Bitcoin Forum
December 03, 2016, 03:44:29 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: 2-factor authentication for forum login?  (Read 1349 times)
Soros Shorts
Donator
Legendary
*
Offline Offline

Activity: 1455



View Profile
July 07, 2012, 12:36:01 AM
 #1

I just realized that many investing, lending and depositing activies currently taking place in the forum rely heavily on the transacting parties' forum identities for authentication. I'm refering to those operations that are mostly PM and message based, without the benefit and support of an external website that has a login. Under these circumstances some forum logins could be as valuable as bank logins to a potential thief.

Would it be feasible to add 2-factor authentication for forum logins? Optional, of course. I was thinking something along the lines of Google Authenticator or B-Y-O-Yubikey. If there were a demand for this it could be made available only to Donators and/or VIPs so the implementation costs could be recovered as more people would donate.

Does this make sense?
1480779869
Hero Member
*
Offline Offline

Posts: 1480779869

View Profile Personal Message (Offline)

Ignore
1480779869
Reply with quote  #2

1480779869
Report to moderator
The Bitcoin network protocol was designed to be extremely flexible. It can be used to create timed transactions, escrow transactions, multi-signature transactions, etc. The current features of the client only hint at what will be possible in the future.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
BrightAnarchist
Donator
Legendary
*
Offline Offline

Activity: 853



View Profile
July 07, 2012, 12:41:10 AM
 #2

Generally speaking PGP does the job for me. I aways give my public key and notify my various account holders to only allow me to withdraw upon recieving a signed request.
chunglam
Donator
Full Member
*
Offline Offline

Activity: 221



View Profile
July 07, 2012, 12:47:42 AM
 #3

I just realized that many investing, lending and depositing activies currently taking place in the forum rely heavily on the transacting parties' forum identities for authentication. I'm refering to those operations that are mostly PM and message based, without the benefit and support of an external website that has a login. Under these circumstances some forum logins could be as valuable as bank logins to a potential thief.

Would it be feasible to add 2-factor authentication for forum logins? Optional, of course. I was thinking something along the lines of Google Authenticator or B-Y-O-Yubikey. If there were a demand for this it could be made available only to Donators and/or VIPs so the implementation costs could be recovered as more people would donate.

Does this make sense?

+1, I vote Google Authenticator.
BrightAnarchist
Donator
Legendary
*
Offline Offline

Activity: 853



View Profile
July 07, 2012, 12:49:38 AM
 #4

I just realized that many investing, lending and depositing activies currently taking place in the forum rely heavily on the transacting parties' forum identities for authentication. I'm refering to those operations that are mostly PM and message based, without the benefit and support of an external website that has a login. Under these circumstances some forum logins could be as valuable as bank logins to a potential thief.

Would it be feasible to add 2-factor authentication for forum logins? Optional, of course. I was thinking something along the lines of Google Authenticator or B-Y-O-Yubikey. If there were a demand for this it could be made available only to Donators and/or VIPs so the implementation costs could be recovered as more people would donate.

Does this make sense?

+1, I vote Google Authenticator.

I agree provided it's optional.
Stephen Gornick
Legendary
*
Offline Offline

Activity: 1988



View Profile
July 07, 2012, 01:29:36 AM
 #5

I'm refering to those operations that are mostly PM and message based, without the benefit and support of an external website that has a login. Under these circumstances some forum logins could be as valuable as bank logins to a potential thief.

What you are describing is over the counter trading.  The #bitcoin-otc's Web of Trust (WoT) can be used when negotiating and transacting.  It uses GPG authentication against the IRC bot gribble.   There are more than 2,200 users registered and so far nearly 12,000 ratings have been left, ratings which appear in the history for any -otc user.

 - http://bitcoin-otc.com/trust.php
 - http://wiki.bitcoin-otc.com/wiki/GPG_authentication#Third-party_guides
 - http://bitcoin-otc.com/viewratings.php
 - http://bitcoin-otc.com
 - http://webchat.freenode.net/?channels=#bitcoin-otc-foyer

grue
Global Moderator
Legendary
*
Offline Offline

Activity: 1932



View Profile
July 07, 2012, 01:44:46 AM
 #6

I'm refering to those operations that are mostly PM and message based, without the benefit and support of an external website that has a login. Under these circumstances some forum logins could be as valuable as bank logins to a potential thief.

What you are describing is over the counter trading.  The #bitcoin-otc's Web of Trust (WoT) can be used when negotiating and transacting.  It uses GPG authentication against the IRC bot gribble.   There are more than 2,200 users registered and so far nearly 12,000 ratings have been left, ratings which appear in the history for any -otc user.

 - http://bitcoin-otc.com/trust.php
 - http://wiki.bitcoin-otc.com/wiki/GPG_authentication#Third-party_guides
 - http://bitcoin-otc.com/viewratings.php
 - http://bitcoin-otc.com
 - http://webchat.freenode.net/?channels=#bitcoin-otc-foyer

+1. For large trades, gpg + otc is the de facto authentication system. It's secure, has no dependencies, and allows for signed messages.

It is pitch black. You are likely to be eaten by a grue.

Tired of annoying signature ads? Ad block for signatures
gweedo
Legendary
*
Offline Offline

Activity: 1246


Java, PHP, HTML/CSS Programmer for Hire!


View Profile WWW
July 07, 2012, 01:58:07 AM
 #7

+1. For large trades, gpg + otc is the de facto authentication system. It's secure, has no dependencies, and allows for signed messages.

Just for clarification, the Google Authenticator has no dependencies, it is all time based math

Want to earn 2500 SATOSHIS per hour? Come Chat and Chill in https://goseemybits.com/lobby
officialsavage
Full Member
***
Offline Offline

Activity: 154



View Profile
July 07, 2012, 02:01:40 AM
 #8

+1 Google Authenticator
gabbynot
Sr. Member
****
Offline Offline

Activity: 338


View Profile
July 07, 2012, 02:29:25 AM
 #9

Another +1 for Google Authenticator
theymos
Administrator
Legendary
*
Offline Offline

Activity: 2492


View Profile
July 07, 2012, 03:00:03 AM
 #10

OpenID is a required feature for the new forum software. Then you'll be able to use an OpenID provider that supports two-factor authentication.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
NothinG
Hero Member
*****
Offline Offline

Activity: 560



View Profile
July 07, 2012, 03:14:54 AM
 #11

OpenID is a required feature for the new forum software. Then you'll be able to use an OpenID provider that supports two-factor authentication.
Why not just pick something that gets updating often and move to that?
vBulletin is what I would suggestion. Updates are pushed quickly, and many plugins with an active community. Price tag is a tad high, but you get what you pay for.

Let's get away from SMF, PLEASE!

rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
July 07, 2012, 05:48:44 AM
 #12

OpenID is cool because I can use certificate authentication with a passphrase.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
officialsavage
Full Member
***
Offline Offline

Activity: 154



View Profile
July 07, 2012, 12:45:36 PM
 #13

OpenID is a required feature for the new forum software. Then you'll be able to use an OpenID provider that supports two-factor authentication.

How close are we to implementing a new forum software?
Soros Shorts
Donator
Legendary
*
Offline Offline

Activity: 1455



View Profile
July 07, 2012, 01:46:27 PM
 #14

OpenID is a required feature for the new forum software. Then you'll be able to use an OpenID provider that supports two-factor authentication.
After reviewing the state of OpenID today, I would agree that it would be the most flexible solution. I didn't think of it first because for many years OpenID was touted primarily as a "single-signon" solution and not a "secure-signon" solution. With the wider selection of providers available today it looks like you can have both of these features. People who don't need or want a single identitity could still maintain multiple OpenIDs.

Looking forward to the new forum software.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!