Betfair security

News, chat and debate about the Betfair betting exchange.
User avatar
Dallas
Posts: 22674
Joined: Sun Aug 09, 2015 10:57 pm
Location: Working From Home

PDC wrote:
Mon Jan 20, 2020 2:02 pm
Derek27 wrote:
Mon Jan 20, 2020 1:39 pm
Thanks for the feedback. I've always been put off 2-step because I log in on 3-4 devices but having said that I am logged in all-day so it shouldn't be too much inconvenience - I'll look into it.

I use LastPass as my password manager. Can't really manage without one now.
Once you have done it a few times it just becomes part of the log in process you go through each day on auto and it really is no hassle.

If someone got into your account and took your money I would imangine that would cause an untold amount of hassle and annoyance and leave you wishing why on earth didn't you put 2FA on.
On busy days I can log in as much as 7-8 instances just to set up all the automation and data capture etc and it can become a bit time consuming but I'd rather do that 25 times a day for years if it saves me from just 1 hack
User avatar
Derek27
Posts: 23477
Joined: Wed Aug 30, 2017 11:44 am
Location: UK

weemac wrote:
Mon Jan 20, 2020 2:04 pm
My solution is to have the same 'base' word with various Caps, symbols etc for all sites. Then I simply include a number 1 somewhere in it for my bank password, 2 for Amazon, 3 for paypal, and so on. (These are just examples!! :lol: ) That means I can carry a piece of paper in my wallet with "bank 1, amazon 2, paypal 3, etc. written down, so they're useless to anyone but me, and are easy to change if necessary.

But 2FA is still a must for financially sensitive sites.
I used to use that method, same password with two or three additional characters to identify the site. It's not really secure having the same 'base' password and another issue is no base password will satisfy the criteria of all sites, so I'd often have to chuck in a hyphen or change the base password and then forget it!
User avatar
ShaunWhite
Posts: 9731
Joined: Sat Sep 03, 2016 3:42 am

Kai wrote:
Mon Jan 20, 2020 1:05 pm
I use KeePass Password Safe for that purpose,
All my login IDs, passwords and backup codes are in the folder with my Will. Ditto a brief operational guide so people know what apps to stop or which VPS company to keep paying if it's still making a profit. :) That should be better than 3 grand from 'Without-this-policy-your-kids-will-bury-you-in-a-binbag.com'
jamesg46
Posts: 3769
Joined: Sat Jul 30, 2016 1:05 pm

PDC wrote:
Mon Jan 20, 2020 12:40 pm
It is really important you keep those backup codes somewhere. My Google Authentication app went out of sync for some reason. It is a known issue with the app. No matter what you do you will not be able to get it back in sync and without the back up codes you are locked out.

Thankfully I had the back up codes saved and was able to get back into my account. Turn off 2 step and then set up up all over again.

Betfair probably would have been able to get me back into my account eventually I guess but I wouldn't like to think how many hoops you would have to jump through, quite rightly before they got you back in. Perhaps they wouldn't be able to.

So again, if you haven't got those back up codes saved somewhere do it now as the app could go wrong at anytime and this applies to all sites you use 2FA!
I didn't know about this so i've just gone through the process, thanks for pointing it out!
User avatar
PDC
Posts: 2272
Joined: Sun Jul 24, 2016 5:52 pm

jamesg46 wrote:
Mon Jan 20, 2020 4:22 pm
I didn't know about this so i've just gone through the process, thanks for pointing it out!
No worries, I was very worried when it happened to me as nothing seemed wrong on the surface. I was using my password and Google 2FA app as I had hundreds of times before. But no matter how carefully I typed it all in it kept saying the password I was entering was wrong.

Eventually my account got locked due to to many failed attempts.

I started to think someone had hacked my account and changed the password as I was 100% sure I was entering the password right and the codes were showing as normal on the app.

I got Betfair to unlock the account but still it wouldn't work and again I was locked out.

It took a long time to get Betfair to unlock it as not surprisingly it was starting to look rather suspicious.

Eventually I just happened to search for 2FA code not working and discovered this bug and that I should use the back up codes which would still be valid. Then to turn off 2FA, uninstall the app and reinstall it and get a new batch of back up codes.

There was nothing to indicate on the surface of it that the 2FA was out of sync and I had only been in my account a few hours before.

Had I not had the codes backed up I don't know how I could have got in as I don't know if Betfair have an override of the 2FA, perhaps they don't?
User avatar
Kai
Posts: 6092
Joined: Tue Jan 20, 2015 12:21 pm

Google Authenticator has many alternatives for both Android and iOS, if someone is having issues with it. I used FreeOTP in the past, it worked flawlessly when I couldn't get Google Authenticator to work properly on my first smartphone.
jamesg46
Posts: 3769
Joined: Sat Jul 30, 2016 1:05 pm

I've wondered how it all works when you upgrade your phone but never got past wondering. I'm that sort of person that goes by "i'll cross that bridge when I come to it" I really need to break that habbit & this thread just goes to highlight to me once again why.
User avatar
PDC
Posts: 2272
Joined: Sun Jul 24, 2016 5:52 pm

jamesg46 wrote:
Mon Jan 20, 2020 5:12 pm
I've wondered how it all works when you upgrade your phone but never got past wondering.
Also what happens if your phone is stolen is something to think about as you would now not have access to the app.

This is a good video from a very good YouTube channel that gives some background info to 2FA and how it works, worth a 5 minute watch:

https://www.youtube.com/watch?v=D6fRdCF9jyQ
User avatar
jimibt
Posts: 3641
Joined: Mon Nov 30, 2015 6:42 pm
Location: Narnia

this thread should be amended (Derek) in the OP to take into account all the comments that add up to best practice and then made into a sticky!!
User avatar
spock
Posts: 37
Joined: Fri Feb 17, 2017 9:16 pm

jimibt wrote:
Mon Jan 20, 2020 5:29 pm
this thread should be amended (Derek) in the OP to take into account all the comments that add up to best practice and then made into a sticky!!
+1
jamesg46
Posts: 3769
Joined: Sat Jul 30, 2016 1:05 pm

PDC wrote:
Mon Jan 20, 2020 5:27 pm
jamesg46 wrote:
Mon Jan 20, 2020 5:12 pm
I've wondered how it all works when you upgrade your phone but never got past wondering.
Also what happens if your phone is stolen is something to think about as you would now not have access to the app.

This is a good video from a very good YouTube channel that gives some background info to 2FA and how it works, worth a 5 minute watch:

https://www.youtube.com/watch?v=D6fRdCF9jyQ
Thanks again, I'll give it a watch now!
User avatar
Kafkaesque
Posts: 886
Joined: Fri Oct 06, 2017 10:20 am

I've seen a few articles, in reputable sources, over the past year or two saying that you shouldn't put blind trust in Google Authenticator. The main point of emphasis being that security on smartphones are shabby at best. I'm no data or security expert - like at all - so just passing on what I've seen written by some in the know.

Personally I've gone to a seperate phone with the Google Authenticator being its sole purpose. Overkill perhaps, but better safe than sorry.
User avatar
PDC
Posts: 2272
Joined: Sun Jul 24, 2016 5:52 pm

Kafkaesque wrote:
Mon Jan 20, 2020 6:37 pm
I've seen a few articles, in reputable sources, over the past year or two saying that you shouldn't put blind trust in Google Authenticator. The main point of emphasis being that security on smartphones are shabby at best. I'm no data or security expert - like at all - so just passing on what I've seen written by some in the know.

Personally I've gone to a seperate phone with the Google Authenticator being its sole purpose. Overkill perhaps, but better safe than sorry.
I have done exactly the same for the reasons you state.

As shown in the video link I posted, there is no need for internet access for 2FA once set up so I also don't have the phone connected to the internet or a cell carrier.
spreadbetting
Posts: 3140
Joined: Sun Jan 31, 2010 8:06 pm

ShaunWhite wrote:
Mon Jan 20, 2020 3:36 pm
Kai wrote:
Mon Jan 20, 2020 1:05 pm
I use KeePass Password Safe for that purpose,
All my login IDs, passwords and backup codes are in the folder with my Will. Ditto a brief operational guide so people know what apps to stop or which VPS company to keep paying if it's still making a profit. :) That should be better than 3 grand from 'Without-this-policy-your-kids-will-bury-you-in-a-binbag.com'
I haven't even got round to writing a will yet, I'm gonna leave them all to fight it out :? I'm OK with being buried in a bin bag.
Emmson
Posts: 3363
Joined: Mon Feb 29, 2016 6:47 pm

:!:
You do not have the required permissions to view the files attached to this post.
Post Reply

Return to “Betfair exchange”