2-factor authentication for forum login?

[Soros Shorts]

I just realized that many investing, lending and depositing activies currently taking place in the forum rely heavily on the transacting parties' forum identities for authentication. I'm refering to those operations that are mostly PM and message based, without the benefit and support of an external website that has a login. Under these circumstances some forum logins could be as valuable as bank logins to a potential thief.

Would it be feasible to add 2-factor authentication for forum logins? Optional, of course. I was thinking something along the lines of Google Authenticator or B-Y-O-Yubikey. If there were a demand for this it could be made available only to Donators and/or VIPs so the implementation costs could be recovered as more people would donate.

Does this make sense?

[BrightAnarchist]

Generally speaking PGP does the job for me. I aways give my public key and notify my various account holders to only allow me to withdraw upon recieving a signed request.

[chunglam]

I just realized that many investing, lending and depositing activies currently taking place in the forum rely heavily on the transacting parties' forum identities for authentication. I'm refering to those operations that are mostly PM and message based, without the benefit and support of an external website that has a login. Under these circumstances some forum logins could be as valuable as bank logins to a potential thief.

Would it be feasible to add 2-factor authentication for forum logins? Optional, of course. I was thinking something along the lines of Google Authenticator or B-Y-O-Yubikey. If there were a demand for this it could be made available only to Donators and/or VIPs so the implementation costs could be recovered as more people would donate.

Does this make sense?

+1, I vote Google Authenticator.

[BrightAnarchist]

I just realized that many investing, lending and depositing activies currently taking place in the forum rely heavily on the transacting parties' forum identities for authentication. I'm refering to those operations that are mostly PM and message based, without the benefit and support of an external website that has a login. Under these circumstances some forum logins could be as valuable as bank logins to a potential thief.

Would it be feasible to add 2-factor authentication for forum logins? Optional, of course. I was thinking something along the lines of Google Authenticator or B-Y-O-Yubikey. If there were a demand for this it could be made available only to Donators and/or VIPs so the implementation costs could be recovered as more people would donate.

Does this make sense?

+1, I vote Google Authenticator.

I agree provided it's optional.

[Stephen Gornick]

I'm refering to those operations that are mostly PM and message based, without the benefit and support of an external website that has a login. Under these circumstances some forum logins could be as valuable as bank logins to a potential thief.

What you are describing is over the counter trading.  The #bitcoin-otc's Web of Trust (WoT) can be used when negotiating and transacting.  It uses GPG authentication against the IRC bot gribble.   There are more than 2,200 users registered and so far nearly 12,000 ratings have been left, ratings which appear in the history for any -otc user.

 - http://bitcoin-otc.com/trust.php
 - http://wiki.bitcoin-otc.com/wiki/GPG_authentication#Third-party_guides
 - http://bitcoin-otc.com/viewratings.php
 - http://bitcoin-otc.com
 - http://webchat.freenode.net/?channels=#bitcoin-otc-foyer

[grue]

I'm refering to those operations that are mostly PM and message based, without the benefit and support of an external website that has a login. Under these circumstances some forum logins could be as valuable as bank logins to a potential thief.

What you are describing is over the counter trading.  The #bitcoin-otc's Web of Trust (WoT) can be used when negotiating and transacting.  It uses GPG authentication against the IRC bot gribble.   There are more than 2,200 users registered and so far nearly 12,000 ratings have been left, ratings which appear in the history for any -otc user.

 - http://bitcoin-otc.com/trust.php
 - http://wiki.bitcoin-otc.com/wiki/GPG_authentication#Third-party_guides
 - http://bitcoin-otc.com/viewratings.php
 - http://bitcoin-otc.com
 - http://webchat.freenode.net/?channels=#bitcoin-otc-foyer

+1. For large trades, gpg + otc is the de facto authentication system. It's secure, has no dependencies, and allows for signed messages.

[gabbynot]

Another +1 for Google Authenticator

[theymos]

OpenID is a required feature for the new forum software. Then you'll be able to use an OpenID provider that supports two-factor authentication.

[NothinG]

OpenID is a required feature for the new forum software. Then you'll be able to use an OpenID provider that supports two-factor authentication.

Why not just pick something that gets updating often and move to that?
vBulletin is what I would suggestion. Updates are pushed quickly, and many plugins with an active community. Price tag is a tad high, but you get what you pay for.

Let's get away from SMF, PLEASE!

[rjk]

OpenID is cool because I can use certificate authentication with a passphrase.

[Soros Shorts]

OpenID is a required feature for the new forum software. Then you'll be able to use an OpenID provider that supports two-factor authentication.

After reviewing the state of OpenID today, I would agree that it would be the most flexible solution. I didn't think of it first because for many years OpenID was touted primarily as a "single-signon" solution and not a "secure-signon" solution. With the wider selection of providers available today it looks like you can have both of these features. People who don't need or want a single identitity could still maintain multiple OpenIDs.

Looking forward to the new forum software.