at least some Ethereum. (This guide is COMPLETELY ignoring what the current asking price is). It will be faster than Bitcoin for purchasing some altcoins. (This is always subject to change.) > > Did you push the “Buy” button? Congratulations you have a crypto currency!!! Exciting right?! Whoa, ok... Stop jumping up and down and don’t go anywhere… We aren’t done. > > Step 4 (The transfer): > Go to www.gdax.com > Log in with your Coinbase account login. (Coinbase owns Gdax. Google it. Why do we have to do this? I’m not going to get into that right now, just know it’s to avoid some fees). > > Now follow this guide on how to transfer your funds to GDAX - https://support.gdax.com/customer/en/portal/articles/2430129-transferring-funds-between-gdax-and-coinbase > > Step 5 is going to depend on what you want to do from here. Are you going to sit on your current purchase or do you plan on purchasing altcoins? Go to 5a for sitting on it, go to 5b for altcoins > > > Step 5a (Securing your investment): > The purpose of this guide was to help you obtain crypto currency, not what to do with it after. > > https://support.gdax.com/customer/en/portal/articles/2430150-how-to-deposit-and-withdraw-digital-currencies > > Do not leave your investment on the exchange. The exchange is not a bank. You need a wallet. This is not something I’m putting into this guide at this time. Simply Google it. I highly, highly recommend ordering a cold wallet (you’ll know what that is once you research). I personally own a Ledger Nano S (I am not affiliated with Ledger in ANY way. Buy a Trezor if you want. I don’t care, just look into it.) In the mean time, create a wallet on your computer or phone. DO NOT use a hosted solution. > > Step 5b (Purchasing altoins): > > There are many altcoins to buy, exchanges to get them, bla bla bla. Have a specific one in mind? It’s going to work very similarly to this. > > Register an account on Binance https://www.binance.com/?ref=13857671 YES, this IS a referral link. NO, you do NOT have to use it. Feel free to just go to directly to the site and sign up yourself. > > Once you have created your account be sure to complete the following: > - Submit to verify your account > - Set up 2-Factor Authentication with your Google Authenticator > - Deposit the amount of funds you wish to trade for an altcoin. https://support.binance.com/hc/en-us/articles/115000622212-How-to-Register-and-Deposit-on-Binance > > Step 6: > > Buy your alt coins with the funds you deposited! > All of this is just a framework and you should google how to do each step. There are TONS of videos and guides. > > GOOD LUCK!!!!

The following comment by kids_wear_this_shit was openly greylisted.

The original comment can be found(in censored form) at this link:

np.reddit.com/r/ CryptoCurrency/comments/7m0z0m/-/drqslch?context=4

The original comment's content was as follows:

> This guide doesn't apply to you because you are smart in doing your research, but I pasted it for future reference > > Here is an incomplete, almost step-by-step guide on a way to get into crypto currency as well as how to buy some altcoins: > > Ok, so you’ve decided you want to buy some crypto currency (say Bitcoin or these altcoins you keep hearing about)… Great! The problem is you don’t know how to get started and may feel overwhelmed. You know you’ll do the research later, but just want in NOW – I say STOP. Research first. – Yeah, yeah… You will, but the truth is, you want to buy right now and will figure it out later. Cool. I get it. So here’s a step by step-by-step guide on how to obtain some crypto currency right away. > > This guide is not a WHAT to buy/sell, WHEN to buy/sell, or what TO DO with your crypto currency. This is just one of many guides on HOW to get your foot in the door. > > There are many ways to do this, many exchanges to use, many apps, and many preferred methods. I am not connected to or affiliated with any of these sites, services, or companies. Please feel free to swap in and out whatever you so wish at any stage. > > What I am posting for you here is not financial advice nor is it the only path. Most of this is geared towards individuals in the US, but will be a decent framework for most. > > Already own a crypto currency on Coinbase and want to get into altcoins? Skip to step 4. Have crypto currency elsewhere? Skip to step 5a. > > Things you will need: > - A computer (Not 100% necessary, but for this guide I recommend it) > - A smart phone > - Your credit card (A bank transfer/debit = longer to get funds with less fees | Credit card = almost instant with higher fees. This guide assumes you don’t mind the slightly higher fee to have access to your crypto right away) > - Your government ID > > Step 1 (Security prep): > Download the following app on your smartphone: > Google Authenticator – Android https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&amp;hl=en > iOS https://itunes.apple.com/us/app/google-authenticator/id388497605?mt=8 > This isn’t 100% necessary but HIGHLY recommended. I believe you can do SMS as well, but I’d say just go with this. > > You may also need a QR code scanner. I know that iOS 11 built one into the camera. Previous version iPhones as well as some Androids may need to download an app. > > Step 2 (Setup): > Register at https://www.coinbase.com/join/5a30880e8790e0029f97826f > YES, this IS a referral link. NO, you do NOT have to use it. Feel free to just go to directly to the site and sign up yourself. (At the time of writing this, CoinBase says it will give you $10 in Bitcoin for using a referral. Again, YOU DON’T HAVE TO US THIS REFERRAL). https://support.coinbase.com/customer/en/portal/articles/683805-the-coinbase-referral-program > > Once you have created your account be sure to complete the following: > - Set up 2-Factor authentication (either via SMS or Google Authenticator) https://support.coinbase.com/customer/en/portal/articles/1447997-how-can-i-make-my-account-more-secure- > - Link your bank account or credit card (bank transfers/debit cards will take a long time for you to receive your funds will have less fees. Credit card purchases are almost instant but have a higher fee. For the purpose of this guide I am going to assume you want to use a credit card to have funds right now or will come back once they have been released to you.) https://support.coinbase.com/customer/en/portal/articles/1148716-payment-methods-for-us-customers > - Submit for ID verification https://support.coinbase.com/customer/en/portal/articles/1220621-identity-verification > > Step 3 (The purchase!): > > Logged into your Coinbase account, go to the [Buy] tab https://www.coinbase.com/buy > > (This can be done from the Coinbase app) > Android https://play.google.com/store/apps/details?id=com.coinbase.android&amp;hl=en > iOS > https://itunes.apple.com/us/app/coinbase-buy-bitcoin-more/id886427730?mt=8 > > > Select the product you wish to purchase – Bitcoin, Litecoin, or Ethereum. (Coinbase is positioned to add more coins in the future.) https://support.coinbase.com/customer/en/portal/articles/2136749-how-do-i-buy-digital-currency- > > Which one? There will be a lot of suggestions out there as to which one and why. Buy one. Buy more than one. That’s your call. However, if you want to get into altcoins, for the purpose of this guide, I might recommend having at least some Ethereum. (This guide is COMPLETELY ignoring what the current asking price is). It will be faster than Bitcoin for purchasing some altcoins. (This is always subject to change.) > > Did you push the “Buy” button? Congratulations you have a crypto currency!!! Exciting right?! Whoa, ok... Stop jumping up and down and don’t go anywhere… We aren’t done. > > Step 4 (The transfer): > Go to www.gdax.com > Log in with your Coinbase account login. (Coinbase owns Gdax. Google it. Why do we have to do this? I’m not going to get into that right now, just know it’s to avoid some fees). > > Now follow this guide on how to transfer your funds to GDAX - https://support.gdax.com/customer/en/portal/articles/2430129-transferring-funds-between-gdax-and-coinbase > > Step 5 is going to depend on what you want to do from here. Are you going to sit on your current purchase or do you plan on purchasing altcoins? Go to 5a for sitting on it, go to 5b for altcoins > > > Step 5a (Securing your investment): > The purpose of this guide was to help you obtain crypto currency, not what to do with it after. > > https://support.gdax.com/customer/en/portal/articles/2430150-how-to-deposit-and-withdraw-digital-currencies > > Do not leave your investment on the exchange. The exchange is not a bank. You need a wallet. This is not something I’m putting into this guide at this time. Simply Google it. I highly, highly recommend ordering a cold wallet (you’ll know what that is once you research). I personally own a Ledger Nano S (I am not affiliated with Ledger in ANY way. Buy a Trezor if you want. I don’t care, just look into it.) In the mean time, create a wallet on your computer or phone. DO NOT use a hosted solution. > > Step 5b (Purchasing altoins): > > There are many altcoins to buy, exchanges to get them, bla bla bla. Have a specific one in mind? It’s going to work very similarly to this. > > Register an account on Binance https://www.binance.com/?ref=13857671 YES, this IS a referral link. NO, you do NOT have to use it. Feel free to just go to directly to the site and sign up yourself. > > Once you have created your account be sure to complete the following: > - Submit to verify your account > - Set up 2-Factor Authentication with your Google Authenticator > - Deposit the amount of funds you wish to trade for an altcoin. https://support.binance.com/hc/en-us/articles/115000622212-How-to-Register-and-Deposit-on-Binance > > Step 6: > > Buy your alt coins with the funds you deposited! > All of this is just a framework and you should google how to do each step. There are TONS of videos and guides. > > GOOD LUCK!!!!

Here is the link. https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2

PSA - Do not use T-mobile phone numbers for 2FA or password recovery

Providing a T-mobile phone number to an online service provider is dangerous. Discontinue this practice immediately

Here is a very through collection of links which highlights the dangers associated to providing Google, Yahoo, Dropbox, Facebook, Twitter or other online service providers with your T-mobile phone number for the purpose of account recovery or two factor authentication. You should NOT do this. Never provide Google, Yahoo, Dropbox, Facebook, Twitter, or any other online service with your phone number for ANY reasons. They may decide to use it for account recovery purposes.

Here are the links: https://docs.google.com/spreadsheets/d/1wUvO6AjlwyciDnfdJmvwTJ32eM6UpJkChWfjpKPwl8k/edit?usp=sharing

What is two factor and how is it used?

The use of a phone number to secure an online account is called 2 factor authentication. This method should in theory provide greater security because it should require an attacker to have physical access to your phone. In reality however it merely outsources the responsibility of securing your account to another party, the cell phone carriers. As this article makes clear this is a very bad idea.

There is a form of 2 factor authentication that doesn’t use text messages to authenticate you, it's called Google Authenticator. The app is able to generate codes that provide access to online services without ever sending a text message to your phone. The video on google play which explains how the app works implies that the app still uses text messaging to authenticate users. It highlights a practice google and many other online services had in place previously. Users were not allowed to secure their account with Google authenticator unless they also provided Google, Yahoo, and others with a phone number. This number could then be used to recover (or hack) an account without requiring a user's password or the use of the Google Authenticator app. This is a critical vulnerability that hackers exploit to gain access to your account. Google Authenticator could in theory remove the risk associated with trusting T-mobile but how it was actually implemented by Google and others negated its effectiveness. Many people have believed they were more safe when in reality they were made more vulnerable by this technology.

What is really protecting our identities?

Companies such as Google, Yahoo, Twitter and others have policies in place which nominate a cell phone provider as the de facto gatekeeper of our online identities. Many of them have told us on numerous occasions that 2 factor authentication would protect our account and keep us safe from bad guys. This meant that the digital identities of everyone who is using 2 factor authentication are resting only upon the bedrock of our cell phone provider’s identity verification policies. If this bedrock is compromised then our digital identities are revealed to be an unstable house of cards. A single mistake made by a T-mobile employee could allow any email accounts using 2 factor authentication to be compromised. By extension this also means that any cloud storage or social media accounts which permit passwords to be reset using emails would also be compromised.

Everyone stay safe. Do NOT use T-mobile phone numbers for 2 factor purposes

use chrome, you dont need a phone https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2

It is for Android, not sure about iOS. https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&amp;hl=en_GB

You just enroll your phone into 2FA, but then use the app instead of SMS.

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&amp;hl=en

Download this https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&amp;hl=en

Since this is for home, I'd go with Google's (Universal Two Factor) standard called U2F for short. (Google Authenticator) in the Play Store will generate codes for you, or you can purchase a u2f key like the Yubikey (FIDO), although most likely any USB u2f dongle will work; I have one I bought off of a hackernews thread for $8 just because I thought it was cool - (ConorCo U2F (amazon.com)).

However Yubikey in particular offers a (pam-u2f) module and instructions on (github) on how to configure it and integrate with Ubuntu.

As in this one? (https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2). Does that work with anything but your google stuff?

I do have more than 2 google account. In fact i have 3. I read in another post that a wipe data sometimes solves the battery. When i do it, i will also stay with only one account to test.

And here is my apps list:

• Authenticator
• AZ Screen Recorder
• Barcode Scanner
• CPU Spy
• Crystal
• Device Manager
• Discord
• Duo
• Exchange Services
• Google Cast
• Google+
• GSam Battery Monitor
• Imgur
• Instagram
• Keep
• List My Apps
• MSQRD
• MX Player
• My Boy!
• Netflix
• News &amp; Weather
• Outlook
• Poke Radar
• Pokémon GO
• QuadRooter Scanner
• QuickPic
• reddit is fun
• Remote Desktop
• Screen Filter
• Simple Radio
• Skala View
• Skype
• Slack
• Snapchat
• Solid Explorer
• Solid Explorer Unlocker
• Speakers
• Spotify
• Steam
• Stop
• TeamViewer
• Telegram
• Tick
• Tinder
• Twitter
• Uber
• WhatsApp
• ∞ Loop

List made using List My Apps

the google authenticator app will allow you to use 2-step with amazon.

Set up two factor authentication on the services that allow it using something like Authy or Google Authenticator (or even WinAuth on an USB stick, if you're afraid of being locked out of your phone). It's much more secure than a password, it's easily usable and you won't need to use overly complex passwords as any login attempt will have to go through the second factor anyway.

Then something like Google Authenticator would still work for you.

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2

> If anyone knows an authenticator that doesn't require giving your phone number to a commercial party then I might consider using it.

Virtually every Two-step authentication app doesn't require you to give your phone number. All you do is scan a QR code. But anyway,

• Google Authenticator
• Lastpass Authenticator
• Azure Authenticator

If you don't trust any of those, you can easily write one yourself!

you need to have Google Authenticator installed, and the Ledger U2F applet loaded on the card through the Fidesmo application. Is that ok ?

We're talking about a libpam module that can be accessed using Google, Yubico's [source], FreeOTP's [source], OTP Authenticator's [source] or by running Python PyOTP's [source] in terminal.

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&amp;hl=en

I forgot to mention, if you do use web wallets, you should definitely take advantage of two-factor authentication (2FA). Google Authenticator works for me, but I've also seen Authy recommended for Android or iOS, or you could choose FreeOTP if you want something fully open-source. In theory SMS 2FA is also acceptable, but this method has more attack vectors than a stand-alone app. Always carefully back up the initial data for your 2FA app.

Y people have been saying this forever, I wish valve would make google authenticate an option.

People create easy-to-remember and easy-to-type passwords and reuse them across sites and services. ~~If~~ When hackers guess or hack their way to one of your passwords on one of the sites you're using, they will inevitably try the same password on other sites and services.

As a company, taking security seriously means taking measures to prevent this from being a security problem, and implementing Multi-factor authentication (MFA) is an easy and cheap way of protecting your users.

MFA means you need more than just the password to log in, or at least to make purchases or changes to your account, YMMV. Typically, after entering your password you'll have to punch in a one time code sent to you by email or text message, or from a device or an app.

With MFA, an attacker will need more than your password to abuse your account, and since most attackers go after low hanging fruits they'll most likely move on to easier targets. Day saved.

Might try this: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&amp;hl=en

When getting a new phone up and running I usually begin with:

• Android Wear - So the $200 toy on my wrist actually does things

• Google Authenticator - So I can login to Google stuff away from home.

• Bank Application - Whatever your bank may be, and so I know how much this shiny new phone hurt my wallet.

• Pushbullet To easily send links and files to my phone and links from my computer to friends.

• Android Device Manager In case I should lose my phone. Its never happened so I don't actually know how good it is at solving that problem.

• Google Keep (If not already present) - So I remember not to forget (but still will forget)

• Google Maps (If not already present) - So I can get home.

• (Google) Messenger - So my texts look pretty.

• Nova Launcher - If my new phone is a Nexus i will pretend I dont need nova for about a month and develop self inflicted stockholm syndrome about stock Android. Then in about a month come to my senses and install it. If it's any other brand I will likely install it before I even leave the store.

• Pocket Casts - So I am entertained on my way home.

• Google Opinion Rewards - So I can get 0.12 cents for telling Google where I was and that I drove my car to get there

• Google Wallet - So I can always think about using Tap To Pay and never do becaue im worried it wont work and ill look the fool.

From there I will install apps as I miss them or by a list I prepared beforehand.

yea.

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&amp;hl=en

Go to the app store and download the authenticator app.

When you sign in and it asks you for the code open the authenticator app and input the 6 digit code.

If you didn't set it up then someone else might have access to your account or it was enabled by accident.

Either way just download the app and give it a try. It's Google authenticator app OK.

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2

Here is the app (for Android) but if you don't have the code to log in, just log in through the RuneScape website (Authenticator isn't required for that), navigate to your Account Settings and disable Authenticator.

You could try two factor authentication. Not sure if it solves the problem.

https://support.google.com/accounts/answer/185839?hl=en

https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2

The other answer is Settings > Security > Screen Lock.

Let us know how you get on with it.

Now would be a good time to switch to Google Authenticator if you're still using SMS two-step.

That is really stupid. I mean, it's not like it's impossible to make an authenticator that doesn't use data.