Bitcoin Forum
December 13, 2024, 07:59:27 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: 2FA for more security in bitcointalk forum  (Read 1672 times)
b-trading (OP)
Sr. Member
****
Offline Offline

Activity: 434
Merit: 250


View Profile
June 25, 2015, 08:10:38 PM
 #1

Imagine...if i have actived on this forum lets say for about five years...i begin it with newbie rank and for so long until i have legendary rank...and suddenly someone hack and stole my account...and everything is gone...especially my hard worked for about five years in this forum to increase the rank from newbie to legendary...my point is how secure our account here with out 2FA...and if i had an idea to say to theymos to enable 2FA in this forum for more security reason..do you all will be agree with my idea?
hilariousandco
Global Moderator
Legendary
*
Offline Offline

Activity: 4018
Merit: 2728


Join the world-leading crypto sportsbook NOW!


View Profile
June 25, 2015, 08:21:53 PM
Last edit: June 25, 2015, 08:32:05 PM by hilariousandco
 #2

It's coming with the new forum:

https://bitcointalk.org/index.php?topic=523070.0

In addition to normal password authentication, the forum should support various kinds of of alternative authentication. At least password auth, email verification, secret questions, OpenID, PGP, OpenVPN (automatic creation of subnets + IP source verification), and Bitcoin address signing should be supported, with multiple allowable credentials for each auth type. Users should have the option of requiring any combination of these auth types. Like "pgp OR (password AND OpenID)". And users should be able to require that changes to some or all auth types as well as the required combination of types not take effect for some configurable number of days. This allows for different types of recovery methods.

Also, it should be possible to limit the access for each auth type. So one type might be able to only read, but not post, etc. If the Web interface uses the same API that is exposed publicly, then these permissions can be in the form of allowed API commands.

  ▄▄███████▄███████▄▄▄
 █████████████
▀▀▀▀▀▀████▄▄
███████████████
       ▀▀███▄
███████████████
          ▀███
 █████████████
             ███
███████████▀▀               ███
███                         ███
███                         ███
 ███                       ███
  ███▄                   ▄███
   ▀███▄▄             ▄▄███▀
     ▀▀████▄▄▄▄▄▄▄▄▄████▀▀
         ▀▀▀███████▀▀▀
░░░████▄▄▄▄
░▄▄░
▄▄███████▄▀█████▄▄
██▄████▌▐█▌█████▄██
████▀▄▄▄▌███░▄▄▄▀████
██████▄▄▄█▄▄▄██████
█░███████░▐█▌░███████░█
▀▀██▀░██░▐█▌░██░▀██▀▀
▄▄▄░█▀░█░██░▐█▌░██░█░▀█░▄▄▄
██▀░░░░▀██░▐█▌░██▀░░░░▀██
▀██
█████▄███▀▀██▀▀███▄███████▀
▀███████████████████████▀
▀▀▀▀███████████▀▀▀▀
█████████████LEADING CRYPTO SPORTSBOOK & CASINO█████████████
MULTI
CURRENCY
1500+
CASINO GAMES
CRYPTO EXCLUSIVE
CLUBHOUSE
FAST & SECURE
PAYMENTS
.
..PLAY NOW!..
Brewins
Legendary
*
Offline Offline

Activity: 1120
Merit: 1000



View Profile
June 26, 2015, 01:05:54 AM
 #3

Stunna offered a bounty for whoever make 2FA avaliable in the forum, not sure if it still is up.

And if IP source verification is added I see lots of people complaining that they can't access their account because they changed their IP or tried to access the forum from some other place.


And if some people struggle to understand even how activity is calculated, I see how hard will be for them understand and configure all the auths options

Xian01
Legendary
*
Offline Offline

Activity: 1652
Merit: 1067


Christian Antkow


View Profile
June 26, 2015, 01:08:43 AM
Last edit: June 26, 2015, 01:53:42 AM by Xian01
 #4

I'm sure the 2FA feature will be included in the new forums software that Theymos has spent ~$1.2M USD on, so far...
LouisVuitton
Legendary
*
Offline Offline

Activity: 896
Merit: 1000

Louis Vuitton


View Profile
June 26, 2015, 01:39:28 PM
 #5

This will be an awesome option! Can't wait.
mmmaybe
Sr. Member
****
Offline Offline

Activity: 462
Merit: 250



View Profile WWW
June 28, 2015, 01:48:14 AM
 #6

Good idea! Smiley

At first I thought it would be expensive, but as more and more sites have it implemented, it can't be that bad.

photon_coin
Sr. Member
****
Offline Offline

Activity: 310
Merit: 256


Photon --- The First Child Of Blake Coin --Merged


View Profile WWW
June 28, 2015, 01:58:59 AM
 #7

not a good idea

Brewins
Legendary
*
Offline Offline

Activity: 1120
Merit: 1000



View Profile
June 28, 2015, 03:14:15 AM
 #8

not a good idea

why not?

Of course not impose it to everyone, but add such option.

I don't think it would be too much compared to the 1M+ already spent in the new forum software
Xialla
Legendary
*
Offline Offline

Activity: 1036
Merit: 1001


/dev/null


View Profile
June 28, 2015, 01:58:15 PM
 #9

At first I thought it would be expensive..

uhh nope, you can have it literally for free with implemented Google 2FA (Authentificator) or with possibility to add yubikey..2FA is must have for any kind of serious web service these days..

not a good idea

why? I really don't see any catch..
baldpope
Full Member
***
Offline Offline

Activity: 144
Merit: 100



View Profile
June 29, 2015, 03:59:12 AM
 #10

yea, adding Google 2FA (rather one-time-password) option really makes sense.  Google makes it relatively easy to implement depending on your back-end.

anyway - consider this my +1 for 2fa
koshgel
Legendary
*
Offline Offline

Activity: 1162
Merit: 1001


View Profile
June 29, 2015, 04:24:44 AM
 #11

New forum etc etc..
Quickseller
Copper Member
Legendary
*
Offline Offline

Activity: 2996
Merit: 2374


View Profile
June 29, 2015, 04:42:20 AM
 #12

While I do think that 2FA would overall make it more difficult to hack user's accounts, in reality, it is really not that difficult to make it difficult to secure your account, and to make it so your account will have little value in the event that it gets hacked.

All that you really need to do in order to properly secure your account is:
  • Create a unique sufficiently complex password for your account
  • Use an email that you keep similarly secure (with a different password), and whose address is not associated with your bitcointalk identity
  • Keep your computer clean from malware

All that you need in order to prevent damage from being done in the event that your account is hacked:
  • Establish a PGP key that is associated with your account, and sign all addresses that you receive payment to with that address
  • Quickly and publicly report your account as being hacked when you are unable to access it.

★ ★ ██████████████████████████████[█████████████████████
██████████████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████████
███████████████████████████████████████████████████████████████████
████████████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████████
███████████████████████████████████████████████████████████████████
█████████████████████████████████████████████████████████████████████
█████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████████
█████████████████████████████████████████████████████████████
████████████████████████████████████████████████████████████
███████████████████████████████████████████████████████████████████
★ ★ 
hilariousandco
Global Moderator
Legendary
*
Offline Offline

Activity: 4018
Merit: 2728


Join the world-leading crypto sportsbook NOW!


View Profile
June 29, 2015, 07:54:29 AM
 #13

While I do think that 2FA would overall make it more difficult to hack user's accounts, in reality, it is really not that difficult to make it difficult to secure your account, and to make it so your account will have little value in the event that it gets hacked.

All that you really need to do in order to properly secure your account is:
  • Create a unique sufficiently complex password for your account
  • Use an email that you keep similarly secure (with a different password), and whose address is not associated with your bitcointalk identity
  • Keep your computer clean from malware


A unique and complex password doesn't matter when you get a keylogger or your account taken other remotely which is what usually happens when people get their account hacked and it's easier said than done to 'Keep your computer clean from malware'. If people did then there wouldn't be an issue.

  ▄▄███████▄███████▄▄▄
 █████████████
▀▀▀▀▀▀████▄▄
███████████████
       ▀▀███▄
███████████████
          ▀███
 █████████████
             ███
███████████▀▀               ███
███                         ███
███                         ███
 ███                       ███
  ███▄                   ▄███
   ▀███▄▄             ▄▄███▀
     ▀▀████▄▄▄▄▄▄▄▄▄████▀▀
         ▀▀▀███████▀▀▀
░░░████▄▄▄▄
░▄▄░
▄▄███████▄▀█████▄▄
██▄████▌▐█▌█████▄██
████▀▄▄▄▌███░▄▄▄▀████
██████▄▄▄█▄▄▄██████
█░███████░▐█▌░███████░█
▀▀██▀░██░▐█▌░██░▀██▀▀
▄▄▄░█▀░█░██░▐█▌░██░█░▀█░▄▄▄
██▀░░░░▀██░▐█▌░██▀░░░░▀██
▀██
█████▄███▀▀██▀▀███▄███████▀
▀███████████████████████▀
▀▀▀▀███████████▀▀▀▀
█████████████LEADING CRYPTO SPORTSBOOK & CASINO█████████████
MULTI
CURRENCY
1500+
CASINO GAMES
CRYPTO EXCLUSIVE
CLUBHOUSE
FAST & SECURE
PAYMENTS
.
..PLAY NOW!..
RappelzReborn
Hero Member
*****
Offline Offline

Activity: 686
Merit: 500



View Profile
June 29, 2015, 08:09:48 AM
 #14

This is already planned for the new forum software , but it will be optional or obligatory ? I mean you can Unlink your account later ? then I guess selling/buying accounts will be dead since you have to give your Gmail (all google services) accounts . but most likely taking some few years since we was expecting a Beta in last December and Release on last Feb. and and it's been months and soon it will become one year .
I don't get it .. why Theymos simply don't tell us how much left so we stop asking questions and rest in peace  Embarrassed

hilariousandco
Global Moderator
Legendary
*
Offline Offline

Activity: 4018
Merit: 2728


Join the world-leading crypto sportsbook NOW!


View Profile
June 29, 2015, 08:25:39 AM
 #15

This is already planned for the new forum software , but it will be optional or obligatory ? I mean you can Unlink your account later ? then I guess selling/buying accounts will be dead since you have to give your Gmail (all google services) accounts . but most likely taking some few years since we was expecting a Beta in last December and Release on last Feb. and and it's been months and soon it will become one year .
I don't get it .. why Theymos simply don't tell us how much left so we stop asking questions and rest in peace  Embarrassed

I'm not sure if it will be obligatory or not, but if you don't use it and your account gets hacked then it should be tough luck. Theymos likely isn't going to give a date because it's hard to give one on a work in progress and if he states a deadline people will only complain when it's missed. The forum needs to be 100% working and secure and it'll take a while to iron out kinks and bugs and unexpected problems can arise so that's why it's silly giving out deadlines unless you are 100% sure.

  ▄▄███████▄███████▄▄▄
 █████████████
▀▀▀▀▀▀████▄▄
███████████████
       ▀▀███▄
███████████████
          ▀███
 █████████████
             ███
███████████▀▀               ███
███                         ███
███                         ███
 ███                       ███
  ███▄                   ▄███
   ▀███▄▄             ▄▄███▀
     ▀▀████▄▄▄▄▄▄▄▄▄████▀▀
         ▀▀▀███████▀▀▀
░░░████▄▄▄▄
░▄▄░
▄▄███████▄▀█████▄▄
██▄████▌▐█▌█████▄██
████▀▄▄▄▌███░▄▄▄▀████
██████▄▄▄█▄▄▄██████
█░███████░▐█▌░███████░█
▀▀██▀░██░▐█▌░██░▀██▀▀
▄▄▄░█▀░█░██░▐█▌░██░█░▀█░▄▄▄
██▀░░░░▀██░▐█▌░██▀░░░░▀██
▀██
█████▄███▀▀██▀▀███▄███████▀
▀███████████████████████▀
▀▀▀▀███████████▀▀▀▀
█████████████LEADING CRYPTO SPORTSBOOK & CASINO█████████████
MULTI
CURRENCY
1500+
CASINO GAMES
CRYPTO EXCLUSIVE
CLUBHOUSE
FAST & SECURE
PAYMENTS
.
..PLAY NOW!..
Quickseller
Copper Member
Legendary
*
Offline Offline

Activity: 2996
Merit: 2374


View Profile
June 29, 2015, 12:13:17 PM
 #16

While I do think that 2FA would overall make it more difficult to hack user's accounts, in reality, it is really not that difficult to make it difficult to secure your account, and to make it so your account will have little value in the event that it gets hacked.

All that you really need to do in order to properly secure your account is:
  • Create a unique sufficiently complex password for your account
  • Use an email that you keep similarly secure (with a different password), and whose address is not associated with your bitcointalk identity
  • Keep your computer clean from malware


A unique and complex password doesn't matter when you get a keylogger or your account taken other remotely which is what usually happens when people get their account hacked and it's easier said than done to 'Keep your computer clean from malware'. If people did then there wouldn't be an issue.
Well doing things like avoiding downloading things like QT clients of most altcoins and other random files from untrustworthy entities and to avoid going to sites that are sketchy. Using an antivirus software would probably also help. All of these practices are things that I am going to guess that many people who get malware do not follow.

★ ★ ██████████████████████████████[█████████████████████
██████████████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████████
███████████████████████████████████████████████████████████████████
████████████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████████
███████████████████████████████████████████████████████████████████
█████████████████████████████████████████████████████████████████████
█████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████████
█████████████████████████████████████████████████████████████
████████████████████████████████████████████████████████████
███████████████████████████████████████████████████████████████████
★ ★ 
tiggytomb
Legendary
*
Offline Offline

Activity: 1848
Merit: 1000


View Profile
June 29, 2015, 12:24:18 PM
 #17

I like this idea, I use 2FA on many sites, very easy, quick and an extra layer of security.
el kaka22
Legendary
*
Offline Offline

Activity: 3738
Merit: 1170


www.Crypto.Games: Multiple coins, multiple games


View Profile
June 29, 2015, 01:27:21 PM
 #18

I like this idea, I use 2FA on many sites, very easy, quick and an extra layer of security.
I used to refuse any site that requires me to make a 2FA security setting, because I'm using the sites on my phone while I need to scan the QR code also using my phone... Until a site which force me to add 2FA, so I've been started to use the secret key option of the app (while I don't have to scan the QR code).

BTW, will the forum start the 2FA with the QR code one, or the forum will give the username+secret key to us to input?

█████████████████████████
███████▄▄▀▀███▀▀▄▄███████
████████▄███▄████████
█████▄▄█▀▀███▀▀█▄▄█████
████▀▀██▀██████▀██▀▀████
████▄█████████████▄████
███████▀███████▀███████
████▀█████████████▀████
████▄▄██▄████▄██▄▄████
█████▀▀███▀▄████▀▀█████
████████▀███▀████████
███████▀▀▄▄███▄▄▀▀███████
█████████████████████████
.
 CRYPTOGAMES 
.
 Catch the winning spirit! 
█▄░▀███▌░▄
███▄░▀█░▐██▄
▀▀▀▀▀░░░▀▀▀▀▀
████▌░▐█████▀
████░░█████
███▌░▐███▀
███░░███
██▌░▐█▀
PROGRESSIVE
      JACKPOT      
██░░▄▄
▀▀░░████▄
▄▄▄▄██▀░░▄▄
░░░▀▀█░░▀██▄
███▄░░▀▄░█▀▀
█████░░█░░▄▄█
█████░░██████
█████░░█░░▀▀█
LOW HOUSE
         EDGE         
██▄
███░░░░░░░▄▄
█▀░░░░░░░████
█▄░░░░░░░░█▀
██▄░░░░░░▄█
███▄▄░░▄██▌
██████████
█████████▌
PREMIUM VIP
 MEMBERSHIP 
DICE   ROULETTE   BLACKJACK   KENO   MINESWEEPER   VIDEO POKER   PLINKO   SLOT   LOTTERY
hilariousandco
Global Moderator
Legendary
*
Offline Offline

Activity: 4018
Merit: 2728


Join the world-leading crypto sportsbook NOW!


View Profile
June 29, 2015, 01:31:58 PM
 #19

If you check the forum requirements doc several different types of 2-factor have been requested.

  ▄▄███████▄███████▄▄▄
 █████████████
▀▀▀▀▀▀████▄▄
███████████████
       ▀▀███▄
███████████████
          ▀███
 █████████████
             ███
███████████▀▀               ███
███                         ███
███                         ███
 ███                       ███
  ███▄                   ▄███
   ▀███▄▄             ▄▄███▀
     ▀▀████▄▄▄▄▄▄▄▄▄████▀▀
         ▀▀▀███████▀▀▀
░░░████▄▄▄▄
░▄▄░
▄▄███████▄▀█████▄▄
██▄████▌▐█▌█████▄██
████▀▄▄▄▌███░▄▄▄▀████
██████▄▄▄█▄▄▄██████
█░███████░▐█▌░███████░█
▀▀██▀░██░▐█▌░██░▀██▀▀
▄▄▄░█▀░█░██░▐█▌░██░█░▀█░▄▄▄
██▀░░░░▀██░▐█▌░██▀░░░░▀██
▀██
█████▄███▀▀██▀▀███▄███████▀
▀███████████████████████▀
▀▀▀▀███████████▀▀▀▀
█████████████LEADING CRYPTO SPORTSBOOK & CASINO█████████████
MULTI
CURRENCY
1500+
CASINO GAMES
CRYPTO EXCLUSIVE
CLUBHOUSE
FAST & SECURE
PAYMENTS
.
..PLAY NOW!..
SmartIphone
Legendary
*
Offline Offline

Activity: 1204
Merit: 1000



View Profile
June 29, 2015, 01:32:04 PM
 #20

Who says 2FA isnt good? Those who try to stole others accounts.
2FA is great.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!