2-Factor Authentication Tutorials & Tips

  • Thread starter Thread starter Smash
  • Start date Start date
Smash said:
No. I dont want to make it harder to get on here
Click to expand...
Maybe it's still too much for your tastes, but using 2FA is only a once-per-month hassle. Outside of doing that once a month, logging in is the same as without 2FA enabled. Maybe certain things that obfuscate your device identity would mess with this, but so far I haven't had any issues while running a VPN, tracker and ad blockers, etc.

Edit: spoke too soon, all those things I'm running are blocking device identification somehow, I suspect the culprit might be the cookie blocking. If I log out, then log back in using the same browser window, it doesn't ask for 2FA. If I close the browser window and then try logging in again, it prompts me.

Edit, The Sequel:
Yeah, it's a cookie. Rig-Talk places a cookie on your computer called xf_tfa_trust, among several others. Per a quick web search (https://kagi.com/search?q=xf_tfa_trust+cookie&r=us&sh=liHoHer0yzxsNUGeaOftMw), that bit 'o data is used by websites to indicate if a device is trusted or not. So since my cookies get cleared whenever the browser window closes instead of sticking around (that's intentional on my part), I have to do 2FA each time I open a new browser window.
 
Last edited:
I hope this explanation makes sense: The first time I encountered the 2-factor authentication thing for the site was using my iPad at the kitchen counter. I was already logged into the site - but couldn’t comment on a classified post. So I did exactly what Nero posted in the video. I went to my profile, enabled 2-factor, and then I got a screen with the square scan code that I pointed my iPhone at and got the login codes.

Here is my new problem. When I try to login on my windows desktop, it now requires 2-factor authentication to log in at all, so I can’t even get to my profile to get the new scan code.

I think what I will do is jot down one of the backup codes off my iPad and use that to get in on the desk top. I’ll report back if that is the solution.
 
7704A said:
Maybe it's still too much for your tastes, but using 2FA is only a once-per-month hassle. Outside of doing that once a month, logging in is the same as without 2FA enabled. Maybe certain things that obfuscate your device identity would mess with this, but so far I haven't had any issues while running a VPN, tracker and ad blockers, etc.

Edit: spoke too soon, all those things I'm running are blocking device identification somehow, I suspect the culprit might be the cookie blocking. If I log out, then log back in using the same browser window, it doesn't ask for 2FA. If I close the browser window and then try logging in again, it prompts me.

Edit, The Sequel:
Yeah, it's a cookie. Rig-Talk places a cookie on your computer called xf_tfa_trust, among several others. Per a quick web search (https://kagi.com/search?q=xf_tfa_trust+cookie&r=us&sh=liHoHer0yzxsNUGeaOftMw), that bit 'o data is used by websites to indicate if a device is trusted or not. So since my cookies get cleared whenever the browser window closes instead of sticking around (that's intentional on my part), I have to do 2FA each time I open a new browser window.
Click to expand...
Yeah. I pretty much hate anything that isn't instantaneous. This shit isn't that serious. I understand the 2fa for posting a classified. But in no way does it make sense to comment to me. But The world wasn't made for me, and until I can seize control, I will have to just bitch.
 
Smash said:
Yeah. I pretty much hate anything that isn't instantaneous.
Click to expand...
Well that's what I'm saying, unless you're blocking the cookies like me it's instantaneous every time except once every 30 days.
Smash said:
But in no way does it make sense to comment to me.
Click to expand...
I don't know, but it could be a limitation on permissions granularity. 🤷‍♂️
 
PDC said:
I hope this explanation makes sense: The first time I encountered the 2-factor authentication thing for the site was using my iPad at the kitchen counter. I was already logged into the site - but couldn’t comment on a classified post. So I did exactly what Nero posted in the video. I went to my profile, enabled 2-factor, and then I got a screen with the square scan code that I pointed my iPhone at and got the login codes.

Here is my new problem. When I try to login on my windows desktop, it now requires 2-factor authentication to log in at all, so I can’t even get to my profile to get the new scan code.

I think what I will do is jot down one of the backup codes off my iPad and use that to get in on the desk top. I’ll report back if that is the solution.
Click to expand...
You mentioned getting a new scan code. If you mean that square thingy you said you scanned with your iphone, it's just used to set up 2FA, you don't need to do it each time to log in with 2FA, if that's what you were thinking. Your phone that you scanned the original square code with should be able to generate numeric codes just like the backup codes, and you'd enter one of the generated codes when prompted for 2FA during log-in. The flow looks like this:

1) Go to rig-talk, enter username and password to log in.
2) Get prompted by rig-talk website for code.
3) Go to phone and open the app you scanned the square code with.
4) Enter code shown for rig-talk into the rig-talk website where it's asking for the code.
5) If you aren't clearing all cookies, you now have 30 days of logging in and out on the current device until you have to do this again.
 
Last edited:
Well said above by 7704 and I’ll state it clearly for everyone to understand.

Backup codes are just that - backup codes. They’re to be used to recover your account should you need to. Not to bypass how 2FA operates.

If I wanted to logon to my rig talk profile that already has 2FA enabled on my windows desktop the flow would look like this:

1) Go to rig talk site using windows desktop and
Input valid username and password
2) Pick up my mobile phone and open my “Google authenticator” app
3) Read the current six digit time sensitive code shown which corresponds to the rig talk site for my username
4) Put in the six digit code on the windows desktop RT site logon requesting 2FA and press enter before the Google authenticator app six digit code timer times out and generates a new code
All is done


To setup Google authenticator you just need to input your valid RT username and password inside the app to use it to get a regenerative code when you need it to login. You don’t need a Google account to use it.
 
Last edited:
517f08a6e99ade3b9ff74f96fcc720b0.jpg


They already "track" me here.
FWIW that "Atomica" way shrill on the top end. Not feelin it.
 
Last edited:
If you're talking about 2FA, you don't need to use your phone for that, there are other methods.

Edit: Also, if I understand roughly how TOTP 2FA works, you're not actually "linking" your phone to RT such that RT gets any info about you. RT just gives your phone some secret math info on how to generate codes it will know is for your account. Double check that though before relying on it for anything, I've not explored the standards 'n stuff beyond a surface level.
 
Last edited:
I don't see why 2FA is now required but guys are still allowed to do that PP friends and family crap. You gotta be a real moron to make a deal that way, regardless of the sellers honor. A car accident, medical emergency, family emergency, death, shipping damage, etc. Way too many problems could arise to throw a wrench in a basic deal to be doing that stuff.

I would def never use the classifieds here now. Probably wouldn't anyways cause I like cash deals FTF. I agree with Dan.
 
You must log in or register to reply here.
 
Back
Top