Forum login with Bitcoin client

[sdp]

I am looking for a profitable and useful project involving software development.  Would anyone be interested in donating their time and skills or bitcoins to the development of a plug-in for Simple-Machines Forum that would allow you to login by signing a challenge with one of your bitcoin addresses?

What good is this?  Well, suppose the forum gets hacked (yet again) and you are using bitcoin signature verification instead of the password.  Then you don't need to change your password.  The hacker knows your bitcoin address but they cannot login by knowing your bitcoin address.  The forum can verify you have the private key but it doesn't get your private key.

There is new forum software in the works but it is unclear whether they will release this software in a timely manner.  Such a plugin could be installed on forums other than bitcoin talk that also use Simple-Machines Forum software.  The implementation of this plugin could act as a guide to other software developers who could create plugins for other forum software.

Post here if you are interested in making this possible.  Imagine a world without passwords.

sdp

[Quickseller]

The forum is not going to be using SMF for very much longer, so creating a plugin for this kind of feature would be a moot point for bitcointalk. The new forum is going to have the ability for people to use 2FA

[moko666]

Yes better develop an addon for new forum software,the current SMF forum can be updated anytime with new software
but if you want to develop this for new forum software then post in new forum software category and offer to develop such plugin

[Welsh]

This would almost be redundant in the new forum software. According to the current requirements the new forum software will support 2 factor authentication with PGP and Bitcoin signature. Although, it seems you are wanting to do away with passwords altogether, I think it's better to have 2 factor along with a password.

If you want to go ahead developing something for the current forum, you would need to get into contact with theymos and discuss the matter further before proceeding.

[truthstalker]

I think having this would greatly improve the security of the forum you might want to go and hire some people via services

[Jeremycoin]

I interested to use it not making it, so I can help to testing it I think, this would improve the secure here

[achow101]

I think that is a great idea, propose it for the new forum. It would essentially prevent the sale of accounts since private keys need to be transfered. However, what happens if I lose my private key? Would there be a way to recover accounts?

[redsn0w]

I do not think it is a good idea, a simple 2FA (like someone said previously) is much better than a bitcoin signed message (and if someone will 'stole' your private key? It is difficult to stole a smartphone from the other side of world).

[SaltySpitoon]

This is a feature some people are pushing for with the new forum software. If you have ever used the Eligus Bitcoin Mining Pool, since there are no accounts, and payouts are sent directly to whatever Bitcoin address you provide, you have to change account settings by signing messages with that Bitcoin address. I agree something like that at least for changing account settings or something would be neat. I think that would be very annoying to have to sign a message every time you want to log in, but required to change your password or something like that would be cool.

[ajareselde]

The forum is not going to be using SMF for very much longer, so creating a plugin for this kind of feature would be a moot point for bitcointalk. The new forum is going to have the ability for people to use 2FA

By the way things are going with new forum software, that plugin could be used for years it seams, if not forever.
Dont wave goodbye to smf just yet.

@op I would be interested in using this feature, and im sure many others would be also.
cheers

[sdp]

I am thinking we should have the admin see in configuration:

override all logins to require a password [checkbox] [spin box : and/or], a signature [checkbox].
override all profile edits to require a password [checkbox] [spin box : and/or], a signature [checkbox].
allow users to choose what authentication is necessary. [checkbox]


Then the user sees if the last checkbox is selected in his configuration
login requires a password [checkbox] [spin box : and/or], a signature [checkbox].
profile edits requires a password [checkbox] [spin box : and/or], a signature [checkbox].

Then when a forum gets hacked, the admin can set to:
override all logins to require password and a signature which would change all users to require a signature (if they have a bitcoin address on file) and the user's password.

I think there should be a field for bitcoin login address as separate from the simple bitcoin address.  For your normal address might be some kind of 2of3 address or something.

sdp