Can bitcointalk.org get 2 factor authentication?

[StevenPine]

Hi All,

I am curious what the chances are that the forum will provide optional google 2 factor authentication?

Best,

[bg002h]

Not sure I'd care...

[John (John K.)]

I want this feature too. I'm too paranoid to use any sites seriously without 2FA.

[🏰 TradeFortress 🏰]

+1 to this too. Please don't make it too annoying, still allow remembering.

[Mike Christ]

2FA via text would be super-duper.

[jasinlee]

+1

[zakoliverz]

why would you want bitcointalk.org to get 2fa ?

[🏰 TradeFortress 🏰]

Because I don't want to [buy stuff off / lend coins / etc] to a hacked account, or have people lend to me when my account is hacked?

[Line]

This has basically become an absolute requirement at this point. Please consider implementing 2FA

[Garr255]

2fauth via MMS is simply not doable with everyone on the forum who is not in the US. Google Auth is the way to go.

[Inaba]

Yubikey & GA.  No need for silly international texts and such.

[erono]

I support 2FA .

[binaryFate]

I definitely agree. This is a must-have as large auctions and trades are taking place on the forum.
Also the amount of accounts compromised greatly undermines the value of the trust network implemented (and the reliability of "reputation" in general).

[haveagr8day]

Absolutely agree, my account was hacked last night and someone posted a ton of random stuff. It would be great to have this.

[ThatDGuy]

This is a really great idea, especially given the trust that is/can be associated with these accounts.

[HeroC]

I would use it!

+1 Google Auth

I use it whenever I can!

[whiskers75]

Google Authenticator would be the way to go, maybe there is some SMF plugin.

[Scott J]

Yes, please - why not use some of the forum's wealth to enable 2FA via SMS?

[BTCOxygen]

Yes, please - why not use some of the forum's wealth to enable 2FA via SMS?

Yeah, That would be a great idea.

[rme]

Please use only Google 2FA and Yubikeys, no need for SMS.

[CurbsideProphet]

+1 for Google Authenticator

[isimme]

Please enable 2 factor authentication?

Better yet have the option for a user to enable.
If someone does not have it enabled
their username shows it is not enabled
maybe with a warning below their username or
their username is a different color(maybe yellow for caution).

This feature would add credibility not only to individuals
but to the BTC community as a whole!

[HeroC]

Turn it into a poll.

[CoinsForTech]

+1. Very interested in using Google Authenticator on the forums

[nimda]

+1. 2FA adds a ton to security.

[Evolyn]

vote for Yubikey/GA 2 FA. User using it should get an icon or something else that shows other users he/she 's using 2 FA.

I'm getting really paranoid reading about all these ppl scaming arround and then saying account was hacked.

People are f#@! d$%& stupid (this is NOT meant as insult, it includes me as well), using weak passwords, using same password everywhere, using passwords similar to their username and so on, regardless how much and often you talk about secure passwords. With 2 FA you can (partially) protect ppl from their own stupidity.

[kjj]

User using it should get an icon or something else that shows other users he/she 's using 2 FA.

Fuck this, and fuck google.

First, you don't ever leak security state information to attackers unless you really must.  Second, for a forum devoted to private money, there sure are a lot of people in this thread very eager to tell google their every move.

[Inaba]

Except that Google Auth has nothing to do with Google's servers and you don't even need an internet connection to use it.

[kjj]

Except that Google Auth has nothing to do with Google's servers and you don't even need an internet connection to use it.

Have a link for that?  I tried a bunch of searches looking for the technical details, but all I could find was ways to enable it on my gmail account and get SMS, so I assumed the worst.

[🏰 TradeFortress 🏰]

Except that Google Auth has nothing to do with Google's servers and you don't even need an internet connection to use it.

Have a link for that?  I tried a bunch of searches looking for the technical details, but all I could find was ways to enable it on my gmail account and get SMS, so I assumed the worst.

Google Auth is just a fancy name for this:

function GoogleAuthenticatorCode(string secret)
     key := base32decode(secret)
     message := current Unix time ÷ 30
     hash := HMAC-SHA1(key, message)
     offset := last nibble of hash
     truncatedHash := hash[offset..offset+3]  //4 bytes starting at the offset
     Set the first bit of truncatedHash to zero  //remove the most significant bit
     code := truncatedHash mod 1000000
     pad code with 0 until length of code is 6
     return code

[Dougie]

I was scared by 2fa until TradeFortress pointed this out to me and sent me a javascript tool to process 2fa. I am a big advocate of it now. So yes. This is a must for this forums power users. But it should definitely be optional.

[StevenPine]

Can we get a response from a moderator or admin? The technical difficulty of installing this under options isn't that onerous.

[TheButterZone]

Will it stop these incessant virus PMers that seem to be trading and/or hacking forum accounts? If so, yes please.

[binaryFate]

Will it stop these incessant virus PMers that seem to be trading and/or hacking forum accounts? If so, yes please.

Is it just my bad luck in the last few days or do you also feel a recrudescence lately?

[TheButterZone]

Heh, good word. The first one I got was June 13, now 2 separate accounts just this week.

These fucking twats would wave guns around at cops in real life... PMing me is electronic suicide. Instant trust level shitcan, instant email to the webhost of their virus, instant warning comment on the download page. They just don't learn.

[binaryFate]

Heh, good word. The first one I got was June 13, now 2 separate accounts just this week.

These fucking twats would wave guns around at cops in real life... PMing me is electronic suicide. Instant trust level shitcan, instant email to the webhost of their virus, instant warning comment on the download page. They just don't learn.

Man, I right now just got a new PM from one of these morons, and after reading your post I thought "good idea, let's leave a comment!". Then on the comment page there was already one, and it was from you.

[tysat]

Can we get a response from a moderator or admin? The technical difficulty of installing this under options isn't that onerous.

A response from a mod doesn't really help (as seen here).  I think 2FA is a good idea, but theymos is the one who has to make it hap=pen.

[theymos]

Will it stop these incessant virus PMers that seem to be trading and/or hacking forum accounts?

No. 2FA is useless against phishing sites.

[binaryFate]

Will it stop these incessant virus PMers that seem to be trading and/or hacking forum accounts?

No. 2FA is useless against phishing sites.

For those phishing sites that are copy of this forum, that would be useful. Stolen passwords wouldn't be enough then, at least for people who enabled 2FA.

[TheButterZone]

Will it stop these incessant virus PMers that seem to be trading and/or hacking forum accounts?

No. 2FA is useless against phishing sites.

For those phishing sites that are copy of this forum, that would be useful. Stolen passwords wouldn't be enough then, at least for people who enabled 2FA.

I meant against the phisher account buyers themselves. Wouldn't they have to get the 2FA secret keys from the people they buy accounts from?

[chsados]

I support this tremendously.