Topic: 2FA on Forum Accounts (Read 119 times)
Ok. Thanks, guys. I am locking this thread now, and hopefully theymos will expediently look into the issue of 2FA raised by concerned members of this forum.
I don't know if this suggestion has been made anywhere else here as I couldn't find any thread on it before putting this out. If there is any, I will put this down..
Here are some of them.Two Factor Authentication On Bitcointalk
Bitcointalk Account Security (2FA)
Do you agree to have 2fa Authentication on Bitcointalk.org?
2FA - Important Precautions with Google Authenticator
Isn't it time to introduce 2FA to enhance user account security ?
As for the security, its user's responsibility to do so, there are users that never faced any account breached so far including me, what I mean is this is not solely the forum's fault.
Snip
Found an old topic regarding 2fa implementation and discussion here. 2FA for more security in bitcointalk forum
Also quoting this nice response from @hilariousandco about additional security:
It's coming with the new forum:
https://bitcointalksearch.org/topic/current-requirements-523070
In addition to normal password authentication, the forum should support various kinds of of alternative authentication. At least password auth, email verification, secret questions, OpenID, PGP, OpenVPN (automatic creation of subnets + IP source verification), and Bitcoin address signing should be supported, with multiple allowable credentials for each auth type. Users should have the option of requiring any combination of these auth types. Like "pgp OR (password AND OpenID)". And users should be able to require that changes to some or all auth types as well as the required combination of types not take effect for some configurable number of days. This allows for different types of recovery methods.
Also, it should be possible to limit the access for each auth type. So one type might be able to only read, but not post, etc. If the Web interface uses the same API that is exposed publicly, then these permissions can be in the form of allowed API commands.
https://bitcointalksearch.org/topic/current-requirements-523070
In addition to normal password authentication, the forum should support various kinds of of alternative authentication. At least password auth, email verification, secret questions, OpenID, PGP, OpenVPN (automatic creation of subnets + IP source verification), and Bitcoin address signing should be supported, with multiple allowable credentials for each auth type. Users should have the option of requiring any combination of these auth types. Like "pgp OR (password AND OpenID)". And users should be able to require that changes to some or all auth types as well as the required combination of types not take effect for some configurable number of days. This allows for different types of recovery methods.
Also, it should be possible to limit the access for each auth type. So one type might be able to only read, but not post, etc. If the Web interface uses the same API that is exposed publicly, then these permissions can be in the form of allowed API commands.
Used search function first about topic before posting cause answers that you need might have been suggested before OP.
This has been asked several times before, and I agree that it would be welcomed addition, but I doubt that it will happen, as it would take attention out of new forum development. That feature might be available when new forum is up and ready. Some of the questions are answered in these topic from few years ago (there are several more created throughout the years where you can probably find some answers).
Why doesn't Bitcointalk support 2FA?
Isn't it time to introduce 2FA to enhance user account security ?
Do you agree to have 2fa Authentication on Bitcointalk.org?
Why doesn't Bitcointalk support 2FA?
Isn't it time to introduce 2FA to enhance user account security ?
Do you agree to have 2fa Authentication on Bitcointalk.org?
I have been thinking lately with all these incessant account hacks going on in this forum that it would be a welcome development if theymos would avail us a 2FA option for accounts here. I mean, that should help strengthen the security features of accounts here.
I don't know if this suggestion has been made anywhere else here as I couldn't find any thread on it before putting this out. If there is any, I will put this down.
I will like to read from other users on this.
I don't know if this suggestion has been made anywhere else here as I couldn't find any thread on it before putting this out. If there is any, I will put this down.
I will like to read from other users on this.
Jump to: