Topic: The forum needs 2FA (Read 682 times)

Unlocking and re-locking this thread for a quick update.

The post above this one (and bits and pieces of the OP) makes me chuckle a bit, because I didn't really understand how much work I was signing myself up for!

Anyway, it's been quite an adventure but I now have a completely working 2FA patch for this version of SMF.

I would say it took about a week to get a basic implementation mostly finished. After that initial week of work I decided to put it on the back burner and think about things like how it would interact with password resets, etc. I touched it every now and then, making small improvements. The largest amount of work was generating QR codes in PHP (the patch uses no outside code, so this meant a from-scratch implementation).

Then I figured, having only managed to get theymos to accept one tiny patch before, that I should try and see if I can get a bigger patch merged before bugging him with a large one. I tried my luck, here and here (and technically here, too, but that's not really much of a patch, more like a suggestion). It was a little disheartening having so little success with those attempts, and that kind of killed my enthusiasm for finishing the 2FA patch.

I found the energy recently to finish it up, and I'm happy with the final result. I didn't keep a timesheet, but I estimate it took around 80 hours of programming/reading/thinking (excluding the other patches).

After so much work, I'm not really in the mood for another failed attempt to get a patch merged, so to keep my spirits up I think I'll put it out of my mind until the new year. I'll post about it (and send the code to theymos) in January February March April May June (Hmm, this is getting a bit ridiculous; there's a good reason for these delays, but still. I'll try to get this squared away soon). If I find ways to improve it between now and then, I'll obviously do that, too.

Okay, thanks for reading. I'm not too hopeful, but at least there's a chance that the forum will get 2FA in early 2023!

Edit: Fuggin' finally. Here it is: A concise 2FA/TOTP implementation (SMF patch).

Okay, peeps, instead of moaning about the lack of 2FA from the sidelines, I've decided to roll up my proverbial sleeves and take a crack at it myself!

Now, PHP ain't my jam and I'm completely unfamiliar with the SMF codebase, so I may be biting off slightly more than I can chew, but considering the benefit to users of the forum and the low probability of theymos doing it (not throwing shade, I'm sure he would if he could justify it) I figure the only person's time I'll be wasting is my own, and so it's worth trying.

My plan is to set up an old Debian (probably squeeze) box and make a minimally-invasive patch against SMF 1.1.19. I'm guessing that theymos has modified 1.1.19 quite a bit, so the deliverable won't be an actual "diff", but more like a post with code snippets and instructions on what to change.

I've carefully considered the feedback in this thread and think I can implement it in a way that won't ruffle anyone's feathers.

I think opt-in 2FA would be a strict improvement to the forum in terms of security and would make it much harder for phishing attempts to succeed and for account credentials to be lifted by malware. Obviously, no single security measure can be expected to solve everything, but I think this one will reduce the number of accounts that get "hacked" and could end up saving people money (like the escrow deal gone wrong, mentioned in the OP).

Okay, that's all I wanted to say. I'm locking this thread. I'll make a new topic when I have something to show. Wish me luck!

If the forum had 2FA and I phished your password, I wouldn't be able to get into your account without the code as well. If you have a signed message posted on the forum, I can still get into your account, do nasty things, and you would need time to prove the account is yours and get it back from the recovery team.

I agree with you that 2FA isn't essential for a trade. A signed message or any other secondary mode of communication in addition to a forum PM should suffice. But 2FA would help people not lose their accounts if someone found out what password they use. That surely has to be taken into consideration as well. It's better not to find yourself in that position then having to wait for account recovery, which might take a day, a week, or a month. 2FA is the overal protection of your forum account. A signed message is an optional feature that shows you are the same person who posted that signature in the past. Assuming the keys weren't compromised or changed possession as well.

You know that in latest version of grapheneOS for Pixel you can even use real Gcam, and I have to say it's much better than GOS Camera app, especially for recording videos.
Stabilization is done much better in Gcam, but I think we should expect much improvements in near future.
Graphene is open source and you can verify it with their Auditor app.

Aurora is great but sometimes it's not working for some reason, and it's nice to have alternatives like Droidify or IzzyOnDroid for open source apps.
IzzyOnDroid is pulling apps directly from ghithub sources, so there isn't any middle man used in other similar services.
For 2FA I think that Aegis is currently best available app for Android.

Me too.  Exchange has 2fa for the sole purpose of security hence having 2fa wouldnt not be an issue here if theymos really wanted to implement it.  It has certain advantage such as avoiding being hacked that easily since they will be needing such code before accessing such account that happened due to malware and phishing links.

Some wouldnt wanted this or not necessary but an additional layer of security wouldnt hurt at all.

2FA does not mean a perfect protection. You pointed out a good point.

• People don't know how to backup (or don't care to do it) their 2FA code. Then when their devices broken, they came back to ask how to get 2FA back. For exchanges, it is simple, go with KYC but if you fail with KYC, your money will be lost.
• People naively to store all things, email password, exchange account password, 2FA on a same device, at the same place. They naively think with this way, they are safe. In fact, they can lose all very easily

I've wondered this myself too why we don't have it here. As big as BTT is I believe it should have it. I was crestfallen when I read theymos' stand on it as being unnecessarily time consuming. Oh menh!

---

Don't take for granted that not everyone here knows how to decode such thing as a signed message, let alone ask for it.

I don't believe it's overrated. Though users need to have the 2FA tool on a different device from the one they're assessing the site. If possible have both GA and SMS authenticator. In this case, too many broil won't spoil the cook.

The idea of implementing a 2fa system on the forum for an improved security is one I personally would support,  those who have never had their account compromised, or have never had a friend who went through such experience, clearly would not understand how important this is.
A neighbor of mine living not far from me was sharing with me the other day of how his email address got hacked,  and by that hack, the hacker was able to reset the password of all his social network account including Facebook, Twitter, Instagram, even his newly created bitcointalk account, he lost access to all his social accounts. He said the hacker also tried resetting his online banking details so he(the hacker) could gain access to his bank account, but the mandatory 2fa feature the bank implemented on every account prevented the hacker from succeeding.

So personally, in this modern edge where hackers are becoming even smarter than they used to be, I think the importance of 2fa can never be overemphasized, if it's implementation here is possible and easy like the op explained,  I will support that it be implemented and made optional,  those who would like to turn it on can do so,  while others users who feel there is no need for it can ignore it.

Yeah, something along those lines. We don't require a over the top system, something basic, but functional. I'm not one for pretty things, that doesn't add much additional functionality.

Yeah, all of my phones are degoogled, and while sometimes that can pose problems, honestly I haven't run into many. The camera usually has the most difficult, despite having gcam ports, and open camera. Anyway, you still need to ideally trust the developers behind the custom ROM you install, which isn't always easy.  

I've even resorted to installing Google apps, via Aurora Store since it's a open source alternative, and honestly most applications work right out of the box, and some are missing functionality, but not completely broken. Only a few rely on Google services so much they break completely, and then you have things like MicroG which can get them working with the bare minimum functionality of Google services.

I would agree with you, most phones are like that with some exceptions like newest Google Pixel that has built in security element, and it can be even more secure than desktop if you de-google it.
You would be surprised how easy is to do this installing open source graphene os, than you add few apps like Aegis and even some Bitcoin wallets.
Having Aegis 2FA keys on smartphone like this is much safer if you add secure password.

It could only break things if people lose their 2fa keys and backup, but I think someone said that epoch forum has plans for 2fa if I am not mistaken.

I know it was meant as a joke, and by the way, I don't think 2FA would be a game changer at all, but I wanted to point out that there is bitcoin, blockchain, and the forum, and despite all being related they don't have to function the same, and if they do it might now be pretty.It was late at night so probably, now that I think better I should have replied, with something else, like:
"let's make this forum decentralized and censorship-free, nobody to be able to delete messages or ban users and to prevent spam, charge a fee for each post"  

But the main thing stands, 2FA or no 2FA, it's only one person who will decide this, and I don't see it happening.


And to make things even better, make the sessions last only 2 hours, every time a new IP is detected you would have to verify your location again with a different key to make things safer, and  24 hours account lock if you get the security phrase wrong twice. Oh, and you won't be able to post anywhere but in off-topic and meta for 72 hours after a password/ private key/ email change.

I'm willing to bet that in the first week even with all these implemented and maybe more someone will still manage to get scammed of his account!!

Althought this discustion not related to the topic and sorry for that... but my post was merely a joke however still I see there many things around "bitcointalk.org", which are run by community and not owned by the "admin".

________________________________	___________	_______________________________________________________
bitcointalk + addons	Owned or run by	Description
________________________________	___________	_______________________________________________________
https://loyce.club/	LoyceV	LoyceV's useful data on Bitcointalk, all bulk data Merit/Trust/Posts
https://bpip.org/	Vod	The Bitcointalk Public Information Project!
https://ninjastic.space/	TryNinja	BitcoinTalk Post/Address archive + API
https://public.tableau.com/profile/ddmrddmr	DdmrDdmr	The dashboard gives you access to anyone’s complete merit history
@BTTSuperNotifier_bot	TryNinja	BitcoinTalk TELEGRAM Notification BOT (merits, mentions, topics,+)
________________________________	___________	_______________________________________________________

So like this: "I want to login to Bitcointalk using account LoyceV signing code jT9ZJqD5qExjN4ERNtP9aQ" (where "jT9ZJqD5qExjN4ERNtP9aQ" is generated by the forum)? That would work, but is a lot more work than just opening my browser, typing a "b", and pressing enter.

Mobile phones I would hope would never be used, although they're probably better than nothing, but again there's a potential privacy issue to be had with that. However, the rest is good. Physical key although free, is by your discretion. Other than that, using a Bitcoin address, and automated system for verifying signatures would be the most logical approach. Although, that would probably be difficult to implement into the current software, and that's why I imagine it hasn't already been implemented, I take theymos has someone who cares about security, so I wouldn't have thought they'd be against two factor authentication.

It's probably the issue of implementing it correctly, and without introducing a tonne of new problems, and potentially breaking other things.

I would be love to be getting the 2FA option here on the Forum and i guess others also would be like the idea of it.
Means maybe less Account hacking would be going on then and it would be harder to get Accounts from Malwares and Phishing.
Also i think the Account recovery would be more easier , but i dont know .

Just my 2 cents

This forum is centralized and run by an admin hence we should do the same with bitcoin!
See how this works?

It's a forum. Simple.
If I want to trade with anyone and it requires to send BTC to them or any sort of crypto, I will ask them to sign the bitcoin address they staked or sign a message using PGP fingerprint they have attached with the forum.
 

2FA would be useful addition to bitcointalk forum but I would only use it optionally and I wouldn't allow connection with phone numbers.
Even better option would be adding support for hardware token FIDO authentication that is one of the most secure form of account protection and it's used by some exchanges and banks.
Down side for this is that you would have to buy hardware devices like YubiKey, so it's not free and you would have to buy two devices as backup.
Some hardware wallets also support FIDO, so they could be used as well.

This forum does not require transactions and does not save our money, so what is 2FA for? In my opinion, the best security is from ourselves in the use of this forum.
- Reduce the activity of browsing unknown websites
- Don't just open the link on the forum or outside the forum especially from stranger
- Antivirus for the device (if needed), but also be careful when choosing AV
- Prepare a good password, strong, difficult to guess, 4 combinations (letters, numbers, capital, symbols).

This should be enough to secure the account. Let's see why theymos accounts or top user accounts have never been hacked, both don't use 2FA, right? Because they secure the account with their own method. LoyceV for example, he created account for PC and for Mobile. because he realized the importance of keeping his account secure. From him we can learn if not logging in on any device is important to secure our account.

Joking apart but Ctrl + C and Ctrl + V does not care about 256 or 512 or simple abc123