Yes, it is.

freitasm:

 

Gordy7:

 

How do I setup 2FA Yubikey on GZ?

 

 

You can't. We offer TOTP-based 2FA (Authenticator).

 

Thanks. I like a challenge. I have Yubikeys for other apps.

I thought I would see if I could use my Yubikey in Windows to do a 2FA login to GZ.

I don't know if the Yubikey GZ login procedure listed below is similar to other 2FA login procedures.

I launched Yubico Authenticator and created a Geekzone account/profile.

Entered the Geekzone 2FA authentication 16 character key and saved with a password.

Now when want to log into Geekzone:

 

1. enter my user name and password.
2. launch Yubico Authenticator.
3. select the Geekzone account/profile option.
4. press my Yubikey which generates a 6 digit code.
5. enter the 6 digit code into the Geekzone 2FA window.
6. press the GZ login button and I am in.

Oh, yes. You can use the Yubikey Authenticator. You can't use the other Yubikey features like FIDO U2F.

Batman:

 

freitasm:

I may not understand what you wrote. Do you mean to imply you think other password managers were compromised? Because that is not what I wrote.

 

i meant that not long ago people were recommending LastPass as the best password manager, and now I am hearing don't use LastPass.

 

what is the current best password manager? why are we no longer recommending LastPass?

 

thanks

 

(no i don't think password managers are compromised, i was just hoping you use one password manager and never need to change but it seems you have to change password managers from time to time for reasons I don't yet understand)

 

What annoyed me most about Lastpass was that about a month after I signed up and moved everything across to them, they implemented their policy to make free users choose either mobile access or desktop access. That p1ssed me off no end but I ended up making do with the limited mobile access. This means I had to look up passwords on my mobile and manually type them into my desktop when required, but I ended up getting google/chrome to remember them anyway so it wasn't so bad.

My general inertia at not wanting to go through the process of changing password managers again is what made me stay with them for three years, but news of their security issues made it a pretty easy decision to take action last night, and Bitwarden is working perfectly across all devices today. Should have done it sooner!!

[EDIT corrected spelling]

Batman: Thanks guys will check out bitwarden...Just a question, is Microsoft authenticator ok to use? I have no issues using it, just wondering if it's safe

Geekzone planning to implement passkeys anytime soon? 

Although in saying that, I try to use Bitwarden (actually Vaultwarden selfhosted) with passkeys between my iphone and mac and they only work 50% of the time. I feel like passkeys is a beta/early adopter feature that most big companies support, although slightly differently. 

Chills:

I thought LastPass was already gone along with Dashlane but I must just not be caught up. My personal recommendations are BitWarden and 1Password! 

I use lastpass.

About two years ago, I peppered my important passwords ie lastpass only holds the first part of my password and I then manually add on the last 6 digits/ characters - which are the same 6 for all my peppered passwords.  Unimportant pws aren't peppered.

I also use a 21 character master password , with 1001000 iterations and restrict logins from NZ only.

I was aware of the security breaches, but after just reading this thread am unsure how safe I am.

Am I safe from past security breaches - and do you still think I should go through the pain of changing password managers

ps - I am still going through the intense pain of changing all of my logins that use an xtra.co.nz email!!  so not keen to add to my workload.