HomeLatest ThreadsGreatest ThreadsForums & GroupsMy SubscriptionsMy Posts
DU Home » Latest Threads » Forums & Groups » Main » General Discussion (Forum) » A question about apps

Tue Jul 9, 2019, 01:52 PM

A question about apps

Last edited Tue Jul 9, 2019, 11:19 PM - Edit history (1)

I've been doing data entry for some campaigns, and just got an invitation to work on another. The normal process requires that I click on the thing and it sends a code to my cell, I enter the code and that gives me access to the data system. For some reason, that process isn't working on this new invitation; same admins, same program, but we can't get the codes through.

So, I asked how access codes would be delivered if I still used a landline. I was told that I'd need to install an authentication app on my computer, they suggest "Authy". Here's my question: I'm not familiar with the app, does anyone have experience with it? Concerns? Problems?

Any feedback greatly appreciated, I'm anxious to get back to doing what I can for the campaigns.

Thanks!

Update: After considerable back and forth with the fusty company, during which they explained the difficulty with a "sometimes that happens", we decided to go another route. An hour later, access codes showed up on my phone. Really REALLY hoping they get their shit together as we get closer to 2020, they charge a lot for their 'service'.
.

11 replies, 610 views

Reply to this thread

Back to top Alert abuse

Always highlight: 10 newest replies | Replies posted after I mark a forum
Replies to this discussion thread
Arrow 11 replies Author Time Post
Reply A question about apps (Original post)
madamesilverspurs Jul 2019 OP
jberryhill Jul 2019 #1
madamesilverspurs Jul 2019 #3
Midnightwalk Jul 2019 #4
jberryhill Jul 2019 #7
hunter Jul 2019 #6
mr_lebowski Jul 2019 #2
madamesilverspurs Jul 2019 #5
jberryhill Jul 2019 #8
mr_lebowski Jul 2019 #9
TheBlackAdder Jul 2019 #10
Doctor Howard Jul 2019 #11

Response to madamesilverspurs (Original post)

Tue Jul 9, 2019, 02:12 PM

1. there are a number of them

Google authenticator is pretty standard.

Do you remember those key fob things that some systems used to have, where you had to carry around a key fob with a little LCD screen that had a six digit number on it that would change every 30 seconds or a minute?

Authenticator apps are the same thing, just a software implementation in a device you already carry around.

The only thing they do is to follow an algorithm that produces a pseudo random number at regular intervals. The algorithm is seeded with a value that produces a sequence of numbers that can only be predicted by a machine running the same algorithm with the same random number.

The way you synch up is that the secure system generates the seed and you provide the seed to your device (usually through a QR code) so that your device and the secure system know the seed.

Then, from that point on, the secure system can verify that you are the holder of the device by asking you to provide the current number produced by your device running that sequence.

The only thing the app does is to (a) check what time it is, and (b) produce the pseudo random number based on the time and the seed.

On edit:

https://en.wikipedia.org/wiki/Multi-factor_authentication#Use_of_mobile_phones

Reply to this post

Back to top Alert abuse Link here Permalink


Response to jberryhill (Reply #1)

Tue Jul 9, 2019, 02:26 PM

3. Thanks!

In truth, I don't understand half of what you said, but appreciate the info just the same. (For the record, I'm an old lady who still uses a typewriter now and then.) It was easy when the process worked on my cell phone, don't know why it quit working. I'm just more than a little leery of downloading something unfamiliar to the computer that I so heavily rely on.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to jberryhill (Reply #1)

Tue Jul 9, 2019, 02:30 PM

4. Only thing I'd add

Is that people should enable multi factor authentication whenever they can.

Basically you enter your password on some device and then you get a text message with the code you have to enter to get access to your account.

This almost sounds like it could be using the code instead of a password plus a code? That wouldn’t be as good.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Midnightwalk (Reply #4)

Tue Jul 9, 2019, 02:48 PM

7. It's probably 2FA which is getting more common


I'm just unclear on how screwed I am if something goes wrong with my phone.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to jberryhill (Reply #1)

Tue Jul 9, 2019, 02:47 PM

6. Fuck. I need a "smart" phone?

Or a key fob thing? Or some other device?

As some kind of Luddite, even with a few leftover skeleton keys to the kingdom, I'm screwed.


Reply to this post

Back to top Alert abuse Link here Permalink


Response to madamesilverspurs (Original post)

Tue Jul 9, 2019, 02:20 PM

2. I use it every day ...

Totally legit, just a way to get teh same kind of auth code you'd get on your phone.

Getting it set up can be a little confusing due to some arcane nomenclature, just make sure you have good instructions, and hopefully phone support

Reply to this post

Back to top Alert abuse Link here Permalink


Response to mr_lebowski (Reply #2)

Tue Jul 9, 2019, 02:31 PM

5. Thank you.

It's the "getting it set up" that has me worried. It's easy for younger folks who seem to have been born with the necessary chip implanted, but I don't understand much of the vocabulary or process. Sadly, I've grown accustomed to the eyeroll that usually accompanies my requests for tech explanations. Not being terribly excited at the prospect of screwing up my laptop by not understanding some "arcane nomenclature", I might decide to wait until one of those younger friends is available to assist.

.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to madamesilverspurs (Reply #5)

Tue Jul 9, 2019, 02:52 PM

8. Most of them are made for "normal" people


You shouldn't have to know the nuts & bolts to make it work and, truth be told, it is often easier if you don't.

I can't tell you how many things I overthink and overcomplicate because I have a tech background that leads me to make assumptions that aren't valid in relation to some piece of consumer technology.

Once it is set up, it is exactly like getting the text message, but without getting the text message. You open the app, and the number is just there.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to madamesilverspurs (Reply #5)

Tue Jul 9, 2019, 10:44 PM

9. Easiest way to use it is to add it as a browser plugin ... on chrome

it's just one of the buttons to the right of the url bar.

the people at the organization should have instructions for you on how to initially set up authy. basically they usually give you a code or two you have to put in during setup (this tells authy your authorized to visit their site), and then you're done. You just have to make sure you put the right things in the right places.

To use, I go to the site I log in to, put in my user/pwd info (which is saved in my browser, so nothing to do there), then click the authy button, type my authy pswd in there, and get a code and click 'copy'. the login screen has an 'authy code' location, and I paste the code in (it's like a 2nd password), then click 'login'.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to madamesilverspurs (Original post)

Tue Jul 9, 2019, 11:32 PM

10. Should use what securities firms use... RSA. Many apps are built with virus-plagued freeware.

.

Contrary to the touted position, freeware is the most insecure software, as many of the application groups have been taken over by hackers, and nation state actors to inject code into the builds. Freeware proponents claim that their code is reviewed by multiple people, when in reality the only ones doing it are university academia, hackers and nation security teams. The latter do not reveal holes in the code, and since the code is in open source, they don't have to figure out how to disassemble it, since good firms use their own compilers and assemblers to generate unique object decks.

Many of these apps just borrow functions from open-source sites, to perform specialized functions. Most of the people generating the code cannot read the a dump of their own code, without using some form of interactive development tool.

RSA SecurID along with a cell phone or laptop VPN provides an acceptable level of security. Now, this is just to connect to the network of the site you are going to, then an external security manager userid/password structure controls further access.

.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to madamesilverspurs (Original post)

Wed Jul 10, 2019, 04:39 AM

11. My grandkids pitched in to buy me the dadgum

 

infernal internet iBox.

All this just so I can log in to the AOL.

Reply to this post

Back to top Alert abuse Link here Permalink

Reply to this thread