Google Authenticator

[Guest]

Google authenticator with my phone number for 2FA? These are huge red flags that tells me AirVPN is not what they say they are i.e. secure and anonymous. Quite the contrary. Maybe even part of the great social engineering clik. No thanks. Glad I diden't actually buy a subscription.

[Staff 9971]

20 hours ago, 2old2giveAchit said:

Google authenticator with my phone number for 2FA? These are huge red flags that tells me AirVPN is not what they say they are i.e. secure and anonymous. Quite the contrary. Maybe even part of the great social engineering clik. No thanks. Glad I diden't actually buy a subscription.

In your fantasy world only. In AirVPN 2FA is based on TOTP https://en.wikipedia.org/wiki/Time-based_one-time_password which does not require any Google app and does not require any phone number. TOTP is an open protocol described by IETF in RFC 6238

[fsy 34]

20 hours ago, 2old2giveAchit said:

Google authenticator with my phone number for 2FA? These are huge red flags that tells me AirVPN is not what they say they are i.e. secure and anonymous. Quite the contrary. Maybe even part of the great social engineering clik. No thanks. Glad I diden't actually buy a subscription.

One of the most hilarious messages of the year. Just a troll or a real assclown? Curious, perhaps impossible, that 12 years after its introduction there are those who think TOTP needs phone numbers or Google, but the Invision Board plays a role to mislead because in the account panel to enable 2FA it says "You will need Google Authenticator". Can someone from @Staff fix this idiotic bullshit? I know that some IPB strings are crypt coded but maybe you can customize in some way.
 

[xistal_ 0]

Could connecting to my Google Authenticator app potentially make my account less secure? Wouldn’t it be linked to my account, and therefore be traceable back to my account? 

Complete noob here, sorry if it’s a stupid question but I’m genuinely curious

[Staff 9971]

37 minutes ago, Hadalio said:

Could connecting to my Google Authenticator app potentially make my account less secure? Wouldn’t it be linked to my account, and therefore be traceable back to my account? 

Complete noob here, sorry if it’s a stupid question but I’m genuinely curious

Hello! Google Authenticator has become closed source software (proprietary freeware) recently. It was open source software for a decade or so, and then it was closed, bad decision in our opinion. So you might (should?) prefer anyway an open source alternative. See also:
https://en.wikipedia.org/wiki/Comparison_of_OTP_applications

The potential correlation you talk about, which can happen with any TOTP based application, could come from the unlikely comparison between your secret shared key if you have your device stolen/seized and decrypted/cracked, and all the secret shared keys stored in AirVPN, if they are at the same time stolen or seized. But then this would only prove that you are an AirVPN customer, not how you used AirVPN.

Also remember that you don't need a mobile platform and/or an Android system to use an OTP based application.

Kind regards
 

[Staff 9971]

16 hours ago, fsy said:

One of the most hilarious messages of the year. Just a troll or a real assclown? Curious, perhaps impossible, that 12 years after its introduction there are those who think TOTP needs phone numbers or Google, but the Invision Board plays a role to mislead because in the account panel to enable 2FA it says "You will need Google Authenticator". Can someone from @Staff fix this idiotic bullshit? I know that some IPB strings are crypt coded but maybe you can customize in some way.
 

Hello!

Definitely, that reference to Google Authenticator was an old remnant of board's scrambled text. Please verify that everything has been fixed properly now. Thank you for the head-up.

Kind regards