Can bitcointalk.org get 2 factor authentication?

[CurbsideProphet]

+1 for Google Authenticator

[isimme]

Please enable 2 factor authentication?

Better yet have the option for a user to enable.
If someone does not have it enabled
their username shows it is not enabled
maybe with a warning below their username or
their username is a different color(maybe yellow for caution).

This feature would add credibility not only to individuals
but to the BTC community as a whole!

[HeroC]

Turn it into a poll.

[CoinsForTech]

+1. Very interested in using Google Authenticator on the forums

[nimda]

+1. 2FA adds a ton to security.

[Evolyn]

vote for Yubikey/GA 2 FA. User using it should get an icon or something else that shows other users he/she 's using 2 FA.

I'm getting really paranoid reading about all these ppl scaming arround and then saying account was hacked.

People are f#@! d$%& stupid (this is NOT meant as insult, it includes me as well), using weak passwords, using same password everywhere, using passwords similar to their username and so on, regardless how much and often you talk about secure passwords. With 2 FA you can (partially) protect ppl from their own stupidity.

[kjj]

User using it should get an icon or something else that shows other users he/she 's using 2 FA.

Fuck this, and fuck google.

First, you don't ever leak security state information to attackers unless you really must.  Second, for a forum devoted to private money, there sure are a lot of people in this thread very eager to tell google their every move.

[Inaba]

Except that Google Auth has nothing to do with Google's servers and you don't even need an internet connection to use it.

[kjj]

Except that Google Auth has nothing to do with Google's servers and you don't even need an internet connection to use it.

Have a link for that?  I tried a bunch of searches looking for the technical details, but all I could find was ways to enable it on my gmail account and get SMS, so I assumed the worst.

[🏰 TradeFortress 🏰]

Except that Google Auth has nothing to do with Google's servers and you don't even need an internet connection to use it.

Have a link for that?  I tried a bunch of searches looking for the technical details, but all I could find was ways to enable it on my gmail account and get SMS, so I assumed the worst.

Google Auth is just a fancy name for this:

function GoogleAuthenticatorCode(string secret)
     key := base32decode(secret)
     message := current Unix time ÷ 30
     hash := HMAC-SHA1(key, message)
     offset := last nibble of hash
     truncatedHash := hash[offset..offset+3]  //4 bytes starting at the offset
     Set the first bit of truncatedHash to zero  //remove the most significant bit
     code := truncatedHash mod 1000000
     pad code with 0 until length of code is 6
     return code

[Dougie]

I was scared by 2fa until TradeFortress pointed this out to me and sent me a javascript tool to process 2fa. I am a big advocate of it now. So yes. This is a must for this forums power users. But it should definitely be optional.

[StevenPine]

Can we get a response from a moderator or admin? The technical difficulty of installing this under options isn't that onerous.

[TheButterZone]

Will it stop these incessant virus PMers that seem to be trading and/or hacking forum accounts? If so, yes please.

[binaryFate]

Will it stop these incessant virus PMers that seem to be trading and/or hacking forum accounts? If so, yes please.

Is it just my bad luck in the last few days or do you also feel a recrudescence lately?

[TheButterZone]

Heh, good word. The first one I got was June 13, now 2 separate accounts just this week.

These fucking twats would wave guns around at cops in real life... PMing me is electronic suicide. Instant trust level shitcan, instant email to the webhost of their virus, instant warning comment on the download page. They just don't learn.

[binaryFate]

Heh, good word. The first one I got was June 13, now 2 separate accounts just this week.

These fucking twats would wave guns around at cops in real life... PMing me is electronic suicide. Instant trust level shitcan, instant email to the webhost of their virus, instant warning comment on the download page. They just don't learn.

Man, I right now just got a new PM from one of these morons, and after reading your post I thought "good idea, let's leave a comment!". Then on the comment page there was already one, and it was from you.

[tysat]

Can we get a response from a moderator or admin? The technical difficulty of installing this under options isn't that onerous.

A response from a mod doesn't really help (as seen here).  I think 2FA is a good idea, but theymos is the one who has to make it hap=pen.

[theymos]

Will it stop these incessant virus PMers that seem to be trading and/or hacking forum accounts?

No. 2FA is useless against phishing sites.

[binaryFate]

Will it stop these incessant virus PMers that seem to be trading and/or hacking forum accounts?

No. 2FA is useless against phishing sites.

For those phishing sites that are copy of this forum, that would be useful. Stolen passwords wouldn't be enough then, at least for people who enabled 2FA.

[TheButterZone]

Will it stop these incessant virus PMers that seem to be trading and/or hacking forum accounts?

No. 2FA is useless against phishing sites.

For those phishing sites that are copy of this forum, that would be useful. Stolen passwords wouldn't be enough then, at least for people who enabled 2FA.

I meant against the phisher account buyers themselves. Wouldn't they have to get the 2FA secret keys from the people they buy accounts from?