Two-Factor Authentication for BitcoinTalk

[BitCoinDream]

I wonder how many people will actually set-up and use 2-factor when it becomes available? It's surprising how many people don't even bother with the blockchain.info accounts so if they're not that safe with their coins there then they probably won't be with their account here. Oh well, I guess no excuses if/when it does happen this time.

At least if you have 2FA and people dont use it and get hacked they cant really complain.  Most people with decent BCT accounts would use it i guess.

Hehe, throwback to Blockchain.info

http://www.reddit.com/r/Bitcoin/comments/2nkias/this_is_a_list_of_rbitcoin_users_who_had_their/

Incidents mentioned in this case might be the case of address collision, which has nothing to do with 2FA. We all know that, though the chance is very very low, some bot nets are running address generator to find random luck.

[1715235148]

1715235148

[1715235148]

1715235148

[1715235148]

1715235148

[1715235148]

1715235148

[1715235148]

1715235148

[1715235148]

1715235148

[ikydesu]

This is good idea. Because this forum have low security.

I created a "2FA modification for SMF 1.1.19" some time ago. And was hoping other people could test it before implementing it to bitcointalk:

https://bitcointalk.org/index.php?topic=364307.msg7733979#msg7733979

Adding the modification to SMF is very easy to do.

I personally only still had to try if the "default SMF multiple login tries method" was sufficient against brute-forcing. But perhaps I can do this any time soon so theymos can really use it for the forum. Theymos did reply quickly to me and already gave me some feedback, but he is also hoping the public can audit my code to make sure it's secure.

This software goes well?

[Dragooon]

I'm in middle of implementing 2FA using Google Authenticator or similar TOTP for SMF 2.1 and it wasn't hard, even if you want to implement it on SMF 1.1 which is what's running here, it shouldn't take long.

[CCW]

the question is why would we need this security on the forum? Many guys would like to check some news immediately instead of digging out the cellphone for the code. I think its an overhead that would block the flow of communication.

In the other view of course we would like to put everything into a safe to make us fell save.

[NLNico]

It would be optional. Some are trading many coins here so some extra security wouldn't be too bad for them.

[Minnlo]

the question is why would we need this security on the forum? Many guys would like to check some news immediately instead of digging out the cellphone for the code. I think its an overhead that would block the flow of communication.

In the other view of course we would like to put everything into a safe to make us fell save.

Because an old bitcointalk account has considerably high value now, and those trusted accounts could be used to scam a considerably amount of money if it has been hacked.

If you just want to check the news, you probably don't need to log in.

[hilariousandco]

the question is why would we need this security on the forum? Many guys would like to check some news immediately instead of digging out the cellphone for the code. I think its an overhead that would block the flow of communication.

In the other view of course we would like to put everything into a safe to make us fell save.

It's needed because people keep getting their account hacked and this doubly protects them. It would only be needed everytime you log in as well so hardly a disruption. I doubt you will be forced to use it either if you so wish, but if your account gets hacked and you haven't implemented it it will be your own fault. 2-factor will likely take less than a minute to actually input but I think the small delay will be worth your account being secure or at least having an additional layer of protection.

[LOBSTER]

I wonder how many people will actually set-up and use 2-factor when it becomes available? It's surprising how many people don't even bother with the blockchain.info accounts so if they're not that safe with their coins there then they probably won't be with their account here. Oh well, I guess no excuses if/when it does happen this time.

At least if you have 2FA and people dont use it and get hacked they cant really complain.  Most people with decent BCT accounts would use it i guess.

Hehe, throwback to Blockchain.info

http://www.reddit.com/r/Bitcoin/comments/2nkias/this_is_a_list_of_rbitcoin_users_who_had_their/

Incidents mentioned in this case might be the case of address collision, which has nothing to do with 2FA. We all know that, though the chance is very very low, some bot nets are running address generator to find random luck.

Just sayin'. It was related to the post I quoted...that people with large amounts can't complain when using an online wallet.