DrHaribo (OP)
Legendary
Offline
Activity: 2730
Merit: 1034
Needs more jiggawatts
|
|
December 21, 2014, 01:06:13 PM |
|
As someone who runs a pool, and has done a damn good job doing so, which do you prefer?
Thank you As a user I find OpenID very quick and convenient. As someone running a website, OpenID for the most part works fine. I don't need to store password hashes. I also don't have to deal with lost password issues, but on the other hand of course there are people who got banned from Google or otherwise lost access to their OpenID account who need help. Over the 3.5 years there have been some negative experiences: Some people write me angry notes saying I am trying to force them to register at Google and Yahoo to help the NSA and big corporations spy on them. myopenid.net shut down with 6 months notice. Most people switched in time and it wasn't so bad. Only about 5 people didn't, and needed help to recover access to their Bitminter account. A korean OpenID identity provider whose name I forget suddenly shut down (without notice as far as I know). Their entire website was replaced by a single page with text in korean saying something like "thanks for the good times. we shut down now. goodbye." If I recall correctly the text was an image too, so it was more difficult to get it translated with Google translate. Blogger/blogspot has always been very unreliable. Their OpenID server is down half the time. There is no customer support available in any fashion. I didn't want to remove them from the login page because some users are using them and it will make it more difficult for them to log in without the blogspot button. Instead I put a warning not to use blogger/blogspot. A few sites use OpenID implementations that apparently don't work well with the one I use, so you can't log in using those sites. Yahoo OpenID was unstable for a while, maybe an hour of downtime per week. Then they crashed hard and their OpenID server was down for 3-4 days. I believe Yahoo mail was down at the same time. This came as a surprise as I had not expected Yahoo to be this unstable and take that long to fix their broken servers. Probably close to 1000 active Bitminter users were locked out of their accounts because of this. Too many to do manual account recovery for them all. I started working on an automated process, but then Yahoo finally got their act together and fixed the problem. Some users blamed me and left the pool. While it is not my fault that Yahoo is unreliable, it is my fault that I chose to rely on external services. The latest problem now is that Google will not just be implementing the new OpenID Connect. They will also shut down the old OpenID 2.0 servers. So now all websites have to change their software if they want to keep Google logins. OpenID Connect is the new version of OpenID.
|
|
|
|
|
|
Be very wary of relying on JavaScript for security on crypto sites. The site can change the JavaScript at any time unless you take unusual precautions, and browsers are not generally known for their airtight security.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
Newar
Legendary
Offline
Activity: 1358
Merit: 1000
https://gliph.me/hUF
|
|
December 21, 2014, 01:37:48 PM |
|
I had forgotten about this. It looks very interesting and much more secure than other 2FA solutions. But are there mobile apps implementing this? Are any sites using it? Are people willing to scan a QR code every time they need to log in? [...] Yes, that'd be great! Android app: https://play.google.com/store/apps/details?id=net.vrallev.android.sqrl
|
|
|
|
Sumerian
|
|
December 21, 2014, 01:40:41 PM |
|
I'd personally use Google auth if possible (and passwords with capital and numbers).
|
|
|
|
crodaddie
Newbie
Offline
Activity: 4
Merit: 0
|
|
December 22, 2014, 06:10:16 PM |
|
Name and Password
|
|
|
|
NeuroticFish
Legendary
Offline
Activity: 3668
Merit: 6379
Looking for campaign manager? Contact icopress!
|
|
December 22, 2014, 06:24:04 PM |
|
User + Password + 2FA, and the site should have "remember this user+password" so I will actually type only the 2FA.
|
. .HUGE. | | | | | | █▀▀▀▀ █ █ █ █ █ █ █ █ █ █ █ █▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ . CASINO & SPORTSBOOK ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█ █ █ █ █ █ █ █ █ █ █ █ ▄▄▄▄█ | | |
|
|
|
spineshank624
Newbie
Offline
Activity: 5
Merit: 0
|
|
December 29, 2014, 06:27:44 AM |
|
Name and password + second factor (Google auth, Yubikey, etc) I like authy but that's a personal pref. I like having the second security layer.
|
|
|
|
germanuniv
Newbie
Offline
Activity: 11
Merit: 0
|
|
January 01, 2015, 07:48:50 AM |
|
Name and password
|
|
|
|
sgk
Legendary
Offline
Activity: 1470
Merit: 1002
!! HODL !!
|
|
January 01, 2015, 08:32:58 AM |
|
How would you prefer to log in at your mining pool's website?
Please take part in the poll above.
I prefer to use BTC payment address as username. Site should be publicly open. Security can't get better than this. There's no password to hack - you mine on your BTC address, period. And the side benefit is, you don't have to create accounts on numerous pools, remember them all and also worry about getting one of them hacked.
|
|
|
|
loshia
Legendary
Offline
Activity: 1610
Merit: 1000
|
|
January 03, 2015, 09:12:33 AM |
|
OpenID
|
|
|
|
Reynaldo
Legendary
Offline
Activity: 1143
Merit: 1000
|
|
January 06, 2015, 12:36:05 AM |
|
I would really like to use google authenticator, dont know why it was not implemented already..
|
|
|
|
DonQuijote
Legendary
Offline
Activity: 1551
Merit: 1002
♠ ♥ ♣ ♦ < ♛♚&#
|
|
January 06, 2015, 12:38:11 AM |
|
Voted! Name and password + second factor (Google auth, Yubikey, etc)
|
THE INGENIOUS GENTLEMAN DON QUIXOTE OF LA MANCHA
|
|
|
Flashman
|
|
January 06, 2015, 02:06:51 AM |
|
Yahoo OpenID was unstable for a while, maybe an hour of downtime per week. Then they crashed hard and their OpenID server was down for 3-4 days. I believe Yahoo mail was down at the same time. This came as a surprise as I had not expected Yahoo to be this unstable and take that long to fix their broken servers. Yes, yahoo started to deteriorate all over in the first half of last year, I thought they were circling the drain, but all of a sudden, things started working right again. I maybe only get 1 in 3 mails sent to my old yahoo mail accounts though.
|
TL;DR See Spot run. Run Spot run. .... .... Freelance interweb comedian, for teh lulz >>> 1MqAAR4XkJWfDt367hVTv5SstPZ54Fwse6
Bitcoin Custodian: Keeping BTC away from weak heads since Feb '13, adopter of homeless bitcoins.
|
|
|
Ososober
Newbie
Offline
Activity: 68
Merit: 0
|
|
January 16, 2015, 03:14:02 PM |
|
user name and password, with 2fa (or email confirmation) for critical events, such as change email, change address, manual withdrawals and change of perks/donations
|
|
|
|
organofcorti
Donator
Legendary
Offline
Activity: 2058
Merit: 1007
Poor impulse control.
|
|
January 19, 2015, 12:55:50 PM |
|
I like 2fa, but only of the yubikey type. I really don't want to use Google authenticator.
|
|
|
|
Flashman
|
|
January 19, 2015, 05:51:53 PM |
|
If it raises your hackles to use "google" anything, see alternative implementations of authenticator in this version of the wiki article (current, but some wikidiot keeps removing the 3rd party stuff periodically) http://en.wikipedia.org/w/index.php?title=Google_Authenticator&oldid=643155923Links are provided in the cite notes/references.
|
TL;DR See Spot run. Run Spot run. .... .... Freelance interweb comedian, for teh lulz >>> 1MqAAR4XkJWfDt367hVTv5SstPZ54Fwse6
Bitcoin Custodian: Keeping BTC away from weak heads since Feb '13, adopter of homeless bitcoins.
|
|
|
organofcorti
Donator
Legendary
Offline
Activity: 2058
Merit: 1007
Poor impulse control.
|
|
January 19, 2015, 08:37:22 PM |
|
No, I'm fine with Google products generally, just not authenticator. Much prefer to use a Yubikey.
|
|
|
|
Crypto9er
Member
Offline
Activity: 60
Merit: 10
|
|
January 19, 2015, 08:54:55 PM |
|
IMO best option would be "No login (user name is payout address, entire website is public)". Why would a user need to login if there is no need to withdraw manually?. Just set an automatic payment (similar to Eligius) and make all stats public.
|
|
|
|
Flashman
|
|
January 19, 2015, 09:39:03 PM |
|
That's a great solution if you've got a reasonable amount of power, but for some of us, payments would be a bit dusty.
|
TL;DR See Spot run. Run Spot run. .... .... Freelance interweb comedian, for teh lulz >>> 1MqAAR4XkJWfDt367hVTv5SstPZ54Fwse6
Bitcoin Custodian: Keeping BTC away from weak heads since Feb '13, adopter of homeless bitcoins.
|
|
|
Gh0stHack3r
Newbie
Offline
Activity: 1
Merit: 0
|
|
February 23, 2015, 10:45:53 PM |
|
No complex centralized login needed (username/password as payout address, is a nice safe decentralized solution) don't think the entire website need to be public cause of that) - that got my 2 cents, all day long.
Why use centralized controls when you don´t need to? and for all who don't like to use centralized US tracking services it would be nice to at least have this option ..
Keep up the good work fellow Northman.
PS: don't eat to much Haribo... not all dentists take BTC :-)
|
|
|
|
trendax
|
|
February 24, 2015, 10:18:21 AM |
|
Can't believe FB is listed as an option.....that's a joke right? I couldn't agree more. Personally I like an aesthetically pleasing and practical interface therefore wallet address systems are out, login or public platforms. Everyone knows how to create a username and password so why change something that works. Add a little 2FA for security and your set. Name and password + second factor all the way, typically with Google Auth or SMS.
|
|
|
|
|