anorganix (OP)
Copper Member
Sr. Member
Offline
Activity: 970
Merit: 287
Per aspera ad astra
|
|
April 11, 2022, 02:48:32 PM |
|
Hi,
I searched the forums and I was able to find an old thread, locked since some time now. How about adding the option for 2FA when logging in? An integration with Google Authenticator or similar would greatly reduce the risk of account theft/ impersonation/ etc.
Thoughts? Ideas?
Cheers, - anx.
|
I will never send private messages with payment requests for my auctions. I only communicate transparently via the forum (not Telegram, Discord, Skype & others). Please be wary of scammers.
|
|
|
Bitcoin_Arena
Copper Member
Legendary
Offline
Activity: 2128
Merit: 1814
฿itcoin for all, All for ฿itcoin.
|
|
April 11, 2022, 10:59:43 PM |
|
Hi,
I searched the forums and I was able to find an old thread, locked since some time now. How about adding the option for 2FA when logging in? An integration with Google Authenticator or similar would greatly reduce the risk of account theft/ impersonation/ etc.
Thoughts? Ideas?
You are going to have to wait for it in the new forum software that is being polished up Any plans for implementing some sort of a 2FA in the new forum? (this is especially important for people conducting trades over the forum) Yes, there will be 2FA. Admin has been reluctant to implement 2FA on this forum software, probably because it will be so time-consuming and so hard a task. You are definitely not the first to request for it If someone wants to write a patch for it, I will seriously consider adding it. I believe that safely adding 2FA would be very time-consuming, so I'm not willing to do it myself or direct Slickage to do it.
That wouldn't eliminate the need for manual recoveries; it might even increase it as people lose their second factor. 2FA would be nice, but IMO the email notifications provide many of the same benefits, so it's not high on my to-do list.
|
|
|
|
NeuroticFish
Legendary
Offline
Activity: 3850
Merit: 6583
Looking for campaign manager? Contact icopress!
|
|
April 12, 2022, 06:06:37 AM |
|
It may worth mentioning that although many see 2FA as ultimate safety, most keep the 2FA app on the same phone they need the 2FA codes - usually for crypto platforms/exchanges, but the new forum, if ever, will be another such case.
Known Bitcoin address is imho the best and most appropriate safety net.
|
|
|
|
Iced
Full Member
Offline
Activity: 636
Merit: 208
Belgian based crypto-enthusiast
|
|
April 13, 2022, 09:13:28 PM |
|
It may worth mentioning that although many see 2FA as ultimate safety, most keep the 2FA app on the same phone they need the 2FA codes - usually for crypto platforms/exchanges, but the new forum, if ever, will be another such case.
Known Bitcoin address is imho the best and most appropriate safety net.
I do share your opinion and 2FA is only as safe as the implementation of it is done securely, history has learned us that 2FA doesn't solve being secured. There are a lot of reports where 2FA could be bypassed etc.. nevertheless, I do opt for a more secure option to log in.
|
No signature for now
|
|
|
|
SFR10
Legendary
Offline
Activity: 3178
Merit: 3529
Crypto Swap Exchange
|
there should be added support for any U2F keys like yubikey… or Trezor.
Only if it allows us to register multiple U2F keys or devices... I know a few platforms that have a limit of 1 and if you somehow lose both your device and the backup codes [or the recovery seed for Trezor], then you'd probably lose access "from your side [in other words, more work for the recovery team]"! - I do know that the recovery options differ slightly based on the type of U2F device that's being used, but still...
|
|
|
|
PrimeNumber7
Copper Member
Legendary
Offline
Activity: 1666
Merit: 1901
Amazon Prime Member #7
|
|
April 17, 2022, 07:11:26 AM |
|
That wouldn't eliminate the need for manual recoveries; it might even increase it as people lose their second factor. 2FA would be nice, but IMO the email notifications provide many of the same benefits, so it's not high on my to-do list.
This is the reason why I think it is unlikely for 2FA to ever be implemented on bitcointalk. There is a lot of commerce that takes place on bitcointalk, however, a bitcointalk account is intended to be used for discussion. So the types of verifications that 2FA provides is better done when trading, rather than when logging in. There are sometimes occasions in which someone will legitimately lose access to their private keys, and the market can decide how to handle these situations, which will typically be that the person will need to earn trust subsequent to losing their private keys. If 2FA is required to even log in, there will be instances in which the administration will be faced with the choice between not allowing someone who has evidence they are a long-standing forum member from accessing their account and potentially allowing an imported from accessing a long-standing forum member's account.
|
|
|
|
Husires
Legendary
Offline
Activity: 1596
Merit: 1288
|
|
May 25, 2022, 12:51:39 PM |
|
Thoughts? Ideas?
Perhaps one of the reasons this development takes a while is that the forum is open for public discussion, you are not supposed to share personal data here, messages are encrypted and it is better to encrypt it with yourself. Two-factor authentication is good if the forum asks you for money or personal data, and the recovery of accounts does not take much time, you may make sure that you are signing a message correctly.
|
|
|
|
tranthidung
Legendary
Offline
Activity: 2450
Merit: 4275
Farewell o_e_l_e_o
|
There will be 2FA in a new forum software, Epochtalk. For this forum software SMF, there will be no 2FA as the admin confirms it. There are other ways for you to secure your account as well as prepare for your account recovery in future. - Set up a strong password. I believe you do know about it but this step is important for newbies.
- Sign a message from your Bitcoin address and stake it in the forum.
|
|
|
|
TheBeardedBaby
Legendary
Offline
Activity: 2240
Merit: 3150
₿uy / $ell ..oeleo ;(
|
|
May 31, 2022, 09:31:13 PM |
|
How about adding a standard message (date and time) to be signed from a staked or registered address when you open an account. It could be automated and If it's verified successfully you can log in. This could be required on a random basis every month for security. It's a bitcoin forum after all.
|
|
|
|
malevolent
can into space
Legendary
Offline
Activity: 3472
Merit: 1724
|
I can imagine such a measure discouraging some new users from participating because they have yet to learn how to do such a simple thing, or older users who lost access to the private key associated with the address (or users for whom it wouldn't be worth the hassle to search for the key). Maybe if this sort of requirement only existed for some Marketplace child-boards, it could make sense to prevent some scams (not all, social engineering via PMs would still be possible, which perhaps could be countered with a message padded to the PM, something along the lines of "this user last authenticated X days ago").
|
Signature space available for rent.
|
|
|
PrimeNumber7
Copper Member
Legendary
Offline
Activity: 1666
Merit: 1901
Amazon Prime Member #7
|
|
June 11, 2022, 08:51:02 PM |
|
I can imagine such a measure discouraging some new users from participating because they have yet to learn how to do such a simple thing, or older users who lost access to the private key associated with the address (or users for whom it wouldn't be worth the hassle to search for the key).
2FA is a very simple concept that nearly every service that conducts financial transactions uses in one way or another (with some being less secure than others). I would have serious doubts that requiring 2FA would discourage participation. Although there is the argument that 2FA may result in additional account recoveries, and may result in the threshold for recovering an account to be lowered because people have lost their 2FA keys.
|
|
|
|
malevolent
can into space
Legendary
Offline
Activity: 3472
Merit: 1724
|
|
June 13, 2022, 03:37:56 PM |
|
I can imagine such a measure discouraging some new users from participating because they have yet to learn how to do such a simple thing, or older users who lost access to the private key associated with the address (or users for whom it wouldn't be worth the hassle to search for the key).
2FA is a very simple concept that nearly every service that conducts financial transactions uses in one way or another (with some being less secure than others). I would have serious doubts that requiring 2FA would discourage participation. I was replying to TheBeardedBaby's post where he proposed signing messages. A newbie is more likely to be confused how to sign a message compared with the more common use of scanning QR codes with Google Authenticator. Also most people register on forums not to sell but to participate in discussions and if they don't associate monetary value with their account (compared with other services requiring 2FA), they might not care as much about losing their 2FA for one reason or another.
|
Signature space available for rent.
|
|
|
TheBeardedBaby
Legendary
Offline
Activity: 2240
Merit: 3150
₿uy / $ell ..oeleo ;(
|
|
June 29, 2022, 07:21:20 AM Merited by malevolent (1) |
|
I can imagine such a measure discouraging some new users from participating because they have yet to learn how to do such a simple thing, or older users who lost access to the private key associated with the address (or users for whom it wouldn't be worth the hassle to search for the key).
2FA is a very simple concept that nearly every service that conducts financial transactions uses in one way or another (with some being less secure than others). I would have serious doubts that requiring 2FA would discourage participation. I was replying to TheBeardedBaby's post where he proposed signing messages. A newbie is more likely to be confused how to sign a message compared with the more common use of scanning QR codes with Google Authenticator. Also most people register on forums not to sell but to participate in discussions and if they don't associate monetary value with their account (compared with other services requiring 2FA), they might not care as much about losing their 2FA for one reason or another. I thought more as an Option to choose when register you account, and possibly activate it later but not as a requirement to register. Same as the console browser view of the forum suggested by Cyrus some time ago. It's gonna be an option for those people who don't want to do anything with authenticators like Google or Microsoft and worried of being tracked.
|
|
|
|
programmer3666
Jr. Member
Offline
Activity: 71
Merit: 6
|
|
August 16, 2024, 03:40:24 PM |
|
Hi,
I searched the forums and I was able to find an old thread, locked since some time now. How about adding the option for 2FA when logging in? An integration with Google Authenticator or similar would greatly reduce the risk of account theft/ impersonation/ etc.
Thoughts? Ideas?
Cheers, - anx.
I was just thinking about the 2FA login process before I logged in and I came across this post in this section, Even the Captcha Login Process ticks it's box automatically.
|
|
|
|
logfiles
Copper Member
Legendary
Offline
Activity: 2156
Merit: 1818
Top Crypto Casino
|
|
August 16, 2024, 10:32:35 PM |
|
I was just thinking about the 2FA login process before I logged in and I came across this post in this section, Even the Captcha Login Process ticks it's box automatically.
Just in case you missed it, the 2 FA feature was added in December last year thanks to our valued member PowerGlove. You can read through the postI think the Captcha Login process is Ok especially if you are not using Tor or some fee VPN service. Sometime back, it was actually so annoying, and you would end up going through several loops before logging in,
|
|
|
|
|