Unrequested log in link

Nothing urgent, but more out of curiosity. I just received an email with a log in link to Brave community that I did not request. I am wondering if someone is trying to gain unauthorized access to my account.

Hello, @Debbie. It may be that somebody attempted to access your account. Please make sure you have a strong, secure password. You should also consider securing your account with Two-Factor Authentication, offered in your Settings. I hope this helps!

Thanks for your reply. I always use strong passwords, but on your suggestion, I decided to try Two-Factor Authentication as well. I am just making sure I understand this before I proceed. In my settings, I found “Two Factor Backup Codes: You must enable a primary second factor before generating backup codes.” I assume that the “second factor” refers to either a Token-Based Authenticator or Security Key. The Token-Based Authenticator requires me to scan a QR code, which I am unable to do on any device I own. I assume that the Security Key option would require me to generate a ssh key pair and upload the public key to your site. Am I on the right track? What changes will I then see when I try to log into my account?

If you don’t have the ability to scan a QR code, you’ll also see an option to enter manually a short sequence of characters to setup your two-factor authentication. No SSH or uploading keys needed; download an authentication app on your phone, scan (or manually type) when prompted, and you should be up and running :slight_smile:

I don’t have a smart phone—only a dumb phone that makes voice calls like a land line. I do internet on a desktop computer. Are you saying I cannot do this by uploading a key?

I believe you can print-out some codes to use, but only after opting-in to either the Token-Based Authentication, or the physical Security Keys (e.g. a YubiKey).

Neither is an option for me, so it looks like I will have to pass on this for now, and hope that whoever it was will go bother someone else instead. Thanks.