PNWDweller Posted February 24, 2014 Share Posted February 24, 2014 As we are all aware, a lot of major sites have been the subject of hacks, password leaks, exposure of information and the like. I would like to suggest the ability to add two-factor authentication such as Google's, or the Yubikey (They have a super easy API). I have a Yubikey which is quite awesome for this type of use, and of course have the Google Authenticator on my phone. Link to comment Share on other sites More sharing options...
riahc3 Posted February 24, 2014 Share Posted February 24, 2014 Hello, From what I remember this was asked back in the day (two step) but was said no. Don't quote me on that though :) Link to comment Share on other sites More sharing options...
+Warwagon MVC Posted February 24, 2014 MVC Share Posted February 24, 2014 Back in the day I used suggested Yubikey support now I would prefer Google authenticator. But to be honest, it's just a forum, use a unique password for this site (Example lulpI7rjlLD1) like you should be doing on every other site online and keep track of them with something like Lastpass or roboform and this becomes a non issue. The issue is when you use the same username / password everywhere and a Neowin hack gets them into your Amazon. snaphat (Myles Landwehr) 1 Share Link to comment Share on other sites More sharing options...
Steven P. Administrators Posted February 27, 2014 Administrators Share Posted February 27, 2014 Back in the day I used suggested Yubikey support now I would prefer Google authenticator. But to be honest, it's just a forum, use a unique password for this site (Example lulpI7rjlLD1) like you should be doing on every other site online and keep track of them with something like Lastpass or roboform and this becomes a non issue. The issue is when you use the same username / password everywhere and a Neowin hack gets them into your Amazon. This ^ You need to remember there's always cost involved with these lovely suggestions, we take security of user accounts seriously, and that's why we implemented SSL logins for all accounts. Link to comment Share on other sites More sharing options...
Hum Posted March 1, 2014 Share Posted March 1, 2014 Hell will freeze over before I give any website my phone number for 'security'. Link to comment Share on other sites More sharing options...
Carbon Fiber Posted March 1, 2014 Share Posted March 1, 2014 Authy provides a great API, http://docs.authy.com/ But I do understand it's quite expensive to implement compared to the possible damage caused by password theft. Link to comment Share on other sites More sharing options...
Seahorsepip Veteran Posted March 1, 2014 Veteran Share Posted March 1, 2014 Hmm one simple authentication form could be email authentication :p ->login with username and pass ->get email with some random generated password ->enter that password But yeah sites being hacked these days is just because people use way too easy passwords... Link to comment Share on other sites More sharing options...
PNWDweller Posted March 2, 2014 Author Share Posted March 2, 2014 This ^ You need to remember there's always cost involved with these lovely suggestions, we take security of user accounts seriously, and that's why we implemented SSL logins for all accounts. It costs to implement Google or Yubikey Authentication? AFAIK, it is just a few lines of code (at least for the Yubikey) to be put in the login box and they give that code to you for free. If your forum software would be charging for a plugin to do this, then yeah, I can see some cost associated with it. Or, if you are paying your developers to implement the code, then perhaps yes, but really it isn't a large amount of time. In Yubkey's Case the code is here: http://www.yubico.com/develop/open-source-software/web-api-clients/ Not 100% certain on Google's authenticator, but know it can be done as well. :) Link to comment Share on other sites More sharing options...
+Kyle Subscriber¹ Posted March 17, 2014 Subscriber¹ Share Posted March 17, 2014 I think this would be a good idea as a subscriber^2 perk personally. You aren't really putting too much personal data on here until you make a credit card payment, and MFA is mainly to protect personal data... ;) Link to comment Share on other sites More sharing options...
Raa Posted March 17, 2014 Share Posted March 17, 2014 Second the idea for Yubikey auth. If it's really that trivial to implement, i'd say go for it! But i'm not a coder, so... :P Link to comment Share on other sites More sharing options...
snaphat (Myles Landwehr) Member Posted March 17, 2014 Member Share Posted March 17, 2014 Second the idea for Yubikey auth. If it's really that trivial to implement, i'd say go for it! But i'm not a coder, so... :p "I'm going to go ahead and? say no." -- Office Space :rofl: Raa and Victor Rambo 2 Share Link to comment Share on other sites More sharing options...
Steven P. Administrators Posted March 17, 2014 Administrators Share Posted March 17, 2014 We don't have any credit card data, we use a payment gateway (to PayPal) and all of that credit card info is located there, never here, so there's no credit card data to save (or protect) ;) Victor Rambo and Haggis 2 Share Link to comment Share on other sites More sharing options...
Recommended Posts