Soros Shorts (OP)
Donator
Legendary
 Offline
Activity: 1616
Merit: 1003
|
 |
July 07, 2012, 12:36:01 AM |
|
I just realized that many investing, lending and depositing activies currently taking place in the forum rely heavily on the transacting parties' forum identities for authentication. I'm refering to those operations that are mostly PM and message based, without the benefit and support of an external website that has a login. Under these circumstances some forum logins could be as valuable as bank logins to a potential thief.
Would it be feasible to add 2-factor authentication for forum logins? Optional, of course. I was thinking something along the lines of Google Authenticator or B-Y-O-Yubikey. If there were a demand for this it could be made available only to Donators and/or VIPs so the implementation costs could be recovered as more people would donate.
Does this make sense?
|
|
|
|
|
|
|
|
|
|
|
|
The forum strives to allow free discussion of any ideas. All policies are built around this principle. This doesn't mean you can post garbage, though: posts should actually contain ideas, and these ideas should be argued reasonably.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
BrightAnarchist
Donator
Legendary
Offline
Activity: 853
Merit: 1000
|
 |
July 07, 2012, 12:41:10 AM |
|
Generally speaking PGP does the job for me. I aways give my public key and notify my various account holders to only allow me to withdraw upon recieving a signed request.
|
|
|
|
|
chunglam
Donator
Full Member
Offline
Activity: 229
Merit: 106
|
|
July 07, 2012, 12:47:42 AM |
|
I just realized that many investing, lending and depositing activies currently taking place in the forum rely heavily on the transacting parties' forum identities for authentication. I'm refering to those operations that are mostly PM and message based, without the benefit and support of an external website that has a login. Under these circumstances some forum logins could be as valuable as bank logins to a potential thief.
Would it be feasible to add 2-factor authentication for forum logins? Optional, of course. I was thinking something along the lines of Google Authenticator or B-Y-O-Yubikey. If there were a demand for this it could be made available only to Donators and/or VIPs so the implementation costs could be recovered as more people would donate.
Does this make sense?
+1, I vote Google Authenticator. |
|
|
|
|
BrightAnarchist
Donator
Legendary
Offline
Activity: 853
Merit: 1000
|
|
July 07, 2012, 12:49:38 AM |
|
I just realized that many investing, lending and depositing activies currently taking place in the forum rely heavily on the transacting parties' forum identities for authentication. I'm refering to those operations that are mostly PM and message based, without the benefit and support of an external website that has a login. Under these circumstances some forum logins could be as valuable as bank logins to a potential thief.
Would it be feasible to add 2-factor authentication for forum logins? Optional, of course. I was thinking something along the lines of Google Authenticator or B-Y-O-Yubikey. If there were a demand for this it could be made available only to Donators and/or VIPs so the implementation costs could be recovered as more people would donate.
Does this make sense?
+1, I vote Google Authenticator. I agree provided it's optional. |
|
|
|
|
|
|
grue
Legendary
Offline
Activity: 2058
Merit: 1431
|
|
July 07, 2012, 01:44:46 AM |
|
+1. For large trades, gpg + otc is the de facto authentication system. It's secure, has no dependencies, and allows for signed messages. |
|
|
|
|
gabbynot
|
|
July 07, 2012, 02:29:25 AM |
|
Another +1 for Google Authenticator
|
|
|
|
|
theymos
Administrator
Legendary
Offline
Activity: 5166
Merit: 12864
|
|
July 07, 2012, 03:00:03 AM |
|
OpenID is a required feature for the new forum software. Then you'll be able to use an OpenID provider that supports two-factor authentication.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
|
NothinG
|
|
July 07, 2012, 03:14:54 AM |
|
OpenID is a required feature for the new forum software. Then you'll be able to use an OpenID provider that supports two-factor authentication.
Why not just pick something that gets updating often and move to that? vBulletin is what I would suggestion. Updates are pushed quickly, and many plugins with an active community. Price tag is a tad high, but you get what you pay for. Let's get away from SMF, PLEASE! |
|
|
|
rjk
Sr. Member
Offline
Activity: 448
Merit: 250
1ngldh
|
|
July 07, 2012, 05:48:44 AM |
|
OpenID is cool because I can use certificate authentication with a passphrase.
|
|
|
|
Soros Shorts (OP)
Donator
Legendary
Offline
Activity: 1616
Merit: 1003
|
|
July 07, 2012, 01:46:27 PM |
|
OpenID is a required feature for the new forum software. Then you'll be able to use an OpenID provider that supports two-factor authentication.
After reviewing the state of OpenID today, I would agree that it would be the most flexible solution. I didn't think of it first because for many years OpenID was touted primarily as a "single-signon" solution and not a "secure-signon" solution. With the wider selection of providers available today it looks like you can have both of these features. People who don't need or want a single identitity could still maintain multiple OpenIDs. Looking forward to the new forum software. |
|
|
|
|
|
