eclipsemc.com

[Enigma81]

Maybe I'm paranoid about security, but this error message scares the daylights out of me.  I've sent a message to support@eclipsemc.com, but I might suggest that no-one else try logging in to eclipsemc.com until this gets cleared up.  I am 101% positive that my password was typed correctly, and I have no idea what google would have to do with my login...

Enigma

[1715369397]

1715369397

[1715369397]

1715369397

[Inaba]

We implemented a new security feature to allow people to use Google Authenticator as a 2nd factor login credential.  I thought I had tested every iteration of login possibilities, but apparently I neglected to test the most important one and went to bed.  So it was trying to authenticate everyone against the GA, even if they did not have it enabled.

The problem has been corrected and you should be able to login with out a GA token now. Additionally, you should be able to properly generate the GH QR code & token if you wish to enable it.

I apologize for the confusion and problems logging in.  Everything should be good to go now.

[Enigma81]

Thanks for the explanation.  I certainly understand that sometimes things go wrong - I'm just one of those people who is quite paranoid about security, and when I see notices about a completely different company (google in this case) having something to do with my login credentials, I get quite nervous.

I do like your pool though - been mining with one small rig for a few days to try it out, and I'm quite satisfied so far.  Considering switching all of my hash power over in another week or so..

Enigma

[Inaba]

I'm a big proponent of security as well, which is why I have put these two 2 factor mechanisms in place.  I hope more people will use them.  Between the Yubikey and the Google Auth, there should be no reason for anyone not to use one of the two methods. 

Google Auth has the added advantage of not having to be online to authenticate.  The Google Auth mechanism I elected to use is deterministic, and therefore you can either pre-generate your keys and keep them with you, they are only good once.  There's no call backs to any Google Servers or any notification to Google or anything to do with google beyond using their authenticator app on your mobile device.  Definitely a plus.

[rjk]

Google Auth has the added advantage of not having to be online to authenticate.  The Google Auth mechanism I elected to use is deterministic, and therefore you can either pre-generate your keys and keep them with you, they are only good once.  There's no call backs to any Google Servers or any notification to Google or anything to do with google beyond using their authenticator app on your mobile device.  Definitely a plus.

They do this now? I coulda swore the last time I checked that they only supported time based mechanisms (OATH-TOTP).

[Inaba]

Nope, both TOTP and HOTP... I chose HOTP in this instance.