Fiverr Forum

Can we please have 2FA?


#1

Can we please think about getting this introduced. I’ve read several threads about members having there accounts hacked, and I assume Fiverr won’t be compensating for any funds lost. I think most people with a bit of common sense have this enabled on most of the accounts they want secured. So while earning money through Fiverr, would it not be a very good idea to introduce 2FA?

I for one, feel very unsafe and almost immediately withdraw my funds, but this shouldn’t be the case. We shouldn’t have to worry about being hacked. More withdrawals = more fees.


#2

2FA? Is that Two Factor Authentication?


#3

Yes, its Two Factor Auth. I’m surprised this isn’t already implemented. It seems normal on most applications/platforms that are similar to Fiverr.


#4

I’ve never been hacked in over five years. I don’t think it’s a big problem. But I’m not sure.


#5

I would support it, although I’m not really missing it.
Right now I use LastPass for all my passwords including Fiverr and it has 2FA.


#6

How do you know it’s secure? I’m not sure it’s safe to trust password saver apps.


#7

The only way you can get in is if you have my phone. There’s no other way.
Nothing is 100% secure, but it’s better than typing a password that you can remember.


#8

I mean how do you know they don’t send the information stored in them to some place else? Like some kind of hack? Like a keylogger? Wouldn’t an app like that be perfect for a hacker to use? It’s like the perfect trojan.


#9

Nope, it’s easier to attack Fiverr where people use passwords such as “password123” than try to hack a service with a sole purpose of keeping passwords secure.

More info here (there are other articles explaining it’s pros)
https://lastpass.com/support.php?cmd=showfaq&id=6926


#10

If the app had a trojan imbedded in it when you installed it, that would make it easy for a hacker. I don’t trust them.


#11

The 2FA is a great option to protect the account for surely.
At least it is worth to try google auth.


#12

I think the security question is what was the name of my best friend in school. No one but me knows that so it’s pretty secure. Why would there need to be another one?

I haven’t been asked that yet. I have had a code sent to my phone a couple of times. Someone would need to have my phone to be able to do anything with my account.


#13

Yeah! Most commonly any phishing attacks from spam messages.


#14

Trusting LastPass or a similar service/software with all your passwords is definitely a valid concern and I get why some people don’t wish to use it.

There is no such thing as a 100% secure system. It comes down to finding a solution that fits your needs and has the least amount of security holes.

I’ve done my research and the most suitable option for me is LastPass.

  • I have probably 20+ accounts on various platforms that I use almost daily.
  • I also have a decent amount of clients who trust me to keep their website secure.
  • There’s no way I could remember all the passwords especially if a password is a random string of numbers, letters and special chars. I don’t use names, places etc. because it’s simply not secure.
  • I have tried various techniques in the past such as formulas, but I didn’t find those very secure nor convenient.

So I needed a solution that is able to protect all my tools, clients and something that would be convenient to use. After trying several solutions (online & offline) I found LastPass.

Benefits

  • It’s secure (AES-256, SHA-256 and salted hashes)
  • Decrypting is only at the device level so no interceptions and even LastPass doesn’t have the passwords in text format. They can’t sell my passwords.
  • It has 2FA which means you need to have access to my phone to get in.
  • It’s available through my browser and it has plenty of shortcuts.
  • It’s super cheap

I think every web developer should use something like this to keep their clients secure :slight_smile:
It doesn’t have to be LastPass, it can be any other service.


#15

What if your hard drive crashes? Then you lose the passwords. I only have a few to remember. But they are complex. So if my memory fails I’m in trouble. I have something that must be on chrome that pops up to ask if I want it to remember them too. I don’t even know what that is now that I think about it.


#16

Doesn’t matter, I can access my passwords on any device. LastPass stores my passwords in encrypted format on their server so it doesn’t matter if I use my laptop or not.

You can disable that from Chrome advanced settings. A lot of people use that, but that’s not a good solution.


#17

If someone ever steals my laptop then they will have some passwords. I don’t have my main ones anyplace except in my memory.


#18

:arrow_down: This could be a solution. (From xkcd)


#19

A good bit of my passwords are quite long; especially if the site permits it. My backup for passwords is a physical journal which came in handy with both my laptop and main computer had to under go a reboot which resulted in everything that was saved, including passwords, getting wiped. I don’t mind 2FA to an extent, but there are times where they get a bit ridiculous if not time consuming.