Author

Topic: 2FA - authentication (Read 894 times)

brand new
Activity: 0
Merit: 0
August 19, 2024, 04:29:06 AM
#17
It may worth mentioning that although many see 2FA as ultimate safety, most keep the 2FA app on the same phone they need the 2FA codes - usually for crypto platforms/exchanges, but the new forum, if ever, will be another such case.

Known Bitcoin address is imho the best and most appropriate safety net.
hmmmmmmmm
copper member
Activity: 2198
Merit: 1837
🌀 Cosmic Casino
August 16, 2024, 05:32:35 PM
#16
I was just thinking about the 2FA login process before I logged in and I came across this post in this section, Even the Captcha Login Process ticks it's box automatically.
Just in case you missed it, the 2 FA feature was added in December last year thanks to our valued member PowerGlove. You can read through the post

I think the Captcha Login process is Ok especially if you are not using Tor or some fee VPN service. Sometime back, it was actually so annoying, and you would end up going through several loops before logging in,
jr. member
Activity: 71
Merit: 6
August 16, 2024, 10:40:24 AM
#15
Hi,

I searched the forums and I was able to find an old thread, locked since some time now.
How about adding the option for 2FA when logging in? An integration with Google Authenticator or similar would greatly reduce the risk of account theft/ impersonation/ etc.

Thoughts? Ideas?

Cheers,
- anx.


I was just thinking about the 2FA login process before I logged in and I came across this post in this section, Even the Captcha Login Process ticks it's box automatically.
legendary
Activity: 2240
Merit: 3150
₿uy / $ell ..oeleo ;(
June 29, 2022, 02:21:20 AM
#14
I can imagine such a measure discouraging some new users from participating because they have yet to learn how to do such a simple thing, or older users who lost access to the private key associated with the address (or users for whom it wouldn't be worth the hassle to search for the key).

2FA is a very simple concept that nearly every service that conducts financial transactions uses in one way or another (with some being less secure than others). I would have serious doubts that requiring 2FA would discourage participation.

I was replying to TheBeardedBaby's post where he proposed signing messages. A newbie is more likely to be confused how to sign a message compared with the more common use of scanning QR codes with Google Authenticator.

Also most people register on forums not to sell but to participate in discussions and if they don't associate monetary value with their account (compared with other services requiring 2FA), they might not care as much about losing their 2FA for one reason or another.

I thought more as an Option to choose when register you account, and possibly activate it later but not as a requirement to register. Same as the console browser view of the forum suggested by Cyrus some time ago. It's gonna be an option for those people who don't want to do anything with authenticators like Google or Microsoft and worried of being tracked.
legendary
Activity: 3472
Merit: 1724
June 13, 2022, 10:37:56 AM
#13
I can imagine such a measure discouraging some new users from participating because they have yet to learn how to do such a simple thing, or older users who lost access to the private key associated with the address (or users for whom it wouldn't be worth the hassle to search for the key).

2FA is a very simple concept that nearly every service that conducts financial transactions uses in one way or another (with some being less secure than others). I would have serious doubts that requiring 2FA would discourage participation.

I was replying to TheBeardedBaby's post where he proposed signing messages. A newbie is more likely to be confused how to sign a message compared with the more common use of scanning QR codes with Google Authenticator.

Also most people register on forums not to sell but to participate in discussions and if they don't associate monetary value with their account (compared with other services requiring 2FA), they might not care as much about losing their 2FA for one reason or another.
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
June 11, 2022, 03:51:02 PM
#12
I can imagine such a measure discouraging some new users from participating because they have yet to learn how to do such a simple thing, or older users who lost access to the private key associated with the address (or users for whom it wouldn't be worth the hassle to search for the key).

2FA is a very simple concept that nearly every service that conducts financial transactions uses in one way or another (with some being less secure than others). I would have serious doubts that requiring 2FA would discourage participation. Although there is the argument that 2FA may result in additional account recoveries, and may result in the threshold for recovering an account to be lowered because people have lost their 2FA keys.
legendary
Activity: 3472
Merit: 1724
June 10, 2022, 05:23:37 PM
#11
I can imagine such a measure discouraging some new users from participating because they have yet to learn how to do such a simple thing, or older users who lost access to the private key associated with the address (or users for whom it wouldn't be worth the hassle to search for the key).
Maybe if this sort of requirement only existed for some Marketplace child-boards, it could make sense to prevent some scams (not all, social engineering via PMs would still be possible, which perhaps could be countered with a message padded to the PM, something along the lines of "this user last authenticated X days ago").

legendary
Activity: 2240
Merit: 3150
₿uy / $ell ..oeleo ;(
May 31, 2022, 04:31:13 PM
#10
How about adding a standard message (date and time) to be signed from a staked or registered address when you open an account.
It could be automated and If it's verified successfully you can log in.
This could be required on a random basis every month for security.
It's a bitcoin forum after all.
legendary
Activity: 2310
Merit: 4085
Farewell o_e_l_e_o
May 25, 2022, 08:14:50 AM
#9
There will be 2FA in a new forum software, Epochtalk.

For this forum software SMF, there will be no 2FA as the admin confirms it. There are other ways for you to secure your account as well as prepare for your account recovery in future.
legendary
Activity: 1596
Merit: 1288
May 25, 2022, 07:51:39 AM
#8

Thoughts? Ideas?

Perhaps one of the reasons this development takes a while is that the forum is open for public discussion, you are not supposed to share personal data here, messages are encrypted and it is better to encrypt it with yourself.

Two-factor authentication is good if the forum asks you for money or personal data, and the recovery of accounts does not take much time, you may make sure that you are signing a message correctly.
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
April 17, 2022, 02:11:26 AM
#7
That wouldn't eliminate the need for manual recoveries; it might even increase it as people lose their second factor. 2FA would be nice, but IMO the email notifications provide many of the same benefits, so it's not high on my to-do list.
This is the reason why I think it is unlikely for 2FA to ever be implemented on bitcointalk.

There is a lot of commerce that takes place on bitcointalk, however, a bitcointalk account is intended to be used for discussion. So the types of verifications that 2FA provides is better done when trading, rather than when logging in. There are sometimes occasions in which someone will legitimately lose access to their private keys, and the market can decide how to handle these situations, which will typically be that the person will need to earn trust subsequent to losing their private keys.

If 2FA is required to even log in, there will be instances in which the administration will be faced with the choice between not allowing someone who has evidence they are a long-standing forum member from accessing their account and potentially allowing an imported from accessing a long-standing forum member's account.
legendary
Activity: 2968
Merit: 3406
Crypto Swap Exchange
April 15, 2022, 10:48:13 AM
#6
there should be added support for any U2F keys like yubikey… or Trezor.
Only if it allows us to register multiple U2F keys or devices... I know a few platforms that have a limit of 1 and if you somehow lose both your device and the backup codes [or the recovery seed for Trezor], then you'd probably lose access "from your side [in other words, more work for the recovery team]"!
- I do know that the recovery options differ slightly based on the type of U2F device that's being used, but still...
legendary
Activity: 952
Merit: 1386
April 14, 2022, 03:48:13 PM
#5
Oh, it would be a great addition to the forum! I think not only Google Authenticator should be implemented, there should be added support for any U2F keys like yubikey… or Trezor.
https://blog.trezor.io/secure-two-factor-authentication-with-trezor-u2f-e940fd5a60af
full member
Activity: 638
Merit: 208
Belgian based crypto-enthusiast
April 13, 2022, 04:13:28 PM
#4
It may worth mentioning that although many see 2FA as ultimate safety, most keep the 2FA app on the same phone they need the 2FA codes - usually for crypto platforms/exchanges, but the new forum, if ever, will be another such case.

Known Bitcoin address is imho the best and most appropriate safety net.

I do share your opinion and 2FA is only as safe as the implementation of it is done securely, history has learned us that 2FA doesn't solve being secured. There are a lot of reports where 2FA could be bypassed etc.. nevertheless, I do opt for a more secure option to log in.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
April 12, 2022, 01:06:37 AM
#3
It may worth mentioning that although many see 2FA as ultimate safety, most keep the 2FA app on the same phone they need the 2FA codes - usually for crypto platforms/exchanges, but the new forum, if ever, will be another such case.

Known Bitcoin address is imho the best and most appropriate safety net.
copper member
Activity: 2128
Merit: 1814
฿itcoin for all, All for ฿itcoin.
April 11, 2022, 05:59:43 PM
#2
Hi,

I searched the forums and I was able to find an old thread, locked since some time now.
How about adding the option for 2FA when logging in? An integration with Google Authenticator or similar would greatly reduce the risk of account theft/ impersonation/ etc.

Thoughts? Ideas?

You are going to have to wait for it in the new forum software that is being polished up

Quote
Any plans for implementing some sort of a 2FA in the new forum? (this is especially important for people conducting trades over the forum)

Yes, there will be 2FA.

Admin has been reluctant to implement 2FA on this forum software, probably because it will be so time-consuming and so hard a task. You are definitely not the first to request for it

If someone wants to write a patch for it, I will seriously consider adding it. I believe that safely adding 2FA would be very time-consuming, so I'm not willing to do it myself or direct Slickage to do it.

That wouldn't eliminate the need for manual recoveries; it might even increase it as people lose their second factor. 2FA would be nice, but IMO the email notifications provide many of the same benefits, so it's not high on my to-do list.
copper member
Activity: 970
Merit: 287
Per aspera ad astra
April 11, 2022, 09:48:32 AM
#1
Hi,

I searched the forums and I was able to find an old thread, locked since some time now.
How about adding the option for 2FA when logging in? An integration with Google Authenticator or similar would greatly reduce the risk of account theft/ impersonation/ etc.

Thoughts? Ideas?

Cheers,
- anx.
Jump to: