Site Comments & Suggestions

Secure your account with new 2-Step Verification

  • Last Updated:
  • Jun 23rd, 2021 7:40 pm
[OP]
Administrator
User avatar
Jun 17, 2013
15053 posts
28373 upvotes
Scarborough

Secure your account with new 2-Step Verification

We just added an extra layer of security for user accounts by adding a new 2-step verification system. This will help prevent someone from gaining access to your account in case your password is stolen. Anyone who wants to enroll in this new system can do so by following the below steps:

1. Log in to your account and open your Settings page.

2. You'll see a new 2-Step Verification link under Account & Preferences.

2stepaccountsettings.png

3. Click "Set up two-step verification" to continue.

2step2.png

4. To use 2-step verification you'll need an app that generates authentication codes such as Google Authenticator (Android / iOS) or Authy.

2step3.png (1).png

5. Open your authenticator app and add your RedFlagDeals.com account by using the QR code option. Scan the QR code displayed on your screen and click "Next".

2step4.png

6. Upon successful scanning of the QR code, you'll be provided a verification code. Enter this code and click "Continue"

2step5.png

7. You've successfully enrolled your RedFlagDeals.com account in 2-step verification. The next time you log in you'll be prompted to enter your 2-step verification code as an additional layer of security.

2step6.png

If you encounter any problems enrolling your account or have any questions, please reach out to us via our Contact Us page.
RFD Staff - Have a question? Send me a PM.
[Forum Rules] [Deal Alerts] [Thread Hiding]
34 replies
Deal Addict
Feb 3, 2019
1113 posts
2268 upvotes
Canada
Nice! Get rid of the trolls.
Live a little
Deal Addict
Nov 21, 2014
1694 posts
2325 upvotes
Atlantic
Done and done. Thank you for taking security seriously.
Deal Fanatic
User avatar
Aug 27, 2014
6169 posts
2489 upvotes
Canuckland
TomRFD wrote: We just added an extra layer of security for user accounts by adding a new 2-step verification system. This will help prevent someone from gaining access to your account in case your password is stolen. Anyone who wants to enroll in this new system can do so by following the below steps:

1. Log in to your account and open your Settings page.

2. You'll see a new 2-Step Verification link under Account & Preferences.


2stepaccountsettings.png


3. Click "Set up two-step verification" to continue.


2step2.png


4. To use 2-step verification you'll need an app that generates authentication codes such as Google Authenticator (Android / iOS) or Authy.


2step3.png (1).png


5. Open your authenticator app and add your RedFlagDeals.com account by using the QR code option. Scan the QR code displayed on your screen and click "Next".


2step4.png


6. Upon successful scanning of the QR code, you'll be provided a verification code. Enter this code and click "Continue"


2step5.png


7. You've successfully enrolled your RedFlagDeals.com account in 2-step verification. The next time you log in you'll be prompted to enter your 2-step verification code as an additional layer of security.


2step6.png


If you encounter any problems enrolling your account or have any questions, please reach out to us via our Contact Us page.
Should’ve allowed people to copy the code instead of just the picture
Deal Addict
Jan 8, 2007
1848 posts
61 upvotes
How about an option to enter a setup key? Can't take a pic of it using my phone when the qr is on my phone.
[OP]
Administrator
User avatar
Jun 17, 2013
15053 posts
28373 upvotes
Scarborough
danns wrote: How about an option to enter a setup key? Can't take a pic of it using my phone when the qr is on my phone.
We're already working on the next set of improvements for 2-step verification and that will be a part of it. For the time being you'll have to use 2 devices.
RFD Staff - Have a question? Send me a PM.
[Forum Rules] [Deal Alerts] [Thread Hiding]
Deal Expert
User avatar
Nov 16, 2004
20102 posts
7528 upvotes
Toronto
Missed the sort of "download me now" section that listed all the devices, clicked the appropriate link and downloaded the application.

Scanned the QR code through the app, gave me a number to put into RFD, putting the number in, nothing happens.

Stuck here now.
Cannot be verified. Have tried many rounds of new codes, cannot be verified.

I had to take a picture of the QR code with another device and then scan that image on my device in order to see the QR code.
Images
  • Screenshot_20210608-102722.png
RedFlagDeals Addict
Moderator
Sep 27, 2003
10531 posts
2932 upvotes
Newmarket
TomRFD wrote: We're already working on the next set of improvements for 2-step verification and that will be a part of it. For the time being you'll have to use 2 devices.
Hopefully sooner than later :) The ability to enter a key is very important.
RFD Forums Moderator
Member
Jan 12, 2007
346 posts
195 upvotes
Don't you need the key for backup ?
Don't want to get locked out.
Moderator
Sep 27, 2003
10531 posts
2932 upvotes
Newmarket
TAZ99 wrote: Don't you need the key for backup ?
Don't want to get locked out.
I think there are two keys being discussed:

1. The key which is the alternative to the barcode so that one can more easily set up the initial 2-step
2. A recovery key if one is locked out. @TomRFD will this be required?
RFD Forums Moderator
Sr. Member
Jan 13, 2013
513 posts
550 upvotes
Saguenay, QC
TAZ99 wrote: Don't you need the key for backup ?
Don't want to get locked out.
This.
Deal Addict
User avatar
May 24, 2007
1159 posts
778 upvotes
London, ON
danns wrote: How about an option to enter a setup key? Can't take a pic of it using my phone when the qr is on my phone.
Some 2-factor authentication apps have an option to add a QR code from an image. You'd take a screenshot of the RFD settings page, then submit that to the 2FA app. That screenshot could also be saved as your backup for now.
[OP]
Administrator
User avatar
Jun 17, 2013
15053 posts
28373 upvotes
Scarborough
WorldIRC wrote: I think there are two keys being discussed:

1. The key which is the alternative to the barcode so that one can more easily set up the initial 2-step
2. A recovery key if one is locked out. @TomRFD will this be required?
Both will be addressed in a future update. For #2, should someone get locked out they'll need to contact us.
RFD Staff - Have a question? Send me a PM.
[Forum Rules] [Deal Alerts] [Thread Hiding]
Deal Addict
User avatar
May 24, 2007
1159 posts
778 upvotes
London, ON
As others have suggested, an ideal implementation should have:
  • The secret key visible during 2FA setup--possible to be read, selected & copied. (With a QR code as a convenience option.)
  • A selection of single-use backup codes--usable when the 2FA app is unavailable. (Preferably also easy to read, and copy/paste.)

All the same, thanks for making account security a focus. And for using what seems like standard TOTP, rather than something like SMS or a vendor-specific implementation.
Newbie
Oct 14, 2018
59 posts
123 upvotes
Edmonton, AB
This is the most user-direct site I've come across with TOTP (and RFD is by no means small). Hopefully it piques the curiosity of folks interested in security and TOTP for more important things will be more widespread in the coming years. Cheers to focusing on account security
Deal Addict
User avatar
Dec 22, 2006
2820 posts
270 upvotes
Toronto
No reward for upgrading security? Weird.
Deal Addict
User avatar
Jun 21, 2003
4524 posts
1880 upvotes
Stoney Creek, ON
Glad to see this addition to the site and that it’s not SMS based.

As others have mentioned it would be nice to have backup single use keys.
Deal Expert
Jun 15, 2011
42625 posts
6857 upvotes
A cyber security professional I approve. Took a while but glad it was done.

Great job to RFD and to its security team.
Blanka
Deal Addict
Nov 21, 2014
1694 posts
2325 upvotes
Atlantic
Hello- wrote: No reward for upgrading security? Weird.
That would be like the US where they give you a chance to win $$$$ if you get the COVID shot.

Here have an upvote!
Deal Addict
User avatar
Dec 22, 2006
2820 posts
270 upvotes
Toronto
EasyCompany251 wrote: That would be like the US where they give you a chance to win $$$$ if you get the COVID shot.

Here have an upvote!
You can't expect the average person to care enough about security to switch to 2fa. Either make the switch mandatory, which would reduce the number of people using the site, or give some reward, like a special icon beside our names or special emoji we can use, etc.

Lots of sites give free stuff to entice people to upgrade their security because it means less support tickets from people who were "hacked". Remember when google gave away a permanent 2gb upgrade to google drive for upgrading security on our google accounts.

Top