master-P (OP)
|
|
November 26, 2014, 01:57:00 AM |
|
Hey, I was wondering if there would be any future plans to implement some sort of 2FA (two factor) authentication for bitcointalk accounts to further prevent hackings and stolen accounts.
I personally try to use the most secure and different passwords on all my accounts and e-mails but 2FA really helps me feel a lot safer, especially if any private or sensitive information is being transmitted. In bitcointalk's case, sensitive info may be transferred via PMs.
What do you guys think? I have seen some other forums implement 2FA (SMS, e-mail, Google auth) and it really gives me a peace of mind.
|
|
|
|
opossum
|
|
November 26, 2014, 02:06:17 AM |
|
Theymos has previously said that it would be too difficult to implement via SMF. I believe there is a multiple BTC bounty to be able to write a code for 2FA and get theymos to implement (meaning it needs to be audit-able and to work well with SMF).
|
▄▄█████████▄▄ ▄█████████████████▄ ▄████▀ ▀████▄ █████ █████▄ ██████████████▄█████████████▄ ████▀▀▀▀▀▀▀█████████▀▀▀▀▀▀▀███▄ ████ ███████ ████ ████ ███████ ████ ████ ███████ ████ ████ ███████ ████ ████▄ ███████ ▄████ ▀████ ███████ ▄████▀ ▀████▄▄▄███████▄▄▄████▀ ▀▀███████████████▀▀
| TIDEX | ║ █ ║ | | ║ █ ║ | |
|
|
|
master-P (OP)
|
|
November 26, 2014, 02:13:33 AM |
|
Theymos has previously said that it would be too difficult to implement via SMF. I believe there is a multiple BTC bounty to be able to write a code for 2FA and get theymos to implement (meaning it needs to be audit-able and to work well with SMF).
I see, that is quite unfortunate Hopefully it will be fulfilled in the near future. Appreciate the insight, buddy!
|
|
|
|
abacus
|
|
November 26, 2014, 03:01:11 AM |
|
Considering it hasn't been mentioned, don't forget that a brand new forum software is currently in development: https://bitcointalk.org/index.php?board=167.0And yes, it will have 2FA. [...] Any plans for implementing some sort of a 2FA in the new forum? (this is especially important for people conducting trades over the forum) Yes, there will be 2FA. [...]
|
|
|
|
twister
|
|
November 26, 2014, 04:37:51 AM |
|
Considering it hasn't been mentioned, don't forget that a brand new forum software is currently in development: https://bitcointalk.org/index.php?board=167.0And yes, it will have 2FA. [...] Any plans for implementing some sort of a 2FA in the new forum? (this is especially important for people conducting trades over the forum) Yes, there will be 2FA. [...] I hope it does, it will increase the security of the accounts but 2fa has its problems as well, sometimes I have so much trouble accessing my blockchain.info wallet because the 2fa message is not received due to whatever reasons.
|
|
|
|
NLNico
Legendary
Offline
Activity: 1876
Merit: 1295
DiceSites.com owner
|
|
November 26, 2014, 04:44:12 AM |
|
I created a " 2FA modification for SMF 1.1.19" some time ago. And was hoping other people could test it before implementing it to bitcointalk: https://bitcointalk.org/index.php?topic=364307.msg7733979#msg7733979Adding the modification to SMF is very easy to do. I personally only still had to try if the " default SMF multiple login tries method" was sufficient against brute-forcing. But perhaps I can do this any time soon so theymos can really use it for the forum. Theymos did reply quickly to me and already gave me some feedback, but he is also hoping the public can audit my code to make sure it's secure.
|
|
|
|
Cøbra
Bitcoin.org domain administrator
Full Member
Offline
Activity: 123
Merit: 474
|
|
November 26, 2014, 11:01:58 PM |
|
From reading the "Fancy Authentication" section of the new forum software requirements document, it could optionally be more than just two factor. There will be alternative authentication types, and we will be given the option to configure which combination of these is required to log in. So you will be able to generate auth-rules like "(PGP AND OpenVPN) OR BTCAddress". I hope Slickage can pull it off. It would make the forum's authentication system one of the most sophisticated on the internet.
|
|
|
|
LOBSTER
|
|
November 27, 2014, 09:51:15 PM |
|
2FA would be great. My former account got hacked due the low account security here...
|
|
|
|
hilariousandco
Global Moderator
Legendary
Offline
Activity: 3976
Merit: 2713
Join the world-leading crypto sportsbook NOW!
|
|
November 27, 2014, 10:31:54 PM |
|
I wonder how many people will actually set-up and use 2-factor when it becomes available? It's surprising how many people don't even bother with the blockchain.info accounts so if they're not that safe with their coins there then they probably won't be with their account here. Oh well, I guess no excuses if/when it does happen this time. 2FA would be great. My former account got hacked due the low account security here...
I agree this forum could do with some security upgrades (which I think are coming), but I think this hacking was more likely down to your low security than anything else.
|
|
|
|
junglist.massive
|
|
November 28, 2014, 01:26:24 AM |
|
make here some kind of blockchain verification
|
|
|
|
funtotry
Sr. Member
Offline
Activity: 420
Merit: 250
Ever wanted to run your own casino? PM me for info
|
|
November 28, 2014, 02:00:12 AM |
|
I wonder how many people will actually set-up and use 2-factor when it becomes available? It's surprising how many people don't even bother with the blockchain.info accounts so if they're not that safe with their coins there then they probably won't be with their account here. Oh well, I guess no excuses if/when it does happen this time. 2FA would be great. My former account got hacked due the low account security here...
I agree this forum could do with some security upgrades (which I think are coming), but I think this hacking was more likely down to your low security than anything else. Well 2FA on blockchain.info really does not protect you very much. It is even possible to contact support and have it removed (I am not 100% sure what the criteria is on removing it). I would say that majority of "hacks" are due to issues at the user level, not the forum level. Users should treat their password the same way they would treat their private keys, as generally speaking once an attacker has either, they will take it and use it to steal their account/bitcoin.
|
|
|
|
LOBSTER
|
|
November 28, 2014, 10:48:11 AM |
|
I wonder how many people will actually set-up and use 2-factor when it becomes available? It's surprising how many people don't even bother with the blockchain.info accounts so if they're not that safe with their coins there then they probably won't be with their account here. Oh well, I guess no excuses if/when it does happen this time. 2FA would be great. My former account got hacked due the low account security here...
I agree this forum could do with some security upgrades (which I think are coming), but I think this hacking was more likely down to your low security than anything else. Hey hilariousandco, You're quite right, I was stupid and my security question wasn't the best (hard to find out, but someone succeeded (my computer wasn't infected)). The main problem is at first, that you need to recover a password with just one security question. A combination of two would be more secure. Also a 2FA would help in every case an account get hacked. For sure, there is malware on Android to steal Google Authenticator codes, but this is a very rarely trouble.
|
|
|
|
nahtnam
Legendary
Offline
Activity: 1092
Merit: 1000
nahtnam.com
|
|
November 29, 2014, 07:56:09 PM |
|
If im not wrong, Stunna has a BTC bounty on this as well.
|
|
|
|
opossum
|
|
November 29, 2014, 09:05:19 PM |
|
I wonder how many people will actually set-up and use 2-factor when it becomes available? It's surprising how many people don't even bother with the blockchain.info accounts so if they're not that safe with their coins there then they probably won't be with their account here. Oh well, I guess no excuses if/when it does happen this time. 2FA would be great. My former account got hacked due the low account security here...
I agree this forum could do with some security upgrades (which I think are coming), but I think this hacking was more likely down to your low security than anything else. Hey hilariousandco, You're quite right, I was stupid and my security question wasn't the best (hard to find out, but someone succeeded (my computer wasn't infected)). The main problem is at first, that you need to recover a password with just one security question. A combination of two would be more secure. Also a 2FA would help in every case an account get hacked. For sure, there is malware on Android to steal Google Authenticator codes, but this is a very rarely trouble. It has been recommended to not any security question at all so an attacker cannot access your account by guessing your answer to the security question. As a result the only way to reset your password would be via email which you can secure (plus an attacker would need to know your specific email address associated with your account which makes hacking accounts on here more difficult).
|
▄▄█████████▄▄ ▄█████████████████▄ ▄████▀ ▀████▄ █████ █████▄ ██████████████▄█████████████▄ ████▀▀▀▀▀▀▀█████████▀▀▀▀▀▀▀███▄ ████ ███████ ████ ████ ███████ ████ ████ ███████ ████ ████ ███████ ████ ████▄ ███████ ▄████ ▀████ ███████ ▄████▀ ▀████▄▄▄███████▄▄▄████▀ ▀▀███████████████▀▀
| TIDEX | ║ █ ║ | | ║ █ ║ | |
|
|
|
LOBSTER
|
|
November 30, 2014, 08:57:36 AM |
|
I wonder how many people will actually set-up and use 2-factor when it becomes available? It's surprising how many people don't even bother with the blockchain.info accounts so if they're not that safe with their coins there then they probably won't be with their account here. Oh well, I guess no excuses if/when it does happen this time. 2FA would be great. My former account got hacked due the low account security here...
I agree this forum could do with some security upgrades (which I think are coming), but I think this hacking was more likely down to your low security than anything else. Hey hilariousandco, You're quite right, I was stupid and my security question wasn't the best (hard to find out, but someone succeeded (my computer wasn't infected)). The main problem is at first, that you need to recover a password with just one security question. A combination of two would be more secure. Also a 2FA would help in every case an account get hacked. For sure, there is malware on Android to steal Google Authenticator codes, but this is a very rarely trouble. It has been recommended to not any security question at all so an attacker cannot access your account by guessing your answer to the security question. As a result the only way to reset your password would be via email which you can secure (plus an attacker would need to know your specific email address associated with your account which makes hacking accounts on here more difficult). Yeah, my mistake was that I thought that the security question is an additional feature. It's too easy with the question only.
|
|
|
|
BitCoinNutJob
Legendary
Offline
Activity: 1316
Merit: 1000
|
|
November 30, 2014, 09:22:27 AM |
|
I wonder how many people will actually set-up and use 2-factor when it becomes available? It's surprising how many people don't even bother with the blockchain.info accounts so if they're not that safe with their coins there then they probably won't be with their account here. Oh well, I guess no excuses if/when it does happen this time.
At least if you have 2FA and people dont use it and get hacked they cant really complain. Most people with decent BCT accounts would use it i guess.
|
|
|
|
Useli Violent
Member
Offline
Activity: 68
Merit: 10
|
|
November 30, 2014, 09:55:17 AM |
|
2FA would be a positive improvement for this forum. I would use it absolutely.
|
|
|
|
BitCoinDream
Legendary
Offline
Activity: 2394
Merit: 1216
The revolution will be digital
|
|
November 30, 2014, 11:52:32 AM |
|
Hey, I was wondering if there would be any future plans to implement some sort of 2FA (two factor) authentication for bitcointalk accounts to further prevent hackings and stolen accounts.
I personally try to use the most secure and different passwords on all my accounts and e-mails but 2FA really helps me feel a lot safer, especially if any private or sensitive information is being transmitted. In bitcointalk's case, sensitive info may be transferred via PMs.
What do you guys think? I have seen some other forums implement 2FA (SMS, e-mail, Google auth) and it really gives me a peace of mind.
SMS probably is NOT a great way for 2FA... Anyone using SMS based 2FA is just begging to have their BTC stolen; hackers can easily social engineer your telecom to forward your number. Source: https://twitter.com/wiz/status/528806600941662209
|
|
|
|
hilariousandco
Global Moderator
Legendary
Offline
Activity: 3976
Merit: 2713
Join the world-leading crypto sportsbook NOW!
|
|
November 30, 2014, 12:15:45 PM |
|
That's an exaggeration. It would only be possible if you're the type of person who puts all their contact and personal details online and are tracebale to you and it still wouldn't be easy then. If you're the type of person that can get 'socially engineered' then you'll probably have your identity stolen or money taken out in your name long before your blockchain wallet is ever stolen.
|
|
|
|
LOBSTER
|
|
November 30, 2014, 01:55:48 PM |
|
I wonder how many people will actually set-up and use 2-factor when it becomes available? It's surprising how many people don't even bother with the blockchain.info accounts so if they're not that safe with their coins there then they probably won't be with their account here. Oh well, I guess no excuses if/when it does happen this time.
At least if you have 2FA and people dont use it and get hacked they cant really complain. Most people with decent BCT accounts would use it i guess. Hehe, throwback to Blockchain.info http://www.reddit.com/r/Bitcoin/comments/2nkias/this_is_a_list_of_rbitcoin_users_who_had_their/
|
|
|
|
|