Bitcoin Forum
February 21, 2024, 01:28:35 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: 2-factor authentication for forum login?  (Read 1519 times)
Soros Shorts (OP)
Donator
Legendary
*
Offline Offline

Activity: 1616
Merit: 1003



View Profile
July 07, 2012, 12:36:01 AM
 #1

I just realized that many investing, lending and depositing activies currently taking place in the forum rely heavily on the transacting parties' forum identities for authentication. I'm refering to those operations that are mostly PM and message based, without the benefit and support of an external website that has a login. Under these circumstances some forum logins could be as valuable as bank logins to a potential thief.

Would it be feasible to add 2-factor authentication for forum logins? Optional, of course. I was thinking something along the lines of Google Authenticator or B-Y-O-Yubikey. If there were a demand for this it could be made available only to Donators and/or VIPs so the implementation costs could be recovered as more people would donate.

Does this make sense?
1708478915
Hero Member
*
Offline Offline

Posts: 1708478915

View Profile Personal Message (Offline)

Ignore
1708478915
Reply with quote  #2

1708478915
Report to moderator
Remember that Bitcoin is still beta software. Don't put all of your money into BTC!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1708478915
Hero Member
*
Offline Offline

Posts: 1708478915

View Profile Personal Message (Offline)

Ignore
1708478915
Reply with quote  #2

1708478915
Report to moderator
1708478915
Hero Member
*
Offline Offline

Posts: 1708478915

View Profile Personal Message (Offline)

Ignore
1708478915
Reply with quote  #2

1708478915
Report to moderator
1708478915
Hero Member
*
Offline Offline

Posts: 1708478915

View Profile Personal Message (Offline)

Ignore
1708478915
Reply with quote  #2

1708478915
Report to moderator
BrightAnarchist
Donator
Legendary
*
Offline Offline

Activity: 853
Merit: 1000



View Profile
July 07, 2012, 12:41:10 AM
 #2

Generally speaking PGP does the job for me. I aways give my public key and notify my various account holders to only allow me to withdraw upon recieving a signed request.
chunglam
Donator
Full Member
*
Offline Offline

Activity: 229
Merit: 106



View Profile
July 07, 2012, 12:47:42 AM
 #3

I just realized that many investing, lending and depositing activies currently taking place in the forum rely heavily on the transacting parties' forum identities for authentication. I'm refering to those operations that are mostly PM and message based, without the benefit and support of an external website that has a login. Under these circumstances some forum logins could be as valuable as bank logins to a potential thief.

Would it be feasible to add 2-factor authentication for forum logins? Optional, of course. I was thinking something along the lines of Google Authenticator or B-Y-O-Yubikey. If there were a demand for this it could be made available only to Donators and/or VIPs so the implementation costs could be recovered as more people would donate.

Does this make sense?

+1, I vote Google Authenticator.
BrightAnarchist
Donator
Legendary
*
Offline Offline

Activity: 853
Merit: 1000



View Profile
July 07, 2012, 12:49:38 AM
 #4

I just realized that many investing, lending and depositing activies currently taking place in the forum rely heavily on the transacting parties' forum identities for authentication. I'm refering to those operations that are mostly PM and message based, without the benefit and support of an external website that has a login. Under these circumstances some forum logins could be as valuable as bank logins to a potential thief.

Would it be feasible to add 2-factor authentication for forum logins? Optional, of course. I was thinking something along the lines of Google Authenticator or B-Y-O-Yubikey. If there were a demand for this it could be made available only to Donators and/or VIPs so the implementation costs could be recovered as more people would donate.

Does this make sense?

+1, I vote Google Authenticator.

I agree provided it's optional.
Stephen Gornick
Legendary
*
Offline Offline

Activity: 2506
Merit: 1010


View Profile
July 07, 2012, 01:29:36 AM
 #5

I'm refering to those operations that are mostly PM and message based, without the benefit and support of an external website that has a login. Under these circumstances some forum logins could be as valuable as bank logins to a potential thief.

What you are describing is over the counter trading.  The #bitcoin-otc's Web of Trust (WoT) can be used when negotiating and transacting.  It uses GPG authentication against the IRC bot gribble.   There are more than 2,200 users registered and so far nearly 12,000 ratings have been left, ratings which appear in the history for any -otc user.

 - http://bitcoin-otc.com/trust.php
 - http://wiki.bitcoin-otc.com/wiki/GPG_authentication#Third-party_guides
 - http://bitcoin-otc.com/viewratings.php
 - http://bitcoin-otc.com
 - http://webchat.freenode.net/?channels=#bitcoin-otc-foyer

Unichange.me

            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █


grue
Legendary
*
Offline Offline

Activity: 2058
Merit: 1431



View Profile
July 07, 2012, 01:44:46 AM
 #6

I'm refering to those operations that are mostly PM and message based, without the benefit and support of an external website that has a login. Under these circumstances some forum logins could be as valuable as bank logins to a potential thief.

What you are describing is over the counter trading.  The #bitcoin-otc's Web of Trust (WoT) can be used when negotiating and transacting.  It uses GPG authentication against the IRC bot gribble.   There are more than 2,200 users registered and so far nearly 12,000 ratings have been left, ratings which appear in the history for any -otc user.

 - http://bitcoin-otc.com/trust.php
 - http://wiki.bitcoin-otc.com/wiki/GPG_authentication#Third-party_guides
 - http://bitcoin-otc.com/viewratings.php
 - http://bitcoin-otc.com
 - http://webchat.freenode.net/?channels=#bitcoin-otc-foyer

+1. For large trades, gpg + otc is the de facto authentication system. It's secure, has no dependencies, and allows for signed messages.

It is pitch black. You are likely to be eaten by a grue.

Adblock for annoying signature ads | Enhanced Merit UI
gabbynot
Sr. Member
****
Offline Offline

Activity: 341
Merit: 250


View Profile
July 07, 2012, 02:29:25 AM
 #7

Another +1 for Google Authenticator
theymos
Administrator
Legendary
*
Offline Offline

Activity: 5110
Merit: 12465


View Profile
July 07, 2012, 03:00:03 AM
 #8

OpenID is a required feature for the new forum software. Then you'll be able to use an OpenID provider that supports two-factor authentication.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
NothinG
Hero Member
*****
Offline Offline

Activity: 560
Merit: 500



View Profile
July 07, 2012, 03:14:54 AM
 #9

OpenID is a required feature for the new forum software. Then you'll be able to use an OpenID provider that supports two-factor authentication.
Why not just pick something that gets updating often and move to that?
vBulletin is what I would suggestion. Updates are pushed quickly, and many plugins with an active community. Price tag is a tad high, but you get what you pay for.

Let's get away from SMF, PLEASE!

rjk
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250


1ngldh


View Profile
July 07, 2012, 05:48:44 AM
 #10

OpenID is cool because I can use certificate authentication with a passphrase.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
Soros Shorts (OP)
Donator
Legendary
*
Offline Offline

Activity: 1616
Merit: 1003



View Profile
July 07, 2012, 01:46:27 PM
 #11

OpenID is a required feature for the new forum software. Then you'll be able to use an OpenID provider that supports two-factor authentication.
After reviewing the state of OpenID today, I would agree that it would be the most flexible solution. I didn't think of it first because for many years OpenID was touted primarily as a "single-signon" solution and not a "secure-signon" solution. With the wider selection of providers available today it looks like you can have both of these features. People who don't need or want a single identitity could still maintain multiple OpenIDs.

Looking forward to the new forum software.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!