Pages:
Author

Topic: Can bitcointalk.org get 2 factor authentication? (Read 2932 times)

hero member
Activity: 662
Merit: 545
I support this tremendously.
legendary
Activity: 3038
Merit: 1032
RIP Mommy
Will it stop these incessant virus PMers that seem to be trading and/or hacking forum accounts?

No. 2FA is useless against phishing sites.

For those phishing sites that are copy of this forum, that would be useful. Stolen passwords wouldn't be enough then, at least for people who enabled 2FA.


I meant against the phisher account buyers themselves. Wouldn't they have to get the 2FA secret keys from the people they buy accounts from?
legendary
Activity: 1512
Merit: 1012
Still wild and free
Will it stop these incessant virus PMers that seem to be trading and/or hacking forum accounts?

No. 2FA is useless against phishing sites.

For those phishing sites that are copy of this forum, that would be useful. Stolen passwords wouldn't be enough then, at least for people who enabled 2FA.
administrator
Activity: 5222
Merit: 13032
Will it stop these incessant virus PMers that seem to be trading and/or hacking forum accounts?

No. 2FA is useless against phishing sites.
legendary
Activity: 966
Merit: 1004
Keep it real
Can we get a response from a moderator or admin? The technical difficulty of installing this under options isn't that onerous.

A response from a mod doesn't really help (as seen here).  I think 2FA is a good idea, but theymos is the one who has to make it hap=pen.
legendary
Activity: 1512
Merit: 1012
Still wild and free
Heh, good word. The first one I got was June 13, now 2 separate accounts just this week.

These fucking twats would wave guns around at cops in real life... PMing me is electronic suicide. Instant trust level shitcan, instant email to the webhost of their virus, instant warning comment on the download page. They just don't learn.

Man, I right now just got a new PM from one of these morons, and after reading your post I thought "good idea, let's leave a comment!". Then on the comment page there was already one, and it was from you. Cheesy
legendary
Activity: 3038
Merit: 1032
RIP Mommy
Heh, good word. The first one I got was June 13, now 2 separate accounts just this week.

These fucking twats would wave guns around at cops in real life... PMing me is electronic suicide. Instant trust level shitcan, instant email to the webhost of their virus, instant warning comment on the download page. They just don't learn.
legendary
Activity: 1512
Merit: 1012
Still wild and free
Will it stop these incessant virus PMers that seem to be trading and/or hacking forum accounts? If so, yes please.

Is it just my bad luck in the last few days or do you also feel a recrudescence lately?
legendary
Activity: 3038
Merit: 1032
RIP Mommy
Will it stop these incessant virus PMers that seem to be trading and/or hacking forum accounts? If so, yes please.
newbie
Activity: 44
Merit: 0
Can we get a response from a moderator or admin? The technical difficulty of installing this under options isn't that onerous.
full member
Activity: 211
Merit: 100
You are not special.
I was scared by 2fa until TradeFortress pointed this out to me and sent me a javascript tool to process 2fa. I am a big advocate of it now. So yes. This is a must for this forums power users. But it should definitely be optional.
vip
Activity: 1316
Merit: 1043
👻
Except that Google Auth has nothing to do with Google's servers and you don't even need an internet connection to use it.

Have a link for that?  I tried a bunch of searches looking for the technical details, but all I could find was ways to enable it on my gmail account and get SMS, so I assumed the worst.

Google Auth is just a fancy name for this:

Quote
function GoogleAuthenticatorCode(string secret)
     key := base32decode(secret)
     message := current Unix time ÷ 30
     hash := HMAC-SHA1(key, message)
     offset := last nibble of hash
     truncatedHash := hash[offset..offset+3]  //4 bytes starting at the offset
     Set the first bit of truncatedHash to zero  //remove the most significant bit
     code := truncatedHash mod 1000000
     pad code with 0 until length of code is 6
     return code
kjj
legendary
Activity: 1302
Merit: 1026
Except that Google Auth has nothing to do with Google's servers and you don't even need an internet connection to use it.

Have a link for that?  I tried a bunch of searches looking for the technical details, but all I could find was ways to enable it on my gmail account and get SMS, so I assumed the worst.
legendary
Activity: 1260
Merit: 1000
Except that Google Auth has nothing to do with Google's servers and you don't even need an internet connection to use it.
kjj
legendary
Activity: 1302
Merit: 1026
User using it should get an icon or something else that shows other users he/she 's using 2 FA.

Fuck this, and fuck google.

First, you don't ever leak security state information to attackers unless you really must.  Second, for a forum devoted to private money, there sure are a lot of people in this thread very eager to tell google their every move.
sr. member
Activity: 376
Merit: 312
Can you say... nighty-night?
vote for Yubikey/GA 2 FA. User using it should get an icon or something else that shows other users he/she 's using 2 FA.

I'm getting really paranoid reading about all these ppl scaming arround and then saying account was hacked.

People are f#@! d$%& stupid (this is NOT meant as insult, it includes me as well), using weak passwords, using same password everywhere, using passwords similar to their username and so on, regardless how much and often you talk about secure passwords. With 2 FA you can (partially) protect ppl from their own stupidity.
hero member
Activity: 784
Merit: 1000
0xFB0D8D1534241423
+1. 2FA adds a ton to security.
hero member
Activity: 698
Merit: 500
5% Bitcoin Discount - All Orders
+1. Very interested in using Google Authenticator on the forums
legendary
Activity: 858
Merit: 1000
Turn it into a poll.
member
Activity: 78
Merit: 10
Please enable 2 factor authentication?

Better yet have the option for a user to enable.
If someone does not have it enabled
their username shows it is not enabled
maybe with a warning below their username or
their username is a different color(maybe yellow for caution).

This feature would add credibility not only to individuals
but to the BTC community as a whole!
Pages:
Jump to: