Topic: How do you prefer to log in? - page 2. (Read 9470 times)
User + Password + 2FA, and the site should have "remember this user+password" so I will actually type only the 2FA.
Name and Password
I'd personally use Google auth if possible (and passwords with capital and numbers).
I had forgotten about this. It looks very interesting and much more secure than other 2FA solutions. But are there mobile apps implementing this? Are any sites using it? Are people willing to scan a QR code every time they need to log in? [...]
Yes, that'd be great!
Android app:
https://play.google.com/store/apps/details?id=net.vrallev.android.sqrl
As someone who runs a pool, and has done a damn good job doing so, which do you prefer?
Thank you
As a user I find OpenID very quick and convenient.
As someone running a website, OpenID for the most part works fine. I don't need to store password hashes. I also don't have to deal with lost password issues, but on the other hand of course there are people who got banned from Google or otherwise lost access to their OpenID account who need help.
Over the 3.5 years there have been some negative experiences:
Some people write me angry notes saying I am trying to force them to register at Google and Yahoo to help the NSA and big corporations spy on them.
myopenid.net shut down with 6 months notice. Most people switched in time and it wasn't so bad. Only about 5 people didn't, and needed help to recover access to their Bitminter account.
A korean OpenID identity provider whose name I forget suddenly shut down (without notice as far as I know). Their entire website was replaced by a single page with text in korean saying something like "thanks for the good times. we shut down now. goodbye." If I recall correctly the text was an image too, so it was more difficult to get it translated with Google translate.
Blogger/blogspot has always been very unreliable. Their OpenID server is down half the time. There is no customer support available in any fashion. I didn't want to remove them from the login page because some users are using them and it will make it more difficult for them to log in without the blogspot button. Instead I put a warning not to use blogger/blogspot.
A few sites use OpenID implementations that apparently don't work well with the one I use, so you can't log in using those sites.
Yahoo OpenID was unstable for a while, maybe an hour of downtime per week. Then they crashed hard and their OpenID server was down for 3-4 days. I believe Yahoo mail was down at the same time. This came as a surprise as I had not expected Yahoo to be this unstable and take that long to fix their broken servers. Probably close to 1000 active Bitminter users were locked out of their accounts because of this. Too many to do manual account recovery for them all. I started working on an automated process, but then Yahoo finally got their act together and fixed the problem. Some users blamed me and left the pool. While it is not my fault that Yahoo is unreliable, it is my fault that I chose to rely on external services.
The latest problem now is that Google will not just be implementing the new OpenID Connect. They will also shut down the old OpenID 2.0 servers. So now all websites have to change their software if they want to keep Google logins. OpenID Connect is the new version of OpenID.
I prefer the convenience of Google login. I set the payout threshold such that it wouldn't be that big a deal even if it was hacked so it's sufficiently secure for me as is.
I do not like the payout address as user method as without an actual account it doesn't feel like I belong to anything. It would also make perks very difficult to implement.
Aaron
I do not like the payout address as user method as without an actual account it doesn't feel like I belong to anything. It would also make perks very difficult to implement.
Aaron
user name + password
bitcoin wallet!
facebook? google? are u grazy!!!
facebook? google? are u grazy!!!
I had forgotten about this. It looks very interesting and much more secure than other 2FA solutions. But are there mobile apps implementing this? Are any sites using it? Are people willing to scan a QR code every time they need to log in?
The problem with many other 2FA solutions:
Most 2FA solutions give you a one-time password on a separate device that you then type into your computer. There is a belief by a lot of users that this makes hacking impossible.
Let's review this. In many cases if you get hacked it's because someone (through a trojan or other malware) took over control of your computer. They are now looking at you through your camera, listening to you through your microphone, taking screenshots of your desktop to see what you are doing.. and they are recording every keystroke you make. When you type your one-time passwords into a compromised computer like this, you are essentially giving them to the hacker.
I wish more people would accept that..
- A one-time password/code typed into a compromised computer won't save you
- A compromised computer can become yours again, but you need to reformat your drive and reinstall the operating system from a clean source
Although if the hacker installed malware on the firmware of your laptop battery then you may wish to just burn the computer.
user/pass and CHOICE of second factor, google auth, SMS etc.
Google authentication is an algorithm btw and has been independently implemented, no need to trust google. You can pick up an old windows mobile device for $10 or less, put auth software on it, use it as entirely offline hardware key, etc.
Google authentication is an algorithm btw and has been independently implemented, no need to trust google. You can pick up an old windows mobile device for $10 or less, put auth software on it, use it as entirely offline hardware key, etc.
Voted for the OPENID, but i'm all good with login/pass + second factor (SMS)
Thanks Doc !
Thanks Doc !
I prefer OpenID with Google. I have Google set up to provide an SMS 2FA, if I am logging in from s new device. This is quite convenient as I log in on multiple devices (iPhone, iPad and desktop) multiple times per day. All of my devices are heavily secured as well.
Can't believe FB is listed as an option.....that's a joke right? 
Username+Password+2 way factor google authenticator
i prefer my payout address + phone authentication 
The OpenID Connect, just seems to be Google+, I still don't like Google+.
How would you prefer to log in at your mining pool's website?
Please take part in the poll above.
Please take part in the poll above.
Better question.
As someone who runs a pool, and has done a damn good job doing so, which do you prefer?
I like the open ID for most things due to it being fast and easy, however a password/txt msg code/ or some other thing would be good for the changing of settings/sending payments.
I prefer using my payout address. 2FA with UN and PW is not a bad way, payout address just seems easier for everyone.
Google open id is the quickest. It saves me time logging in...I log-in multiple times per day. Email log-in would also be ok. I do use authy. Have you considered sqrl login technology? see below:
https://www.grc.com/sqrl/sqrl.htm
https://www.grc.com/sqrl/sqrl.htm
Jump to: