Bitcoin Forum
July 17, 2019, 05:27:34 PM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: 2FA to Active on Bitcointalk Forum (Requested to Admin)  (Read 1481 times)
shirazteam110
Member
**
Offline Offline

Activity: 70
Merit: 10


View Profile
August 20, 2017, 03:39:30 AM
 #1

Dear All,
Please request to Admin to active 2FA While Login in Bitcointalk Forum
Like : Via Email or Google Authentication !!

Thanks

 
1563384454
Hero Member
*
Offline Offline

Posts: 1563384454

View Profile Personal Message (Offline)

Ignore
1563384454
Reply with quote  #2

1563384454
Report to moderator
1563384454
Hero Member
*
Offline Offline

Posts: 1563384454

View Profile Personal Message (Offline)

Ignore
1563384454
Reply with quote  #2

1563384454
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1563384454
Hero Member
*
Offline Offline

Posts: 1563384454

View Profile Personal Message (Offline)

Ignore
1563384454
Reply with quote  #2

1563384454
Report to moderator
Quickseller
Copper Member
Legendary
*
Offline Offline

Activity: 1848
Merit: 1716



View Profile WWW
August 20, 2017, 04:41:10 AM
 #2

email is not going to be a very useful method of 2FA (when used alone) most of the time. This is especially true considering a "real" email address is not required to register/use the forum.

Google authenticator is a better 2FA method, although it would require users to own a smartphone, which some may not. A signed message may be a good way to use 2FA, either with a Bitcoin address, or a GPG key - maybe this could be one option when the new forum is put into production.

Click Here to See Alex Morgan Twerking||2nd Video
(Videos Suchmoon doesn’t want you to see)
GideonGono
Hero Member
*****
Offline Offline

Activity: 896
Merit: 500



View Profile
August 20, 2017, 05:49:54 AM
 #3

email is not going to be a very useful method of 2FA (when used alone) most of the time. This is especially true considering a "real" email address is not required to register/use the forum.

Google authenticator is a better 2FA method, although it would require users to own a smartphone, which some may not. A signed message may be a good way to use 2FA, either with a Bitcoin address, or a GPG key - maybe this could be one option when the new forum is put into production.

Then the forum should make a confirmation email to be considered that it is officially registered then it would be possible to use 2FA using email but I agree more via signed message since it is muh secure to use.

           ▄▄███████████▄▄▄
        ███            ▀▀█████▄
      ██                   ▀█████▄
    ██                       ▀█████
   █          ██  ██           █████
  █           ██  ██            █████
 █        ▄▄███████████          █████
 █        █████████████           ████▌
█         █████                   █████
█         █████                   █▀ ▀█
█         ████████████              ▄ 
█         ████████████            ▄███▄
█         █████                   █████
 █        █████                   ████▌
 █        █████████████          █████
  █       ▀▀███████████         █████
   █▄         ██  ██          ▄████▀
    ▀█        ██  ██        ▄████▀
      ▀█▄                 ▄████▀
         ▀▀█▄▄▄▄▄▄▄▄▄▄▄███▀▀▀
██
██  ██  ██
██
██  ██  ██
██  ██  ██
██  ██  ██
██  ██  ██
██  ██  ██
██  ██  ██
██  ██  ██
██
██  ██  ██
██
██
██  ██  ██
██
██  ██  ██
██  ██  ██
██  ██  ██
██  ██  ██
██  ██  ██
██  ██  ██
██  ██  ██
██
██  ██  ██
██
▄███▄
███████████████████████
██                   ██
██ ░███████████████░ ██
██                   ██
▀███ ░███████████████░ ███▀
▄  ▀█                   █▀  ▄
██▄    ███████████████    ▄██
████▄                   ▄████
██████▄               ▄██████
████████             ████████
██████▀  ▄██▄   ▄██▄  ▀██████
████▀  ▄██████▄██████▄  ▀████
██▀  ▄█████████████████▄  ▀██

WHITEPAPER
.▒██████████████████████▒
▒████████████████████████▒
▒████████████████████████▒
▒██▄     ███████     ▄███▒
▒████     █████     █████▒
▒████ ▌    ███▌     █████▒
▒████ █     █▌ ▐    █████▒
▒████ ██      ▐█    █████▒
▒████ ███    ▐██    █████▒
▒███▀ ▀███   ███    █████▒
▒█▀     ▀██ ██▀      ▀███▒
▒████████████████████████▒
.▒██████████████████████▒
.▒██████████████████████▒
▒████████████████████████▒
▒█████████████▀    ▀█████▒
▒██░▀████████▌      ▀████▒
▒██░   ▀████▀        ▀███▒
▒██                 █████▒
▒███                █████▒
▒█████              █████▒
▒██████           ▄██████▒
▒█████▀         ▄████████▒
▒███▄▄      ▄▄███████████▒
▒████████████████████████▒
 ▒██████████████████████▒
.▒██████████████████████▒
▒████████████████████████▒
▒████████████████████████▒
▒████████████▀▀    ▓█████▒
▒███████▀▀     ▄▀  ▓█████▒
▒███▀▀       ▄▀    ██████▒
▒██░       ▄▀░░    ██████▒
▒████▄▄  ▄▀       ███████▒
▒████████▄░       ███████▒
▒█████████        ███████▒
▒██████████ ██▄▄ ████████▒
▒████████████████████████▒
 ▒██████████████████████▒
TryNinja
Legendary
*
Online Online

Activity: 1078
Merit: 1359


CS <3


View Profile
August 20, 2017, 06:04:17 AM
 #4

I'm just going to quote a reply made yesterday by actmyname about the same subject.

And just like he said, "Searching for 2FA and finding these posts took me <5 minutes."

If someone wants to write a patch for it, I will seriously consider adding it. I believe that safely adding 2FA would be very time-consuming, so I'm not willing to do it myself or direct Slickage to do it.

2FA is going to be implemented in EpochTalk. I suppose we'll all be able to use it once the forum software has been replaced:

https://github.com/slickage/epochtalk/blob/master/app/templates/login.html


Old posts but relevant.

This is also from a previously-created thread: https://bitcointalk.org/index.php?topic=1472714.0
Searching for 2FA and finding these posts took me <5 minutes.

shirazteam110
Member
**
Offline Offline

Activity: 70
Merit: 10


View Profile
August 20, 2017, 08:37:11 PM
 #5

email is not going to be a very useful method of 2FA (when used alone) most of the time. This is especially true considering a "real" email address is not required to register/use the forum.

Google authenticator is a better 2FA method, although it would require users to own a smartphone, which some may not. A signed message may be a good way to use 2FA, either with a Bitcoin address, or a GPG key - maybe this could be one option when the new forum is put into production.

Because Bitcointalk is an important platform of Bitcoin and Altcoin discussion so admin should take action and upgrade forum with 2FA that will help to user to be secured   
Quickseller
Copper Member
Legendary
*
Offline Offline

Activity: 1848
Merit: 1716



View Profile WWW
August 20, 2017, 08:40:54 PM
 #6

email is not going to be a very useful method of 2FA (when used alone) most of the time. This is especially true considering a "real" email address is not required to register/use the forum.

Google authenticator is a better 2FA method, although it would require users to own a smartphone, which some may not. A signed message may be a good way to use 2FA, either with a Bitcoin address, or a GPG key - maybe this could be one option when the new forum is put into production.

Because Bitcointalk is an important platform of Bitcoin and Altcoin discussion so admin should take action and upgrade forum with 2FA that will help to user to be secured    
Like I said, 2fa should be implemented in the new forum.

It is difficult to implement 2fa with the version of SMF the forum is using. As posted above, theymos has said he will consider adding it someone can provide a way of adding it safely, and IIRC, a few people have posted bounties for implementing 2fa on the forum.

edit: It looks like a 2 btc bounty was offered for 2fa, and NLNico had written something compatible with the version of SMF the forum uses, however it is unclear why theymos has not implemented it.

Click Here to See Alex Morgan Twerking||2nd Video
(Videos Suchmoon doesn’t want you to see)
phantam
Full Member
***
Offline Offline

Activity: 546
Merit: 106


Bountyhive.io


View Profile WWW
August 21, 2017, 12:41:14 AM
 #7

2FA should start becoming the default in all platforms theirs no reason not to have it as a function, Google Auth, Microsoft Auth, Authy, the softwares their its just for the forum and website owners to take advantage of the APIs.
sacombank
Full Member
***
Offline Offline

Activity: 359
Merit: 100



View Profile
August 21, 2017, 12:50:23 AM
 #8

we just need fixed email to secure info , not allow change it , i think it better for all .

   ⚡⚡ PRiVCY ⚡⚡   ▂▃▅▆█ PRiVCY (PRIV) is a new PoW/PoS revolutionary privacy project Best privacy crypto-market! █▆▅▃▂
    Own Your Privacy! ───────────────── WebsiteGithub  |  Bitcointalk  |  Twitter  |  Discord  |  Explorer ─────────────────
   ✯✯✯✯✯                 ✈✈✈[Free Airdrop - Starts 9th June][Tor]✈✈✈ ║───────────║ Wallet Windows  |  macOS  |  Linux[/
NLNico
Legendary
*
hacker
Offline Offline

Activity: 1876
Merit: 1248


DiceSites.com owner


View Profile WWW
August 21, 2017, 04:50:44 AM
Last edit: August 21, 2017, 05:03:30 AM by NLNico
 #9

.. and NLNico had written something compatible with the version of SMF the forum uses, however it is unclear why theymos has not implemented it.

Correct.

The way I remember it, was that theymos was hoping others could give some feedback on it too. But no one did and it was never implemented :p

The package should still work fine. Although, I think it was also not good against bruteforcing, as it is using the default SMF way which isn't good.

If theymos is still interested in it, I could still add proper anti-2FA-bruteforce in that package and it can still be used :p I guess it kinda depends on when that new forum is finished too :X

edit: actually I see it uses CAPTCHA now on login, so that is actually a way to protect against bruteforcing.

mamichula
Sr. Member
****
Offline Offline

Activity: 315
Merit: 253


View Profile
August 21, 2017, 05:01:35 AM
 #10

It would be better than having to click on the roads and cars every time you log in.

Did something happen recently, before we could just log in entering our names and password on the top left of the page?

audaciousbeing
Hero Member
*****
Offline Offline

Activity: 980
Merit: 559



View Profile
August 21, 2017, 09:39:20 AM
 #11

Dear All,
Please request to Admin to active 2FA While Login in Bitcointalk Forum
Like : Via Email or Google Authentication !!

Thanks

 

I really dont see the need for this in addition to the one we currently have which is to a large extent has been very effective. I am also sure that when the forum administrators deemed it necessary that it should be added then they would definitely do without anyone trying to make them do it. Also, people dont go through 2FA for its sake there will be some cogent reasons and serious security challenge to make that a possibility and if its going to be implemented, then it should be made optional.

EPIC CASH             ▄▄████████          ▄██▄▄
   ▄▄▄▄▄▄▄█████ █████▀     █████████████████▄▄
███████████ ███  ██▀     ███████████████████████
    ██████████         ██████████████████████
   █████████          █████████▀█▄███████████▌
   ████████           ▀▀▀▄▄▀  ████████████████
    ███  █           ████████▄▄███ ▐█████████
     ▀██▄           █████████████   ▀  ▀██ ▀
       ▀█████▄▄▄     ██████████         ██▄▄
         █████████       █████           ▀█████▄▄▄
          ███████         ████             ▀▀▄▄▄▄
           █████          ████ █           ███████
           ████            ██              ▀▀  ██
           ███
            █
Whitepaper  |  ANN
........................E          P          I          C.......................
Twitter  |  Facebook  |  Discord  |  Telegram










Epic Private Internet Cash
Coming July 14th, 2019
QueenOf
Sr. Member
****
Offline Offline

Activity: 546
Merit: 250


View Profile
August 21, 2017, 02:10:40 PM
 #12

Dear All,
Please request to Admin to active 2FA While Login in Bitcointalk Forum
Like : Via Email or Google Authentication !!

Thanks

 
Yeah I agree if you use telephone access a2f and  do not use handphone with internet, use hp like the old hp, I guess this will really keep us from thieves account and I ever experienced a theft  them trial access via email very much report of someone trying to log in, since my friend suggested using a2f on my account. and my  account secure now.
HeroC
Legendary
*
Offline Offline

Activity: 863
Merit: 1000


GPG: FA122C1A | IRC: HeroCC


View Profile
August 21, 2017, 02:53:43 PM
 #13

-snip-

edit: actually I see it uses CAPTCHA now on login, so that is actually a way to protect against bruteforcing.

That is a possible way, but the biggest / best CAPTCHA provider right now is Google, and it requires a JS and a bunch of other nasties the security / privacy concerned wouldn't be fond of. The new forum software will have 2fa (if it's ever released).
mamichula
Sr. Member
****
Offline Offline

Activity: 315
Merit: 253


View Profile
August 21, 2017, 07:29:08 PM
 #14

Question about F2A. What happens if I lose my phone. I couldn't get back into exchange because the F2A was from a different phone. Does the Goolge one get link with my email.

Can a 3rd party entity find out my email from my F2A?
BCTBF
Sr. Member
****
Offline Offline

Activity: 560
Merit: 257


View Profile
August 21, 2017, 07:43:50 PM
 #15

Question about F2A. What happens if I lose my phone. I couldn't get back into exchange because the F2A was from a different phone. Does the Goolge one get link with my email.

Can a 3rd party entity find out my email from my F2A?
As far as I know, if the phone you use for 2FA is lost you can still gain access to your account with certain requirements to prove if the account is yours. Because on an exchange that uses 2FA as well as I know it is just that and for proof it is something very difficult.
HeroC
Legendary
*
Offline Offline

Activity: 863
Merit: 1000


GPG: FA122C1A | IRC: HeroCC


View Profile
August 21, 2017, 09:49:47 PM
 #16

Question about F2A. What happens if I lose my phone. I couldn't get back into exchange because the F2A was from a different phone. Does the Goolge one get link with my email.

Can a 3rd party entity find out my email from my F2A?

It depends on how the service treats it. Some completely lock the account, while others let you back in if you can somehow prove your identity.
shirazteam110
Member
**
Offline Offline

Activity: 70
Merit: 10


View Profile
August 22, 2017, 02:53:22 AM
 #17

Dear All,
Please request to Admin to active 2FA While Login in Bitcointalk Forum
Like : Via Email or Google Authentication !!

Thanks

 

I really dont see the need for this in addition to the one we currently have which is to a large extent has been very effective. I am also sure that when the forum administrators deemed it necessary that it should be added then they would definitely do without anyone trying to make them do it. Also, people dont go through 2FA for its sake there will be some cogent reasons and serious security challenge to make that a possibility and if its going to be implemented, then it should be made optional.

Actually you never had experienced to be attacked by hackers . many people lost the account every day .. so 2FA will help to be secured
aizen10
Full Member
***
Offline Offline

Activity: 532
Merit: 100


View Profile
August 22, 2017, 03:38:05 AM
 #18

Question about F2A. What happens if I lose my phone. I couldn't get back into exchange because the F2A was from a different phone. Does the Goolge one get link with my email.

Can a 3rd party entity find out my email from my F2A?
As far as I know, if the phone you use for 2FA is lost you can still gain access to your account with certain requirements to prove if the account is yours. Because on an exchange that uses 2FA as well as I know it is just that and for proof it is something very difficult.

prof that if that account is yours, are totally difficult to prove. because if all of your works are only stored/access in one gadgets like a phone, all back-up and data are lost too, how could you recognize all of them when you create a proof that retrieving account is yours? its very difficult how to solve this problem. and i think there's no need to implement that 2FA here at our forum.
Nalienn
Full Member
***
Offline Offline

Activity: 182
Merit: 100


View Profile
August 24, 2017, 11:32:49 AM
 #19

Just bumping this in hopes something gets done soon.

I can't believe my account got hacked without me even getting any sort of notification.
The password was safe and was definitely not spoofed elsewhere or keylogged. It was definitely obtained via a breach of this forum, which is not something that I would've expected to happen within a few weeks of updating the password. Much less with no email notification of the breach, password or email change of my account.

It's been well over two weeks with no response despite having provided ample proof of my ownership of the account as well. Either there is absolutely zero security in place, or someone with control access compromised my account, there's no other way around this case.

Very disappointed with the world's leading Bitcoin forum.
Literally everything uses 2FA these days, and no site allows users changing passwords/emails without email confirmations. The current situation is just completely unacceptable by any standards and it shines a bad light on Cryptos.

Could somebody tell me what the problem with moving to a new SMF version is?
xwshamim
Copper Member
Sr. Member
****
Offline Offline

Activity: 432
Merit: 251

https://t.me/xwshamim


View Profile WWW
August 24, 2017, 12:10:25 PM
 #20

yeah i also think we at first need an email for official use . so that if any thing happens we can know through email and change every thing through email . also 2fa from google authentication is a good idea
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!