[Suggestion] Multi-Factor Login

[PNWDweller]

As we are all aware, a lot of major sites have been the subject of hacks, password leaks, exposure of information and the like.

 

I would like to suggest the ability to add two-factor authentication such as Google's, or the  Yubikey (They have a super easy API).  I have a Yubikey which is quite awesome for this type of use, and of course have the Google Authenticator on my phone.

 

 

[riahc3]

Hello,

From what I remember this was asked back in the day (two step) but was said no. Don't quote me on that though :)

[+Warwagon MVC]

Back in the day I used suggested Yubikey support now I would prefer Google authenticator. But to be honest, it's just a forum, use a unique password for this site (Example lulpI7rjlLD1) like you should be doing on every other site online and keep track of them with something like Lastpass or roboform and this becomes a non issue.

 

The issue is when you use the same username / password everywhere and a Neowin hack gets them into your Amazon.

[Steven P. Administrators]

Back in the day I used suggested Yubikey support now I would prefer Google authenticator. But to be honest, it's just a forum, use a unique password for this site (Example lulpI7rjlLD1) like you should be doing on every other site online and keep track of them with something like Lastpass or roboform and this becomes a non issue.

 

The issue is when you use the same username / password everywhere and a Neowin hack gets them into your Amazon.

This ^

 

You need to remember there's always cost involved with these lovely suggestions, we take security of user accounts seriously, and that's why we implemented SSL logins for all accounts.

[Hum]

Hell will freeze over before I give any website my phone number for 'security'.

[Carbon Fiber]

Authy provides a great API, http://docs.authy.com/

 

But I do understand it's quite expensive to implement compared to the possible damage caused by password theft.

[Seahorsepip Veteran]

Hmm one simple authentication form could be email authentication :p

->login with username and pass

->get email with some random generated password

->enter that password

 

But yeah sites being hacked these days is just because people use way too easy passwords...

[PNWDweller]

This ^

 

You need to remember there's always cost involved with these lovely suggestions, we take security of user accounts seriously, and that's why we implemented SSL logins for all accounts.

It costs to implement Google or Yubikey Authentication?  AFAIK, it is just a few lines of code (at least for the Yubikey) to be put in the login box and they give that code to you for free.

 

If your forum software would be charging for a plugin to do this, then yeah, I can see some cost associated with it.  Or, if you are paying your developers to implement the code, then perhaps yes, but really it isn't a large amount of time.

 

In Yubkey's Case the code is here: http://www.yubico.com/develop/open-source-software/web-api-clients/

 

Not 100% certain on Google's authenticator, but know it can be done as well. :)

[+Kyle Subscriber¹]

I think this would be a good idea as a subscriber^2 perk personally. You aren't really putting too much personal data on here until you make a credit card payment, and MFA is mainly to protect personal data... ;)

[Raa]

Second the idea for Yubikey auth. If it's really that trivial to implement, i'd say go for it!

 

But i'm not a coder, so... :P

[snaphat (Myles Landwehr) Member]

Second the idea for Yubikey auth. If it's really that trivial to implement, i'd say go for it!

 

But i'm not a coder, so... :p

 

"I'm going to go ahead and? say no." -- Office Space  :rofl:

[Steven P. Administrators]

We don't have any credit card data, we use a payment gateway (to PayPal) and all of that credit card info is located there, never here, so there's no credit card data to save (or protect) ;)