Topic: 2FA Security system can make bitcointalk for Safe and effective (Read 263 times)

NIST:

 Authenticator Assurance Level 1: AAL1 provides some assurance that the claimant controls an authenticator bound to the subscriber’s account. AAL1 requires either single-factor or multi-factor authentication using a wide range of available authentication technologies. Successful authentication requires that the claimant prove possession and control of the authenticator through a secure authentication protocol.

Authenticator Assurance Level 2: AAL2 provides high confidence that the claimant controls an authenticator(s) bound to the subscriber’s account. Proof of possession and control of two different authentication factors is required through secure authentication protocol(s). Approved cryptographic techniques are required at AAL2 and above.

Authenticator Assurance Level 3: AAL3 provides very high confidence that the claimant controls authenticator(s) bound to the subscriber’s account. Authentication at AAL3 is based on proof of possession of a key through a cryptographic protocol. AAL3 authentication requires a hardware-based authenticator and an authenticator that provides verifier impersonation resistance; the same device may fulfill both these requirements. In order to authenticate at AAL3, claimants are required to prove possession and control of two distinct authentication factors through secure authentication protocol(s). Approved cryptographic techniques are required.

Source: https://pages.nist.gov/800-63-3/sp800-63-3.html

---

Bitcointalk is only authenticator assurance level 1. Tbh, if people started signing our messages with bitcoin addresses, we'd be at level 3; but that's on the user to do.

not only those of you who have such thoughts for better security for the bitcointalk forum. Maybe the forum admin already has another decision to only use the security that is currently available. the most important email must be hidden in account information, and be careful with phishing websites.

"2FA Security system can make bitcointalk for Safe and effective".
The forum is safe itself, and only forum users are unsafe with their personal issues, from careless clicking on links (includes phishing links); arbitrarily visiting harzadous websites (like pornsites); enabling their emails in their forum profile pages and other places (bounties, campaigns, etc.); storing their account and email passwords online without secondary protections (such as passwords for sheets, or files they store accounts/ emails' passwords); don't have antivirus/ internet security softwares; and so on.

TOPT. Everyone google authentication installed. Nearly as secure as something you know. Makes it harder to break.

Someone build it in PHP, store it in mysql,  , done.


How much would it cost? Like seriously. It allows people to download the master and uses time. Which fucking better work @serveradmins, because ntp is stupid simple.


https://github.com/PHPGangsta/GoogleAuthenticator

boop.

we're already using google's catcha shit, might as well suck its tit with 2fa.

To add on to this, SMF is soo old and outdated, alongside the fact that the forum is customized in such fuckall format that apparently adding 2FA to the forum isn't going to be really possible, many users have mentioned in the past but it's just never been implemented, which really sucks, but kinda have no other choice but to deal with it.

It has been said countless times that this will be available on the new forum software. Use the search bar before making a repetitive post.

May I correct nthat impression that Theymos never said he won't add it to the forum security but that, "it will be time consuming" so, if OP can help out with the patches then why not to add 2FA. But candidly speaking, you can't do that for the forum because you aren't good in programming
2FA is not a good security that can't be mess with or swim with when a hacker want to....... 

Woah! That's been discussed long ago hoping many will be enlightened that theymos doesn't want considering to add it on the forum. Besides, admins are still active and with the Cryptios on the hidden spotlight doing some good jobs as well I guess it's better way like this that to provide the ownership of your account is to have a signed BTC address on the link as @Royse777 just mentioned.

---

Cryptios.

Similar proposal was discussed in several occasions but I do not think the admin has this in their priority list. The best you can do is that sign a Bitcoin address and stake it in here. So in case anything goes wrong with your account, request the admin to unlock it.


The processes were slow before but since theymos introduced the cryptonies (please some one correct the name, I know I got it wrong) or something team - the account recovery is faster I believe.

Bitcointalk is a most effective web site for us.
We give many many time here. Becuse, we learn many things from here and see Rare News on bitcointalk.
So, we can say bitcointalk is a dreamland for us.    
We need more and more security here.
  
When we Change our password or email address,  then 2FA code inescapable.Which generate by google authenticator or Related app.

I think it make bitcointalk more Safe.