Bitcoin Forum
September 23, 2018, 05:13:15 PM *
News: ♦♦ New info! Bitcoin Core users absolutely must upgrade to previously-announced 0.16.3 [Torrent]. All Bitcoin users should temporarily trust confirmations slightly less. More info.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 [3]  All
  Print  
Author Topic: Two factor?  (Read 5176 times)
vite
Legendary
*
Offline Offline

Activity: 1023
Merit: 1000


Crypto-Games.net: Multiple coins, multiple games


View Profile
September 26, 2014, 12:28:00 PM
 #41

we should use bitcoin related 2FA

https://github.com/nanotube/supybot-bitcoin-marketmonitor/blob/master/GPG/local/bitcoinsig.py

easy to implement and only requires storing public bitcoin addresses.

theymos hasn't responded here for a few days. We will know after he respond. But I don't whether he will use this instead of Google Authenticator. Is there any other site, which uses this 2FA? AND HOW does this work, if only public Bitcoin address is needed?

  ~~MZ~~

Only the owner of the bitcoin address can sign the message. Giving an extra layer of control for the user and less responsibility for the administrator. Since the administrator does not have to provide and keep private keys for the google authenticator.

message:

I am Vite

signed message:

HBJwP1/CBWs8LkrL/kPLjBN4ktqP7r348eQvN2UpSB3UsUHkW50zm+RbMErVDxfEwX2Y51QMA3Sz+z59dJBG+jE=

bitcoin address;

1BxzA3KCoynGMAmxobcFcUH7GGnqz1Eewe


Now you can use bitcoind, electrum, etc to verify the signature. or the script I linked above.



▄▄▄████████▄▄▄
▄██████████████████▄
▄██████████████████████▄
██████████████████████████
████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
████████████████████████████
██████████████████████████
▀██████████████████████▀
▀██████████████████▀
▀▀▀████████▀▀▀
   ███████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
███████
BTC  ◉PLAY  ◉XMR  ◉DOGE  ◉BCH  ◉STRAT  ◉ETH  ◉GAS  ◉LTC  ◉DASH  ◉PPC
     ▄▄██████████████▄▄
  ▄██████████████████████▄        █████
▄██████████████████████████▄      █████
████ ▄▄▄▄▄ ▄▄▄▄▄▄ ▄▄▄▄▄ ████     ▄██▀
████ █████ ██████ █████ ████    ▄██▀
████ █████ ██████ █████ ████    ██▀
████ █████ ██████ █████ ████    ██
████ ▀▀▀▀▀ ▀▀▀▀▀▀ ▀▀▀▀▀ ████ ▄██████▄
████████████████████████████ ████████
███████▀            ▀███████ ▀██████▀
█████▀                ▀█████
▀██████████████████████████▀
  ▀▀████████████████████▀▀ 
✔️DICE           
✔️BLACKJACK
✔️PLINKO
✔️VIDEO POKER
✔️ROULETTE     
✔️LOTTO
1537722795
Hero Member
*
Offline Offline

Posts: 1537722795

View Profile Personal Message (Offline)

Ignore
1537722795
Reply with quote  #2

1537722795
Report to moderator
1537722795
Hero Member
*
Offline Offline

Posts: 1537722795

View Profile Personal Message (Offline)

Ignore
1537722795
Reply with quote  #2

1537722795
Report to moderator
1537722795
Hero Member
*
Offline Offline

Posts: 1537722795

View Profile Personal Message (Offline)

Ignore
1537722795
Reply with quote  #2

1537722795
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Muhammed Zakir
Hero Member
*****
Offline Offline

Activity: 560
Merit: 504


I prefer Zakir over Muhammed when mentioning me!


View Profile WWW
September 26, 2014, 12:33:59 PM
 #42

we should use bitcoin related 2FA

https://github.com/nanotube/supybot-bitcoin-marketmonitor/blob/master/GPG/local/bitcoinsig.py

easy to implement and only requires storing public bitcoin addresses.

theymos hasn't responded here for a few days. We will know after he respond. But I don't whether he will use this instead of Google Authenticator. Is there any other site, which uses this 2FA? AND HOW does this work, if only public Bitcoin address is needed?

  ~~MZ~~

Only the owner of the bitcoin address can sign the message. Giving an extra layer of control for the user and less responsibility for the administrator. Since the administrator does not have to provide and keep private keys for the google authenticator.

message:

I am Vite

signed message:

HBJwP1/CBWs8LkrL/kPLjBN4ktqP7r348eQvN2UpSB3UsUHkW50zm+RbMErVDxfEwX2Y51QMA3Sz+z59dJBG+jE=

bitcoin address;

1BxzA3KCoynGMAmxobcFcUH7GGnqz1Eewe


Now you can use bitcoind, electrum, etc to verify the signature. or the script I linked above.



That would be great! So if it is implementing, I would suggest a bot to prevent re-use of same signature again because if we have posted a message in BT, then the user can bypass this 2FA by copy-pasting the signature. Roll Eyes

  ~~MZ~~

vite
Legendary
*
Offline Offline

Activity: 1023
Merit: 1000


Crypto-Games.net: Multiple coins, multiple games


View Profile
September 26, 2014, 12:48:07 PM
 #43

we should use bitcoin related 2FA

https://github.com/nanotube/supybot-bitcoin-marketmonitor/blob/master/GPG/local/bitcoinsig.py

easy to implement and only requires storing public bitcoin addresses.

theymos hasn't responded here for a few days. We will know after he respond. But I don't whether he will use this instead of Google Authenticator. Is there any other site, which uses this 2FA? AND HOW does this work, if only public Bitcoin address is needed?

  ~~MZ~~

Only the owner of the bitcoin address can sign the message. Giving an extra layer of control for the user and less responsibility for the administrator. Since the administrator does not have to provide and keep private keys for the google authenticator.

message:

I am Vite

signed message:

HBJwP1/CBWs8LkrL/kPLjBN4ktqP7r348eQvN2UpSB3UsUHkW50zm+RbMErVDxfEwX2Y51QMA3Sz+z59dJBG+jE=

bitcoin address;

1BxzA3KCoynGMAmxobcFcUH7GGnqz1Eewe


Now you can use bitcoind, electrum, etc to verify the signature. or the script I linked above.



That would be great! So if it is implementing, I would suggest a bot to prevent re-use of same signature again because if we have posted a message in BT, then the user can bypass this 2FA by copy-pasting the signature. Roll Eyes

  ~~MZ~~

Actually you need a random phrase generator that changes on every login. So no copy pasting can work.


▄▄▄████████▄▄▄
▄██████████████████▄
▄██████████████████████▄
██████████████████████████
████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
████████████████████████████
██████████████████████████
▀██████████████████████▀
▀██████████████████▀
▀▀▀████████▀▀▀
   ███████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
███████
BTC  ◉PLAY  ◉XMR  ◉DOGE  ◉BCH  ◉STRAT  ◉ETH  ◉GAS  ◉LTC  ◉DASH  ◉PPC
     ▄▄██████████████▄▄
  ▄██████████████████████▄        █████
▄██████████████████████████▄      █████
████ ▄▄▄▄▄ ▄▄▄▄▄▄ ▄▄▄▄▄ ████     ▄██▀
████ █████ ██████ █████ ████    ▄██▀
████ █████ ██████ █████ ████    ██▀
████ █████ ██████ █████ ████    ██
████ ▀▀▀▀▀ ▀▀▀▀▀▀ ▀▀▀▀▀ ████ ▄██████▄
████████████████████████████ ████████
███████▀            ▀███████ ▀██████▀
█████▀                ▀█████
▀██████████████████████████▀
  ▀▀████████████████████▀▀ 
✔️DICE           
✔️BLACKJACK
✔️PLINKO
✔️VIDEO POKER
✔️ROULETTE     
✔️LOTTO
goozman96
Hero Member
*****
Offline Offline

Activity: 714
Merit: 500



View Profile
September 27, 2014, 02:14:32 AM
 #44

This is a great idea. It's much better to use something bitcoin related for 2FA versus relying on Google. Hopefully theymos considers this.

BTC: 19DKtsdGfQyFzNiEze9KuFQrWGiLDvg6F1 | LTC: LbV6UGyjYbVP49NvQFmuAnkADcaFYvNagK | NMC: NDCdMJmTmGH54Cezmo3CwSxAC7grAoZJbj
Parazyd
Hero Member
*****
Offline Offline

Activity: 602
Merit: 500


Space Lord


View Profile WWW
December 29, 2014, 03:44:56 PM
 #45

Another vote for Bitcoin 2FA.

Maybe placing an option in your profile that lets you use different 2FA types (Google, sign with BTC address, etc.).

/edit

Nevermind, found it in the forum design feature list:
Fancy Authentication

In addition to normal password authentication, the forum should support various kinds of of alternative authentication. At least password auth, email verification, secret questions, OpenID, PGP, OpenVPN (automatic creation of subnets + IP source verification), and Bitcoin address signing should be supported, with multiple allowable credentials for each auth type. Users should have the option of requiring any combination of these auth types. Like "pgp OR (password AND OpenID)". And users should be able to require that changes to some or all auth types as well as the required combination of types not take effect for some configurable number of days. This allows for different types of recovery methods.

Also, it should be possible to limit the access for each auth type. So one type might be able to only read, but not post, etc. If the Web interface uses the same API that is exposed publicly, then these permissions can be in the form of allowed API commands.

It might be nice to make this functionality into a self-contained library that other sites can use.
Pages: « 1 2 [3]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!