|What of a 2FA (using the signing btc-address) for the forum!

[Danydee]

 I think that it would be very great, the smartest two-Factor-Authentificator ever made !
 Just need to sign a message auto-generated, enter the signature, and it's done !!


 Would be a very efficient way securising the Bitcointalk accounts. after enabling, can asked a verification just for Email / password changing.. for just the major operations!

[1714932771]

1714932771

[1714932771]

1714932771

[1714932771]

1714932771

[khaled0111]

theymos once said that a similar feature would be implemented in the new forum software (that was 5 years ago)  

Fancy Authentication
In addition to normal password authentication, the forum should support various kinds of of
alternative authentication. At least password auth, email verification, secret questions, OpenID,
PGP, OpenVPN (automatic creation of subnets + IP source verification), and Bitcoin address
signing should be supported, with multiple allowable credentials for each auth type.

However, if it becomes mandatory to sign a message whenever a member logs in, it would be a real pain for those who browse the forum using their smartphones.
If implemented, it should be up to the user to decide whether he wants to activate this feature or not.

[Danydee]

  Not to authentificate every login, May the forum really need it now to prevent from the accounts Hacking/Hijacking, asking for authentication just when needing change Email or Password. Bitcoin address signing could be the easiest way, number of the other methods can be subject to the LOST and may necessitate additionals tools, Bitcoin address Signing is just like PGP, but more faster and more lite!

[JohnBitCo]

I thing that it would be very great, the smartest two-Factor-Authentificator ever made !
 Just need to sign a message auto-generated, enter the signature, and it's done !!


 Would be a very efficient way securising the Bitcointalk accounts. after enabling, can asked a verification just for Email / password changing.. for just the major operations!

There is a mixed feeling on the topic about the 2fa to be implemented in the forum or not.  Stake your Bitcoin address here is already a good option to get back your account if ever hacked. Also a hacked account is always tagged on request of the original owner and it becomes of no use for the hacker to be use in bounties or whatever purpose.

[SFR10]

However, if it becomes mandatory to sign a message whenever a member logs in, it would be a real pain for those who browse the forum using their smartphones.

AFAIK, most smartphone users remain logged in so that shouldn't really be a big deal for them.
- I think only 2FA ^{[with an authenticator app]} will be added for entering the forum.

asking for authentication just when needing change Email or Password.

Since 2FA is already part of "Planned Features ^{[most likely for login purposes]}", I think it'll be fairly easy to implement it for email/password changes.

Planned Features

• 2-Factor Authentication

[Danydee]

I thing that it would be very great, the smartest two-Factor-Authentificator ever made !
 Just need to sign a message auto-generated, enter the signature, and it's done !!


 Would be a very efficient way securising the Bitcointalk accounts. after enabling, can asked a verification just for Email / password changing.. for just the major operations!

There is a mixed feeling on the topic about the 2fa to be implemented in the forum or not.  Stake your Bitcoin address here is already a good option to get back your account if ever hacked. Also a hacked account is always tagged on request of the original owner and it becomes of no use for the hacker to be use in bounties or whatever purpose.

Recovering Hacked accounts can sometimes take very much time.
 And Imagine you gets your account hacked in a period you are away from the forum.., Here is the purpose, limiting the accounts hack!

 

[taufik123]

Recovering Hacked accounts can sometimes take very much time.
 And Imagine you gets your account hacked in a period you are away from the forum.., Here is the purpose, limiting the accounts hack!

there must be free time to take care of accounts that were hacked. If it is needed at least you take care of it. Include a Bitcoin email and sign message to prove that it's your account.
I have also experienced the same thing. The account recovery team is very responsive and immediately resolves your complaints against the hacked account, if you provide all the proofs


Recovering hacked/lost accounts

If your account was hacked

Email recoveries...@bitcointalk.org, ideally from the account's email address.
Include your username and a brief description of the details of how/when the account was hacked. A signature will likely be required.

If you forgot the password or similar

Try using the email password reset. Check that the email isn't ending up in your spam folder. If that doesn't work, email recoveries...@bitcointalk.org, ideally from the account's email address. Include your username. A signature will likely be required

[FIFA worldcup]

I thing that it would be very great, the smartest two-Factor-Authentificator ever made !
 Just need to sign a message auto-generated, enter the signature, and it's done !!


 Would be a very efficient way securising the Bitcointalk accounts. after enabling, can asked a verification just for Email / password changing.. for just the major operations!

There is a mixed feeling on the topic about the 2fa to be implemented in the forum or not.  Stake your Bitcoin address here is already a good option to get back your account if ever hacked. Also a hacked account is always tagged on request of the original owner and it becomes of no use for the hacker to be use in bounties or whatever purpose.

Recovering Hacked accounts can sometimes take very much time.
 And Imagine you gets your account hacked in a period you are away from the forum.., Here is the purpose, limiting the accounts hack!

 

Why would let the account get hacked in the first place ?  Almost everywhere where the information and data is important we see 2fa implemented. Bitcoin accounts are precious and therefore we should have an option to secure the account with 2fa.   If some people don't like 2fa, they can ignore it if this feature is implement optional and not mandatory.

[Danydee]

@FIFA worldcup,  Exactly !

[o_e_l_e_o]

I would love to have 2FA for the forum. Ideally hardware keys, but even just standard authenticators apps would be a big step forward. However, I accept that it is never going to happen on the SMF software, so the best we can hope for is for it to be implemented in Epochtalk.

In the meantime, there are plenty of other things you can do to help secure your account. Use a password manager if you aren't already, and get it to generate a long and random password for your account. Do not reuse this password anywhere else. Go in to your profile settings and hide your email address. Consider even changing your email address to a new hidden one if yours is widely known. Make sure your email account also has a (different) long and random password on it. Don't log in to the forum using any device which you don't own, and ideally don't log in via any public internet network. If you must use a public connection, use a VPN to protect yourself. Stake an address in the thread linked above. Make sure no one knows your captcha bypass code, and reset it if you think they might (https://bitcointalk.org/captcha_code.php).

[alani123]

2-fa is a feature that has been requested already and I would personally love to see it. But I don't think that it's worth to try the BTC authorization in this forum. Maybe something as experimental would have been better for smaller communities.

Also, provided that epochtalk is being developed, I wonder how much point there is adding so many new features to the current forum

[lulucrypto]

The idea of integrating this kind of two-factor check for the email / password change is excellent !

To be honest, I would like to develop a pluggin for SMF in order to add certain functions to the forum, but I do not know if Theymos would accept to install it on the forum (In Open-source version).

This idea could be included in this pluggin.

[LTU_btc]

2FA on Bitcointalk was discussed so many times already, but this is something different. 2Fa with signed message from Bitcoin address would be very interesting addition.
But probably it would be less convenient than standard 2FA apps. Especially if you're not using option "always stay logged in" and logging in every time when you visit forum. Let's say that I use hardware or desktop wallet and I want to login to forum on mobile being away from home. It would be impossible for me to do it. I understand that it would be optional thing, but would be good to have more standard 2Fa as alternative.
And yeah, we are on crypto forum, so it would be nice to use more opportunities give for us by Bitcoin.

[eddie13]

I think that it would be best to completely do away with usernames, emails, and passwords, and just register a BTC public address to make an account..

To log in, enter your BTC public address, click login and it gives you a timestamp hashed against your public key that you must sign within 1-3 minutes, enter the BTC signed message of the timestamp hash like a password, BTCT verifies your signature, you are logged in..

Simple..

Let an unlimited amount of "Anonymous" usernames exist and make usernames optional, like 4chan but you could only ever choose one username..
Make emails optional..
No passwords..

No captcha for login, just reduce it to 10 tries an hour..
You can't bruteforce a BTC signed message signature.. No hacked password hashes problems ever again..

It would give everyone excellent practice on handling their keys...
Lose your keys = lose your account, no recourse you LOSE..


I may be missing a lot here because I'm pretty code stupid, but I think that setup would be epic..

[masulum]

I think that it would be best to completely do away with usernames, emails, and passwords, and just register a BTC public address to make an account..

To log in, enter your BTC public address, click login and it gives you a timestamp hashed against your public key that you must sign within 1-3 minutes, enter the BTC signed message of the timestamp hash like a password, BTCT verifies your signature, you are logged in..

Simple..
<snip>

If my imagine is right, the login page should like this one



or it will different? If I'm right, login with this method will be good, but it will hard to remember the signed message. Of course, we can make a backup, but we must save sign message to all of our device, in case we want to login in mobile.

[o_e_l_e_o]

If I'm right, login with this method will be good, but it will hard to remember the signed message. Of course, we can make a backup, but we must save sign message to all of our device, in case we want to login in mobile.

You are misunderstanding.

If you just log in with the same signed message every time, then it is no better than a password (albeit a long and random, therefore strong, password). If some malware, phishing, MITM, etc., steals your signed message, then they have access to your account.

In eddie13's suggestion, the forum will provide you with a different unique message which you will have to sign every time you wish to log in. This system should also probably do away with the "always stay logged in" option, so someone intercepting a message once can't have access to your account forever.

[khaled0111]

If my imagine is right, the login page should like this one
https://i.ibb.co/rGtp5Rh/image.png
or it will different? If I'm right, login with this method will be good,

No, absolutely not! How can that be a good idea!
It will be easy to hack all accounts that staked their addresses here or anywhere else. Just copy the message and the signed message from there, fill the login form et voilà  
As o_e_l_e_o explained, you have to sign a different message generated by the forum server each time.