Pages:
Author

Topic: 2FA added - page 4. (Read 1879 times)

legendary
Activity: 2716
Merit: 1225
Once a man, twice a child!
December 22, 2023, 01:48:02 PM
#47
Finally, it's implemented. Theymos, you surprised everyone (well, maybe me) on this with your quick response. Also, thanks to user PowerGlove.

~
Have I started to hear the complain now that 2fa code expires too quick 😂?
That's what makes us humans. We're insatiable by nature. If we don't complain, even when what's given seems the best, it simply makes life boring 😂
hero member
Activity: 798
Merit: 1045
Goodnight, ohh Leo!!! 🦅
December 22, 2023, 01:33:33 PM
#46
Hopefully, the number of alts might drop if/when 2FA becomes mandatory. (And new users should have to employ 2FA automatically)

Can we have a shield to indicate we have 2FA enabled, please?
Kudos.
okay... I've been wondering how that would reduce the number of Alts? Hope I understood you clearly?... My bad, I haven't checked through the Google Authenticator to see how it works...
Could you explain how mandatory 2FA leads to less alts? After all, it's app-based 2FA.
that's exactly how confused I became when I first read his statement... Maybe timelord thinks the Authenticator could detect IPs to some point?
No, you will not receive a code in the mail. It has nothing to do with mail at all. To use 2FA you need to install the Google Authenticator application, scan the QR code that is present in your profile with the help of this application and when logging in to the forum enter the numbers that this application gives you.
Xal, is it safe to assume that this authentication process cannot be made to synchronize with just one device?.. cus scanning out the code on the app would definitely need two devices..

Sandra 🧑‍🦰
hero member
Activity: 700
Merit: 541
Bitcoin Casino Est. 2013
December 22, 2023, 12:33:16 PM
#45
At least I was still a part of the forum when some changes took place, the first I experienced was the addition of OP and now we have 2FA available for us.

Assuming a topic was created suggesting that 2FA should be added to the forum I would have boldly written that we are not going to see it soon cause theymos probably has other important things to attend to than that but surprisingly he came up with the this announcement.

I haven’t enabled mine but after I make this post I’m going straight to my settings to get it done.
staff
Activity: 2436
Merit: 2347
December 22, 2023, 12:28:34 PM
#44
When I saw OTP, I thought, “What kind of bullshit is this?” Smiley Only by hovering the cursor over these letters did I read the comment about 2FA.

It turns out that if the 2FA option is enabled, a code will be sent to your email to confirm login to your account? Did I understand everything correctly?

No, you will not receive a code in the mail. It has nothing to do with mail at all. To use 2FA you need to install the Google Authenticator application, scan the QR code that is present in your profile with the help of this application and when logging in to the forum enter the numbers that this application gives you.
legendary
Activity: 2898
Merit: 1253
So anyway, I applied as a merit source :)
December 22, 2023, 09:59:25 AM
#43
For a few seconds I was getting an April Fools Deja vu feeling when I saw that OTP field while logging in. I rechecked the date even if I was sure it was not 1st of April.  Grin

So I checked the Meta section and lo and behold, our long requested feature is finally hear, thanks to theymos and PoweGlove for the early Christmas gift.

Got it enabled and I hope everyone else does the same too.
legendary
Activity: 1792
Merit: 1296
Crypto Casino and Sportsbook
December 22, 2023, 09:49:06 AM
#42
When I saw OTP, I thought, “What kind of bullshit is this?” Smiley Only by hovering the cursor over these letters did I read the comment about 2FA.

It turns out that if the 2FA option is enabled, a code will be sent to your email to confirm login to your account? Did I understand everything correctly?
hero member
Activity: 952
Merit: 662
December 22, 2023, 08:48:01 AM
#41
Wow another good improvement by PowerGlove, it seems epochtalk will likely to happen because we have him. Tongue

Honestly I was little shocked there's an OTP code when I want to login, I thought I visit the wrong site.

what actually the usage of that QR code and the address they have gave us?
Both are a same thing, you scan the QR code or input the setup key on your 2FA apps, the difference is you don't have to type each character if you scan the QR code. Cheesy
hero member
Activity: 1414
Merit: 513
Payment Gateway Allows Recurring Payments
December 22, 2023, 08:31:46 AM
#40
Just for info first time 2FA was introduced by AT&T in 1996
Haha, we are busy people and have many other things to do like saving the earth from aliens, hahaha, but if we compare this forum with others then it is still doing great and giving a good competition. I think the improvements of this forum are solely made by the local community like free lancer without any pay. I hope PowerGlove will be paid by the Admin. haha.

By the way, it is a good thing and we needed, it I am definitely going to use it but what actually the usage of that QR code and the address they have gave us?
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
December 22, 2023, 07:10:53 AM
#39
Finally, there will be no more hacked BTT accounts and everyone will sleep peacefully knowing that they are now safe from all hackers Roll Eyes

All kidding aside, this is a nice feature for added security, but for those who don't have a sense of online security, it won't be too much of a help - someone who allows their forum account to be hacked will most likely not be able to protect their email account, which means that hackers will easily bypass this additional protection.



Until your account gets hacked and is used to post malware, leading to a permanent ban. That's when you will realize that the staked BTC address is useless. I think i know someone in this state whose account is still banned up to now despite opening a ban appeal including a signed message.

Far from the fact that the signed address is useless, because even when a hacker succeeds in hacking the BTT account and the e-mail that is connected to the forum account, apart from the IP logs that can serve as evidence (if the user does not use VPN/Tor), the only way you can prove that you are the real owner of the account is to sign the message from the staked address.
staff
Activity: 1316
Merit: 1610
The Naija & BSFL Sherrif 📛
December 22, 2023, 06:26:51 AM
#38
Finally! We had this conversation 1 week ago and it's here. One could argue that my ranting contributed 1% out of the remaining 10%  Grin

Time for the champagne gentlemen?

[1] I'm 99% sure that the 2FA/TOTP patch will get merged. And I'm 100% sure that I'll open a bottle of something special when it does. Smiley
Then allow me to be the first to raise the glass when it happens!
hero member
Activity: 462
Merit: 767
Instant cryptocurrency exchange with own reserves!
December 22, 2023, 05:56:20 AM
#37
----

Thanks for the great work PowerGlove!
Now, it's time to catch your bounty for developing the 2FA and encourage theymos to add it. I guess there was a 1 BTC bounty for whoever coded it, and if they add it, the developer should receive the bounty. Currently, I am unable to find the thread. But, If I am not wrong, the user was Stunna, who offered it. I will edit this post again once I find the thread.

Edit: here it is 2FA desperately needed 2BTC Bounty.
May bad. It was 2BTC. But considering how much BTC grew now, The bounty would be lower. But, the sad thing is, Stunna is not active for a while. Still you can ask Carolzinha if she has contact with Stunna.

legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
December 22, 2023, 05:30:51 AM
#36
Hopefully, the number of alts might drop if/when 2FA becomes mandatory. (And new users should have to employ 2FA automatically)
I do not think that 2FA will affect anyone operating alts. Different emails solves this and it is app base.

I doubt different email solve when you could just use plus feature like this,

Quote

In addition, email forwarding service let you generate "unlimited" email address such as https://www.33mail.com/.
hero member
Activity: 1148
Merit: 643
BTC, a coin of today and tomorrow.
December 22, 2023, 05:24:39 AM
#35
Hopefully, the number of alts might drop if/when 2FA becomes mandatory. (And new users should have to employ 2FA automatically)
I do not think that 2FA will affect anyone operating alts. Different emails solves this and it is app base.

Can we have a shield to indicate we have 2FA enabled, please?
This will be a threat to security. Any profile without such a shield indicator will be the target of hackers.

Will 2FA relegate the act of staking ones address in meta?

Thanks theymos and PowerGlove. One sad news at the beginning of the month (mixers ban), one good news at the end of the month.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
December 22, 2023, 04:40:50 AM
#34
If you use the forgotten-password function, then there's an option to remove the 2FA. So 2FA does not provide any protection in case of a compromised email. Make sure that your email address is secure.

It somewhat limit security offered by 2FA, but i guess we could just set 2FA on our email address.

In conclusion using the 2FA you have to be a kinda speedy because the code expires every minutes.

And that's just how app-based 2FA usually works.

Hopefully, the number of alts might drop if/when 2FA becomes mandatory. (And new users should have to employ 2FA automatically)

Can we have a shield to indicate we have 2FA enabled, please?

Kudos.

Could you explain how mandatory 2FA leads to less alts? After all, it's app-based 2FA.
legendary
Activity: 3696
Merit: 2219
💲🏎️💨🚓
December 22, 2023, 02:17:07 AM
#33
Hopefully, the number of alts might drop if/when 2FA becomes mandatory. (And new users should have to employ 2FA automatically)

Can we have a shield to indicate we have 2FA enabled, please?

Kudos.
hero member
Activity: 714
Merit: 1298
December 22, 2023, 02:09:17 AM
#32
Excitement regarding implementation of 2FA authentication for forum login is quite understandable, though, frankly,   the type chosen, i.e. OTP is obsolete already. Much easier and at the same time more stronger would be the use of U2F key, but, sorry to say this,  probably one need to wait the next 10 years to witness this authentication technique here.

Nevertheless, thank you both, theymos and PowerGlove, for the step forward.
hero member
Activity: 882
Merit: 654
Leading Crypto Sports Betting & Casino Platform
December 22, 2023, 01:08:35 AM
#31
However for me, I am fine. I have my btc address staked. I think nothing I have to worry.
Until your account gets hacked and is used to post malware, leading to a permanent ban. That's when you will realize that the staked BTC address is useless. I think i know someone in this state whose account is still banned up to now despite opening a ban appeal including a signed message.

I got hacked some time back, so I take no chances. 2FA is more than welcome
I wasn't thinking it toward theymos angle when I saw the 2FA in my email through notification, but here we are, it is real now, thanks to all the team involved, mentioned and unmentioned.

However, this is the first forum I would ever hear of 2FA security enabled, I must say it's because there are so many tech-savvy here, if not, no one would have given it that much thought, not to talk of prioritizing it on forums.

But strange too, I do hear a lot here that their accounts are hacked. That must be a serious concern about security if those claims are always correct. And as much as I didn't want to enable the 2FA before, I think your advice is proper, it is those who have experienced the security breached that can tell one and know the importance of this 2FA which is another layer of security in the account. It's a welcome develomnet if I must say.
sr. member
Activity: 532
Merit: 268
December 22, 2023, 12:48:31 AM
#30
Thanks @Theymos & special thanks to @PowerGlove for added 2 factor Authentication.
Adding this two factor authentication has added more security to the forum. This is a gift to all of us from the forum admin on the occasion of Christmas. We will get more security when we login to our account, this is actually a kind of new direction and addition for us. Looking forward to more updates in the future and hope that our forum will continue to grow.
legendary
Activity: 3178
Merit: 3295
December 21, 2023, 07:34:39 PM
#29
Thanks for all the congrats & stuff being left in this topic. Bitcointalk has become a lot more important to me than I expected when I joined. I'm grateful that I get to contribute to it in my own way, and I hope to keep doing that for a good while yet. Cheers!
Well done PowerGlove on that piece of gold thing we are asking for years and also theymos for activate it now.
It looks like an early X-Mass Gift and i have already activated it without any problems.
Really great awesome job PowerGlove , much appreciate that and all your Work.
hero member
Activity: 510
Merit: 4005
December 21, 2023, 07:25:39 PM
#28
(...) the much-requested 2-factor authentication feature has finally been added.


(Thanks for letting me work on this, and for the valuable tweaks and additions that you made.) Wink

Why this Confirmation OTP field has to be password filed? I think it should be normal text field.
Hmm... That's a good question. A type="text" field would make it easier for people to see if they've typed in their OTP correctly.

I erred on the side of caution with a lot of the decisions I made with this patch. I think the rationale I used (just guessing, I don't actually remember) when deciding on a type="password" field went something like this: I left theymos some configuration knobs in the code, and I didn't know exactly what values he would settle on. So, as a hedge against him settling on a very long OTP validity-time (like a few minutes or more, instead of ~30 seconds), I thought it best to treat the OTP as password-like (and prevent it from being easily shoulder surfed). That was the thinking behind the OTP field-type on the login page. The thinking behind the OTP field-type on the settings page was just to mirror the field-type from the login page.

Have I started to hear the complain now that 2fa code expires too quick 😂?
If that becomes a problem and more than a few people bump into it, then it's very easy to adjust.

@theymos: If you want to make the OTP codes remain valid for a little longer, then adding 1 more 30-second window of look-behind would be a good start. (Changing the look-behind value near the top of TOTP.php won't affect the otpauth URI, so it won't affect compatibility or disturb anyone's already-imported settings.)



Thanks for all the congrats & stuff being left in this topic. Bitcointalk has become a lot more important to me than I expected when I joined. I'm grateful that I get to contribute to it in my own way, and I hope to keep doing that for a good while yet. Cheers!
Pages:
Jump to: