|
Title: 2-factor authentication for forum login? Post by: Soros Shorts on July 07, 2012, 12:36:01 AM I just realized that many investing, lending and depositing activies currently taking place in the forum rely heavily on the transacting parties' forum identities for authentication. I'm refering to those operations that are mostly PM and message based, without the benefit and support of an external website that has a login. Under these circumstances some forum logins could be as valuable as bank logins to a potential thief.
Would it be feasible to add 2-factor authentication for forum logins? Optional, of course. I was thinking something along the lines of Google Authenticator or B-Y-O-Yubikey. If there were a demand for this it could be made available only to Donators and/or VIPs so the implementation costs could be recovered as more people would donate. Does this make sense? Title: Re: 2-factor authentication for forum login? Post by: BrightAnarchist on July 07, 2012, 12:41:10 AM Generally speaking PGP does the job for me. I aways give my public key and notify my various account holders to only allow me to withdraw upon recieving a signed request.
Title: Re: 2-factor authentication for forum login? Post by: chunglam on July 07, 2012, 12:47:42 AM I just realized that many investing, lending and depositing activies currently taking place in the forum rely heavily on the transacting parties' forum identities for authentication. I'm refering to those operations that are mostly PM and message based, without the benefit and support of an external website that has a login. Under these circumstances some forum logins could be as valuable as bank logins to a potential thief. Would it be feasible to add 2-factor authentication for forum logins? Optional, of course. I was thinking something along the lines of Google Authenticator or B-Y-O-Yubikey. If there were a demand for this it could be made available only to Donators and/or VIPs so the implementation costs could be recovered as more people would donate. Does this make sense? +1, I vote Google Authenticator. Title: Re: 2-factor authentication for forum login? Post by: BrightAnarchist on July 07, 2012, 12:49:38 AM I just realized that many investing, lending and depositing activies currently taking place in the forum rely heavily on the transacting parties' forum identities for authentication. I'm refering to those operations that are mostly PM and message based, without the benefit and support of an external website that has a login. Under these circumstances some forum logins could be as valuable as bank logins to a potential thief. Would it be feasible to add 2-factor authentication for forum logins? Optional, of course. I was thinking something along the lines of Google Authenticator or B-Y-O-Yubikey. If there were a demand for this it could be made available only to Donators and/or VIPs so the implementation costs could be recovered as more people would donate. Does this make sense? +1, I vote Google Authenticator. I agree provided it's optional. Title: Re: 2-factor authentication for forum login? Post by: Stephen Gornick on July 07, 2012, 01:29:36 AM I'm refering to those operations that are mostly PM and message based, without the benefit and support of an external website that has a login. Under these circumstances some forum logins could be as valuable as bank logins to a potential thief. What you are describing is over the counter trading. The #bitcoin-otc's Web of Trust (WoT) can be used when negotiating and transacting. It uses GPG authentication against the IRC bot gribble. There are more than 2,200 users registered and so far nearly 12,000 ratings have been left, ratings which appear in the history for any -otc user. - http://bitcoin-otc.com/trust.php - http://wiki.bitcoin-otc.com/wiki/GPG_authentication#Third-party_guides - http://bitcoin-otc.com/viewratings.php - http://bitcoin-otc.com - http://webchat.freenode.net/?channels=#bitcoin-otc-foyer Title: Re: 2-factor authentication for forum login? Post by: grue on July 07, 2012, 01:44:46 AM I'm refering to those operations that are mostly PM and message based, without the benefit and support of an external website that has a login. Under these circumstances some forum logins could be as valuable as bank logins to a potential thief. What you are describing is over the counter trading. The #bitcoin-otc's Web of Trust (WoT) can be used when negotiating and transacting. It uses GPG authentication against the IRC bot gribble. There are more than 2,200 users registered and so far nearly 12,000 ratings have been left, ratings which appear in the history for any -otc user. - http://bitcoin-otc.com/trust.php - http://wiki.bitcoin-otc.com/wiki/GPG_authentication#Third-party_guides - http://bitcoin-otc.com/viewratings.php - http://bitcoin-otc.com - http://webchat.freenode.net/?channels=#bitcoin-otc-foyer Title: Re: 2-factor authentication for forum login? Post by: gabbynot on July 07, 2012, 02:29:25 AM Another +1 for Google Authenticator
Title: Re: 2-factor authentication for forum login? Post by: theymos on July 07, 2012, 03:00:03 AM OpenID is a required feature for the new forum software. Then you'll be able to use an OpenID provider that supports two-factor authentication.
Title: Re: 2-factor authentication for forum login? Post by: NothinG on July 07, 2012, 03:14:54 AM OpenID is a required feature for the new forum software. Then you'll be able to use an OpenID provider that supports two-factor authentication. Why not just pick something that gets updating often and move to that?vBulletin is what I would suggestion. Updates are pushed quickly, and many plugins with an active community. Price tag is a tad high, but you get what you pay for. Let's get away from SMF, PLEASE! Title: Re: 2-factor authentication for forum login? Post by: rjk on July 07, 2012, 05:48:44 AM OpenID is cool because I can use certificate authentication with a passphrase.
Title: Re: 2-factor authentication for forum login? Post by: Soros Shorts on July 07, 2012, 01:46:27 PM OpenID is a required feature for the new forum software. Then you'll be able to use an OpenID provider that supports two-factor authentication. After reviewing the state of OpenID today, I would agree that it would be the most flexible solution. I didn't think of it first because for many years OpenID was touted primarily as a "single-signon" solution and not a "secure-signon" solution. With the wider selection of providers available today it looks like you can have both of these features. People who don't need or want a single identitity could still maintain multiple OpenIDs.Looking forward to the new forum software. |