Bitcoin Forum>Other>Meta>New forum software
Pages:
Author

Topic: Two factor? (Read 5393 times)

Parazyd
hero member
Activity: 812
Merit: 587
Space Lord
Two factor?
December 29, 2014, 11:44:56 AM
#45
Another vote for Bitcoin 2FA.

Maybe placing an option in your profile that lets you use different 2FA types (Google, sign with BTC address, etc.).

/edit

Nevermind, found it in the forum design feature list:
Quote from: https://docs.google.com/document/d/1bHlm4NQkSzaBTT5tLIqQBmV92wSsbdOX5r-dRR9Dgg0
Fancy Authentication

In addition to normal password authentication, the forum should support various kinds of of alternative authentication. At least password auth, email verification, secret questions, OpenID, PGP, OpenVPN (automatic creation of subnets + IP source verification), and Bitcoin address signing should be supported, with multiple allowable credentials for each auth type. Users should have the option of requiring any combination of these auth types. Like "pgp OR (password AND OpenID)". And users should be able to require that changes to some or all auth types as well as the required combination of types not take effect for some configurable number of days. This allows for different types of recovery methods.

Also, it should be possible to limit the access for each auth type. So one type might be able to only read, but not post, etc. If the Web interface uses the same API that is exposed publicly, then these permissions can be in the form of allowed API commands.

It might be nice to make this functionality into a self-contained library that other sites can use.
goozman96
hero member
Activity: 728
Merit: 500
Re: Two factor?
September 26, 2014, 10:14:32 PM
#44
This is a great idea. It's much better to use something bitcoin related for 2FA versus relying on Google. Hopefully theymos considers this.
vite
legendary
Activity: 1018
Merit: 1000
Re: Two factor?
September 26, 2014, 08:48:07 AM
#43
Quote from: Muhammed Zakir on September 26, 2014, 08:33:59 AM
Quote from: vite on September 26, 2014, 08:28:00 AM
Quote from: Muhammed Zakir on September 26, 2014, 05:25:14 AM
Quote from: vite on September 25, 2014, 07:49:51 PM
we should use bitcoin related 2FA

https://github.com/nanotube/supybot-bitcoin-marketmonitor/blob/master/GPG/local/bitcoinsig.py

easy to implement and only requires storing public bitcoin addresses.

theymos hasn't responded here for a few days. We will know after he respond. But I don't whether he will use this instead of Google Authenticator. Is there any other site, which uses this 2FA? AND HOW does this work, if only public Bitcoin address is needed?

  ~~MZ~~

Only the owner of the bitcoin address can sign the message. Giving an extra layer of control for the user and less responsibility for the administrator. Since the administrator does not have to provide and keep private keys for the google authenticator.

message:

I am Vite

signed message:

HBJwP1/CBWs8LkrL/kPLjBN4ktqP7r348eQvN2UpSB3UsUHkW50zm+RbMErVDxfEwX2Y51QMA3Sz+z59dJBG+jE=

bitcoin address;

1BxzA3KCoynGMAmxobcFcUH7GGnqz1Eewe


Now you can use bitcoind, electrum, etc to verify the signature. or the script I linked above.



That would be great! So if it is implementing, I would suggest a bot to prevent re-use of same signature again because if we have posted a message in BT, then the user can bypass this 2FA by copy-pasting the signature. Roll Eyes

  ~~MZ~~

Actually you need a random phrase generator that changes on every login. So no copy pasting can work.
Muhammed Zakir
hero member
Activity: 560
Merit: 506
I prefer Zakir over Muhammed when mentioning me!
Re: Two factor?
September 26, 2014, 08:33:59 AM
#42
Quote from: vite on September 26, 2014, 08:28:00 AM
Quote from: Muhammed Zakir on September 26, 2014, 05:25:14 AM
Quote from: vite on September 25, 2014, 07:49:51 PM
we should use bitcoin related 2FA

https://github.com/nanotube/supybot-bitcoin-marketmonitor/blob/master/GPG/local/bitcoinsig.py

easy to implement and only requires storing public bitcoin addresses.

theymos hasn't responded here for a few days. We will know after he respond. But I don't whether he will use this instead of Google Authenticator. Is there any other site, which uses this 2FA? AND HOW does this work, if only public Bitcoin address is needed?

  ~~MZ~~

Only the owner of the bitcoin address can sign the message. Giving an extra layer of control for the user and less responsibility for the administrator. Since the administrator does not have to provide and keep private keys for the google authenticator.

message:

I am Vite

signed message:

HBJwP1/CBWs8LkrL/kPLjBN4ktqP7r348eQvN2UpSB3UsUHkW50zm+RbMErVDxfEwX2Y51QMA3Sz+z59dJBG+jE=

bitcoin address;

1BxzA3KCoynGMAmxobcFcUH7GGnqz1Eewe


Now you can use bitcoind, electrum, etc to verify the signature. or the script I linked above.



That would be great! So if it is implementing, I would suggest a bot to prevent re-use of same signature again because if we have posted a message in BT, then the user can bypass this 2FA by copy-pasting the signature. Roll Eyes

  ~~MZ~~
vite
legendary
Activity: 1018
Merit: 1000
Re: Two factor?
September 26, 2014, 08:28:00 AM
#41
Quote from: Muhammed Zakir on September 26, 2014, 05:25:14 AM
Quote from: vite on September 25, 2014, 07:49:51 PM
we should use bitcoin related 2FA

https://github.com/nanotube/supybot-bitcoin-marketmonitor/blob/master/GPG/local/bitcoinsig.py

easy to implement and only requires storing public bitcoin addresses.

theymos hasn't responded here for a few days. We will know after he respond. But I don't whether he will use this instead of Google Authenticator. Is there any other site, which uses this 2FA? AND HOW does this work, if only public Bitcoin address is needed?

  ~~MZ~~

Only the owner of the bitcoin address can sign the message. Giving an extra layer of control for the user and less responsibility for the administrator. Since the administrator does not have to provide and keep private keys for the google authenticator.

message:

I am Vite

signed message:

HBJwP1/CBWs8LkrL/kPLjBN4ktqP7r348eQvN2UpSB3UsUHkW50zm+RbMErVDxfEwX2Y51QMA3Sz+z59dJBG+jE=

bitcoin address;

1BxzA3KCoynGMAmxobcFcUH7GGnqz1Eewe


Now you can use bitcoind, electrum, etc to verify the signature. or the script I linked above.

Muhammed Zakir
hero member
Activity: 560
Merit: 506
I prefer Zakir over Muhammed when mentioning me!
Re: Two factor?
September 26, 2014, 05:25:14 AM
#40
Quote from: vite on September 25, 2014, 07:49:51 PM
we should use bitcoin related 2FA

https://github.com/nanotube/supybot-bitcoin-marketmonitor/blob/master/GPG/local/bitcoinsig.py

easy to implement and only requires storing public bitcoin addresses.

theymos hasn't responded here for a few days. We will know after he respond. But I don't whether he will use this instead of Google Authenticator. Is there any other site, which uses this 2FA? AND HOW does this work, if only public Bitcoin address is needed?

  ~~MZ~~
vite
legendary
Activity: 1018
Merit: 1000
Re: Two factor?
September 25, 2014, 07:49:51 PM
#39
we should use bitcoin related 2FA

https://github.com/nanotube/supybot-bitcoin-marketmonitor/blob/master/GPG/local/bitcoinsig.py

easy to implement and only requires storing public bitcoin addresses.
Muhammed Zakir
hero member
Activity: 560
Merit: 506
I prefer Zakir over Muhammed when mentioning me!
Re: Two factor?
August 08, 2014, 04:41:18 PM
#38
Quote from: theymos on July 09, 2014, 02:20:17 PM

Google Authenticator uses a standard protocol for 2FA. Neither the server nor the client needs to communicate with Google for Google Authenticator to work. This will definitely be supported in the new forum. (And maybe also added to the current forum.)

Thanks for notifying about adding the option. Adding to the current forum will be better as the new forum will take some months. Making 2FA a must for all would be better from hacking a but adding option would be helpful for persons who don't have android or iOS.

Kindly,
       MZ
BCwinning
hero member
Activity: 770
Merit: 500
Re: Two factor?
July 11, 2014, 09:07:52 PM
#37
Quote from: theymos on July 09, 2014, 02:20:17 PM
Quote from: BCwinning on June 11, 2014, 09:40:38 AM
I would really like to not see google products used on an anonymous coin.

Google Authenticator uses a standard protocol for 2FA. Neither the server nor the client needs to communicate with Google for Google Authenticator to work. This will definitely be supported in the new forum. (And maybe also added to the current forum.)
fuck google.
Mikez
hero member
Activity: 508
Merit: 500
Re: Two factor?
July 11, 2014, 07:47:46 PM
#36
Quote from: theymos on July 09, 2014, 02:20:17 PM
Quote from: BCwinning on June 11, 2014, 09:40:38 AM
I would really like to not see google products used on an anonymous coin.

Google Authenticator uses a standard protocol for 2FA. Neither the server nor the client needs to communicate with Google for Google Authenticator to work. This will definitely be supported in the new forum. (And maybe also added to the current forum.)

Finally, a confirmation on 2FA, this is awesome(thanks theymos). But the possibility of it being implemented on the current forum software makes me wonder about just how long will take for the new forum software to roll out.
nahtnam
legendary
Activity: 1092
Merit: 1000
nahtnam.com
Re: Two factor?
July 11, 2014, 12:03:04 AM
#35
Quote from: Wulfcastle on July 10, 2014, 10:24:48 PM
Quote from: nahtnam on July 10, 2014, 10:11:44 PM
Quote from: Wulfcastle on July 10, 2014, 10:09:22 PM
Quote from: theymos on July 09, 2014, 02:20:17 PM
Quote from: BCwinning on June 11, 2014, 09:40:38 AM
I would really like to not see google products used on an anonymous coin.

Google Authenticator uses a standard protocol for 2FA. Neither the server nor the client needs to communicate with Google for Google Authenticator to work. This will definitely be supported in the new forum. (And maybe also added to the current forum.)

Is there a new forum rolling out soon?

In a few years.

Edited....blonde moment there  Tongue

Still dont see any edits, but 2fa might be added to the current forum system. There is a 2BTC bounty for it.
Wulfcastle
hero member
Activity: 546
Merit: 500
Re: Two factor?
July 10, 2014, 10:24:48 PM
#34
Quote from: nahtnam on July 10, 2014, 10:11:44 PM
Quote from: Wulfcastle on July 10, 2014, 10:09:22 PM
Quote from: theymos on July 09, 2014, 02:20:17 PM
Quote from: BCwinning on June 11, 2014, 09:40:38 AM
I would really like to not see google products used on an anonymous coin.

Google Authenticator uses a standard protocol for 2FA. Neither the server nor the client needs to communicate with Google for Google Authenticator to work. This will definitely be supported in the new forum. (And maybe also added to the current forum.)

Is there a new forum rolling out soon?

In a few years.

Edited....blonde moment there  Tongue
nahtnam
legendary
Activity: 1092
Merit: 1000
nahtnam.com
Re: Two factor?
July 10, 2014, 10:11:44 PM
#33
Quote from: Wulfcastle on July 10, 2014, 10:09:22 PM
Quote from: theymos on July 09, 2014, 02:20:17 PM
Quote from: BCwinning on June 11, 2014, 09:40:38 AM
I would really like to not see google products used on an anonymous coin.

Google Authenticator uses a standard protocol for 2FA. Neither the server nor the client needs to communicate with Google for Google Authenticator to work. This will definitely be supported in the new forum. (And maybe also added to the current forum.)

Is there a new forum rolling out soon?

In a few years.
Wulfcastle
hero member
Activity: 546
Merit: 500
Re: Two factor?
July 10, 2014, 10:09:22 PM
#32
Quote from: theymos on July 09, 2014, 02:20:17 PM
Quote from: BCwinning on June 11, 2014, 09:40:38 AM
I would really like to not see google products used on an anonymous coin.

Google Authenticator uses a standard protocol for 2FA. Neither the server nor the client needs to communicate with Google for Google Authenticator to work. This will definitely be supported in the new forum. (And maybe also added to the current forum.)

Is there a new forum rolling out soon?
theymos
administrator
Activity: 5166
Merit: 12850
Re: Two factor?
July 09, 2014, 02:20:17 PM
#31
Quote from: BCwinning on June 11, 2014, 09:40:38 AM
I would really like to not see google products used on an anonymous coin.

Google Authenticator uses a standard protocol for 2FA. Neither the server nor the client needs to communicate with Google for Google Authenticator to work. This will definitely be supported in the new forum. (And maybe also added to the current forum.)
nahtnam
legendary
Activity: 1092
Merit: 1000
nahtnam.com
Re: Two factor?
June 29, 2014, 11:57:18 PM
#30
It shouldnt be too hard to implement, and would stop some accounts from being hacked.
kuusj98
hero member
Activity: 812
Merit: 1000
I <3 VW Beetles
Re: Two factor?
June 19, 2014, 09:29:02 AM
#29
Quote from: joshraban76 on June 13, 2014, 08:31:10 AM
I feel yes, we need it.

Despite it's a community or a forum over here, but there are trading and important PM's for us and so to care about.

At least for me.
We need 2 factor, but a good one, like I said on page 1, we need more options than the standard phone code verification, I don't always bring my phone with me.
joshraban76
sr. member
Activity: 252
Merit: 250
Re: Two factor?
June 13, 2014, 08:31:10 AM
#28
I feel yes, we need it.

Despite it's a community or a forum over here, but there are trading and important PM's for us and so to care about.

At least for me.
BCwinning
hero member
Activity: 770
Merit: 500
Re: Two factor?
June 12, 2014, 03:58:28 PM
#27
Quote from: HeroC on June 12, 2014, 03:07:50 PM
Quote from: NEM minnow on June 11, 2014, 09:26:24 AM
I would really like to see 2FA on this site via Google Authenticator.  I am guessing it would be fairly easy for the admin to add. 

It is planned for the new forum system.
and their evil mitts in here too now
HeroC
legendary
Activity: 858
Merit: 1000
Re: Two factor?
June 12, 2014, 03:07:50 PM
#26
Quote from: NEM minnow on June 11, 2014, 09:26:24 AM
I would really like to see 2FA on this site via Google Authenticator.  I am guessing it would be fairly easy for the admin to add. 

It is planned for the new forum system.
Pages:
Bitcoin Forum>Other>Meta>New forum software
Jump to: